If an organization has concerns that pcAnywhere Solution can be used for eavesdropping or covert monitoring, what settings are recommended and what product behavior can mitigate these concerns?
pcAnywhere was not designed as a covert monitoring program, and with certain settings in place, there are clear indications when a remote user is attempting to initiate a remote control session and when a remote control session is running.
With pcAnywhere Solution, there is a setting in the host configuration policy named "Require user to approve connection". This option is enabled by default as of pcAnywhere Solution SP1 (build 12.5.415), continuing with SP2 (build 12.5.539). This option causes a dialog box to pop up on the host computer when a remote user attempts to initiate a remote control session. The dialog box allows the local user at the host computer to click "Yes" or "No" to allow the connection, and it has a timeout which ticks down from the value set within the host configuration policy.
There are some variations in the behavior of the pcAnywhere Windows host when the "Require user to approve connection" option is set, depending on the state of the computer and on the type of "caller" (StandardUser or SuperUser) that is defined by the pcAnywhere Solution administrators in the pcAnywhere policy. Refer to Knowledge Base article entitled "pcAnywhere behavior for StandardUser vs. SuperUser", referenced below, for a table which describes the difference in behavior between the two types of callers.
Due to changes in pcAnywhere Solution SP2, there was initially no way to force approval for all users when the managed host computer was in any given state. Even with a "StandardUser" as the caller, if the host computer was at the Ctrl+Alt+Del screen or it was locked, then the pcAnywhere connection attempt would eventually succeed after the timeout. This was the design because the caller must still specify Windows credentials in order to access the computer. In other words, if the host computer was at the Ctrl+Alt+Del screen then the remote user must logon, and if the computer is locked then the remote user must unlock the workstation in order to access it. Note that Symantec has since released an optional patch to address this behavior. If interested, please see the Knowledge Base article entitled "A user can establish a remote control session when the host computer is at the CTRL+ALT+DEL screen or is locked", which is also referenced below.
Following are some recommendations for product administrators who must address privacy concerns with respect to pcAnywhere Solution.
With the settings above in place, if there are still concerns over privacy then perhaps these concerns can be resolved by educating the the end-users. The pcAnywhere host service will place an icon in the system tray. The icon will indicate whether anyone is connected to their computer via pcAnywhere. When a remote control session is allowed after proper authentication, the host tray icon's appearance will change slightly, and it will display a balloon which states "Remote <computername> Connected" (where <computername> is the name of the computer from which an administrator is conducting the remote control session). When the remote control session ends, another pop-up balloon will display "Remote <computername> disconnected". In addition, logged-on users can hover the mouse over the icon to check the status of the host service. When idle, the pop-up balloon will state "Symantec pcAnywhere Waiting". However, if a pcAnywhere remote control session is active, hovering over the system tray icon with the mouse will display the Session duration, the User or group of the remote computer, and the name of the computer running the remote control session.