http://www.symantec.com/business/support/index?page=content&id=DOC5442&locale=zh_TW
賽門鐵克在 2012 年 1 月,確認 pcAnywhere 原始程式碼遭到暴露,由駭客公開張貼。當時,賽門鐵克發布了一個修補程式來因應直接的漏洞。
此外,賽門鐵克也當下決定 pcAnywhere 安全性模型需要更新。
此更新既要針對傳統 pcAnywhere 產品又要針對 pcAnywhere Solution (是 Symantec Client Management Suite (CMS) 的一部分),確保 pcAnywhere 通訊的安全性。
由於安全更新,這個新版的 pcAnywhere 與舊版不相容,也不連線至較舊版本的 pcAnywhere。
賽門鐵克建議客戶安裝最新版的 pcAnywhere (12.5 SP4 或 Solution 12.6.7),並遵循一般安全性最佳實務準則。最新版的 pcAnywhere 包括所有先前的修補程式及更新的安全性模型。
如需升級指示,請參閱以下文章:
pcAnywhere 12.5 SP4 Release Notes (「pcAnywhere 12.5 SP4 版本說明」)
pcAnywhere 12.5 SP4 移除的功能
pcAnywhere 12.5 SP4 移除了過時的產品功能。此版的 pcAnywhere 不再提供下列功能。
- Symantec pcAnywhere Web Remote
- Symantec pcAnywhere Mobile
- Symantec pcAnywhere CrossPlatform
- Symantec pcAnywhere 閘道
- 被控端管理員
- Web 部署工具
- NetBIOS 和 SPX 連線類型和支援
- 支援除 Windows 適用的 pcAnywhere、NT 和 AD 以外的所有驗證類型
【完整的英文內容請參考下方資訊】
http://www.symantec.com/business/support/index?page=content&id=DOC5442&locale=en_US
Description
Introduction
In January 2012, Symantec confirmed that pcAnywhere source code was exposed by hackers who posted the code publicly. At that time, Symantec responded with a hot fix to address immediate vulnerabilities. In addition, Symantec determined that the pcAnywhere security model required an update. This update secures pcAnywhere communications for the traditional pcAnywhere product as well as the pcAnywhere Solution, which is part of the Symantec Client Management Suite (CMS).
As a result of the security updates, this new version of pcAnywhere is not backward-compatible with, and will not connect to, older versions of pcAnywhere.
Symantec recommends that customers install the latest version of pcAnywhere (12.5 SP4 or Solution 12.6.7) and follow general security best practices. The latest version of pcAnywhere includes all previous hot fixes and the updated security model.
For additional information visit go.symantec.com/sourcecode
pcAnywhere Access Server
Access Server is not supported by latest version of pcAnywhere. As a result of the source code being exposed, Symantec determined that Access Server is not secure for Internet-based remote control sessions. Since Access Server is not secure, the updated security model in the latest version of pcAnywhere does not allow communication with Access Server.
See the pcAnywhere Security Best Practices guide for risk scenarios and recommended security practices for using pcAnywhere and Access Server. In the absence of Access Server, Symantec recommends that you use VPN for Internet-based remote control sessions.
Upgrading to pcAnywhere 12.5 SP4
What should I do if my organization uses pcAnywhere?
Symantec recommends that customers install the latest version of pcAnywhere and follow general security best practices. The latest version of pcAnywhere includes all previous hot fixes and the updated security model.
For upgrade instructions, see the following article:
pcAnywhere 12.5 SP4 Release Notes
Features removed in pcAnywhere 12.5 SP4
In pcAnywhere 12.5 SP4 outdated product features were removed. The features listed below are no longer available in this version of pcAnywhere.
- Access Server
- Symantec pcAnywhere Web Remote
- Symantec pcAnywhere Mobile
- Symantec pcAnywhere CrossPlatform for Remote and Host
- Symantec pcAnywhere Gateway
- Host Assessment tool
- Host Administrator tool
- Package deployment tool
- Web deployment tool
- NetBIOS and SPX connection type support
- Support for all authentication types except pcAnywhere, NT, and AD for Windows/pcAnywhere and Apple Open Directory for Mac/pcAnywhere and Linux PAM for Linux
- Option for making passwords case sensitive on the Security Options tab of Host Properties dialog box
- Option to deplo y thin host if host is not present on pcAQuick Connect dialog box
- Encryption tab on pcAnywhere options dialog box