Security Basics mailing list archives
Re: Re: VNC Security
From: nixuser23 () hotmail com
Date: 12 Aug 2005 02:05:28 -0000
I think you are missing the point. Yes, you've provided a user with valuable tech support in a timely fashion. Yes, you've installed a remote admin tool, used it appropriately, then disabled it. But, here's where you are missing the point. You haven't removed it. The user asks a friend to help out, the friend sees VNC and heard it's cool, starts the service to run automatically. Now it's live, all the time. Okay, so the desktop isn't available because the user has fast user switching enable, etc.. oh, but most users forget and log in as administrator because it's such a pain to have to log out and back in again to install those stupid microsoft patches that keep popping up. Guess what, live admin desktop now. That sucks. Okay, another scenario. The user is bright, but his 13 year old kid gets this joke from a friend, and is logged in as, guess what? The administrator, opens the joke, oh, it's a trojan, worm, the next best script, whatever. Finds windows firewall, disables it, finds a virus scanner, disables it, finds VNC, enables it and sends an email back to somewhere in mainland China. Surprise surprise, I'm sure we've never seen a worm that re-activates a service and disables virus scanning and firewalls before. End result is, you've provided excellent tech support, but you've left the user open to exploit in the future by not minimizing services and have left the user open to downstream liability. Don
Current thread:
- Re: Re: VNC Security nixuser23 (Aug 12)
- Re: VNC Security Ansgar -59cobalt- Wiechers (Aug 15)
- <Possible follow-ups>
- Re: VNC Security rebootd (Aug 16)
- Re: VNC Security Ansgar -59cobalt- Wiechers (Aug 23)