Remote Destkop for Windows XP allow spy confidential data

[Guest]

Hi,
i think the remote desktop for windows xp have an concept error and don't
verify correctly if another user it's connected and can bypass restrictions
allowing see the actions of the remote user (permit spy) .

The escenario it's:

PC1 - PC with remote desktop enabled
PC2 - PC for connect to PC1
PC3 - PC to spy the actions of PC2 in PC1

One worker have in office PC1 with remote desktop enabled, in home connect
from PC2 to PC1 typing the user&password correctly, other user (PC3) connect
to PC1 with a remote administration tool (dameware for ex.) , when the user
of PC3 connect to PC1, the correct it's view "this computer it's locked" but
only can view a blank screen if don't have activity PC1, but if PC2 it's
connected by remote desktop to PC1, the PC3 can view all in PC1, can view how
works PC2, and move the mouse, use the keyboard, etc.

I think if anyone it's connected remotely by remote desktop, if other user
connect to this machine with an RAT must view the "computer locked" and no
the remote desktop too, it's possible the user that are connecting with RAT
are not the same are connected by remote desktop.

Best regards.

 

[Guest]

Dameware is not the responsibilioty of Microsoft, it's a third-party product,
and a hideously expensive one too, considering VNC costs 'nowt and does the
job.

If you want secure remote-access, use VNC along with an a packet-encryption
system such as SSH or Zebedee. A little more complex to set-up, but can be
done for zero outlay and as near to bulletproof as you can get.

 

[Guest]

I think your response saying "dameware is not the responsibility of
Microsoft" and "if you want secure remote-acces,use VNC" don't are a good
response.
Visit this link:
http://www.microsoft.com/windowsxp/using/mobility/getstarted/starteremote.mspx
and you can read this:
"In the Log On to Windows dialog box, type your user name, password, and
domain (if required), and then click OK. The Remote Desktop window will open
and you will see the desktop settings, files, and programs that are on your
office computer. Your office computer will remain locked. Nobody will be able
to work at your office computer without a password, nor will anyone see the
work you are doing on your office computer remotely."

If Microsoft it's saying nobody will be able to work at the computer nor
will anyone see the work, it's wrong, it's responsiblity of Microsoft show
the "locked computer" screen if anyone connect with any remote administration
tool (dameware, vnc, etc) , with windows 2000 work fine, but in XP not, can
spy the user, i tested with 3 PC, all win xp, all joined to domain.

Greetings

 

[Guest]

I think I see the issue here, The MS Remote Desktop allows you to work
remotely with the local screen still locked.

VNC doesn't work like that on Windows. With VNC, you'd see the locked screen
and have to unlock it to work, which unlocks the physical screen at the same
time. Never used Dameware but I imagine it works the same way. This is by
design, and isn't a fault, it's just a different policy as to how things
should work.

Interestingly, I say, 'VNC doesn't work like that on Windows' - but it IS
more-or-less the way it works on Linux. If you use VNC on KDE or Gnome, then
the local user doesn't see what you're doing at all, the remote session takes
place in a separate virtual desktop which the local user can't get at.

So again, MS are stating what their product does. Which need not necessarily
apply to other products.

From my point of view as a techsupport guy, the behaviour of VNC on Windows
is precisely what I want. It would be no use if I couldn't lead the remote
user through a set of actions.