User Securities Lapses Open pcAnywhere Hosts to Prying Eyes

Remote Access not a Remote Risk pcAnywhere, Symantec's remote access and file transfer software, puts plenty of power at the user's fingertips. And perhaps it puts a bit too much within the hacker's grasp. A lapse of attention, combined with a simple bit of software skullduggery, could give even an unskilled attacker total access to a targeted computer.? Not Your Father's Remote Control Remote access software products such as LapLink and pcAnywhere allow telecommuters and travelers to access data and applications on a "home base" computer as if they were sitting right there at the keyboard. Rather than establishing a traditional client-host connection (as between a web browser and web server), the pcAnywhere client--which Symantec calls a "Remote Control"--gains complete access to all the functions of

the host computer. System security, therefore, must be a primary concern. Every time you launch a pcAnywhere host, you are making it available to anybody who can find, or "call" it. When working with dialup or direct cable connections, the vulnerabilities of the system are relatively contained. But logged into a local area network, or tied in to the Internet, your computer is as open to attack as any web site. Symantec also makes it possible to search for active pcAnywhere hosts according to the host name, DNS name, IP address, or subnet address (across the range of address defined by the subnet). So anonymity by itself is no protection.