Microsoft RDP has its share of problems
Microsoft RDP has opened the door for alternatives. The simple truth has sparked the rise of a number of open-source VNC (Virtual Network Computing) applications, which allow a user to remotely control another computer.
Regardless of which VNC solution you use, they all work pretty much the same way.
There's a "server component" which runs on the computer that shares its desktop. There is also a "client component" which runs on the computer that will access the share from a remote location.
It's cheap but open-source can bring its own issues
There are a few VNC applications on the market compatible with every OS in use today. In the VNC ecosystem, the "Big Four" are LibVNC, UltraVNC, Tight VNC, and TurboVNC. Recently, researchers at Kaspersky (recently dropped the Lab off their name and moved their data processing into Switzerland) audited these four on a quest to discover how secure they were. Their findings were disappointing, to say the least.
Overall, the researchers found a total of 37 serious flaws in the client and server portions of these four programs. 22 of them were found in UltraVNC, with another ten found in LibVNC, 4 in TightVNC, and one in TurboVNC, which looks to be the best of the bunch in terms of security.
Kaspersky Lab said this
"All of the bugs are linked to incorrect memory usage. Exploiting them leads only to malfunctions and denial of service - a relatively favorable outcome. In more serious cases, attackers can gain unauthorized access to information on the device or release malware into the victim's system."
Although only one flaw was found in TurboVNC, it's a serious one that would allow a determined attacker to remotely execute code on the server-side.
Our perspective
If there's a silver lining to the recent research it is the fact that Kaspersky notified the development teams of all four of the programs they audited. Also, all four have been patched and updated. If you use any of those, just make sure you're using the latest version and you can use them with confidence. Kudos to Kaspersky for their efforts, and to the developers to responding swiftly to the company's findings.
~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
The author
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.
Contact me if you would like me to speak at your association.
