Ultra VNC born (again)?

[Richard Harris]

> This is meaningless... If I restrict file transfer on my network, this
> program can be running inside my network - because I have to close the
> ports to try to prevent any file transfers.  

Maybe I didn't make the point quite well enough. What I meant was so long as 
you can disable any enhancement at the client end with a reg key / push button 
- security isn't always comprimised. There is a risk with every patch or bit of 
software you load on the computer (be it running Windows, Linux, Mac OS, 
etc).

On UltraVNC there's an option to disable File Transfer..... so..... if users can't 
get at that function to enable it and the UltraVNC server isn't accepting file 
transfer requests - the risk is where?

The best thing about the numerous VNC clients is that you don't *have* to use 
any of them. If you don't what file transfer - don't use Ultra. If you want pure and 
simple VNC stick with Real. 

IMO there are more and greater security risks in unpatched Windows system 
than with VNC. I use Windows 99.9% of the time at work and home - it has 
some good points and some bad ones. No system is perfect, yet if you can 
disable features you don't want - you can reduce risk but never eliminate it.

At work I know that a really smart user could read the reg key with the VNC 
password and crack it. That would mean that many PCs could then be 
comprimised, but then I also know that you can bring a linux boot disk in and 
get complete admin rights on any NT/2000 workstation.

Thus endeth the lecture. :-D

Later,
Richard

---------------------------------
Richard Harris
Environment IT, NCC
Ext 4509
---------------------------------

"Service, price , quality: pick any two."