Re: Re: VNC Security

[nixuser23 () hotmail com]

I think you are missing the point.

Yes, you've provided a user with valuable tech support in a timely fashion.

Yes, you've installed a remote admin tool, used it appropriately, then disabled it.

But, here's where you are missing the point. You haven't removed it.

The user asks a friend to help out, the friend sees VNC and heard it's cool, starts the service to run automatically. 
Now it's live, all the time.

Okay, so the desktop isn't available because the user has fast user switching enable, etc.. oh, but most users forget 
and log in as administrator because it's such a pain to have to log out and back in again to install those stupid 
microsoft patches that keep popping up.

Guess what, live admin desktop now. That sucks.

Okay, another scenario. The user is bright, but his 13 year old kid gets this joke from a friend, and is logged in as, 
guess what? The administrator, opens the joke, oh, it's a trojan, worm, the next best script, whatever. Finds windows 
firewall, disables it, finds a virus scanner, disables it, finds VNC, enables it and sends an email back to somewhere 
in mainland China.

Surprise surprise, I'm sure we've never seen a worm that re-activates a service and disables virus scanning and 
firewalls before.

End result is, you've provided excellent tech support, but you've left the user open to exploit in the future by not 
minimizing services and have left the user open to downstream liability.

Don