|
By jonm - Wednesday, November 15, 2006
|
|
I really like that VNC is wrapped up inside of an ActiveX control (although it would be cooler if it was a managed .NET assembly instead). Anyway, my fear is that once this activeX control is installed on a machine it could be used by any piece of software on the system to take control of the computer. We need some way to keep any arbitrary program from using it, like a software key or something (I'm not sure what the answer is). What if this control becomes popular? Imagine what would happen if spyware apps looked for the existence of the s-code vnc control and exploited it. or worse yet, copied a licensed version and distributed it with their own spyware?! There needs to be some sort of safeguard, but I have no idea what that should be.
|
|
By Yury Averkiev (s-code) - Thursday, November 16, 2006
|
|
This is a good question and unfortunately I think there is no answer to it. Some serial number protection wouldn’t be much help; we all know that any software can be cracked and such protection could be easily worked around. And the case with the ActiveX is pretty much the same as with the native VNC binaries, they also can be used by a spyware, etc. The binaries are currently detected by Windows Defender as a possible thread, so I guess if ServerX would become popular he would have the similar fate. This might be a good thing, since if a spyware would try to install the ActiveX, a user will be notified about it.
|
|
By jonm - Thursday, November 16, 2006
|
|
I agree that there is no easy fix. I'm worried about incurring liability if a customer's machine gets hacked because we placed this on there. I wish I could compile it so that it would only connect to a list of hosts predefined in the binary. I understand a hacker could modify it, but that would require a high level sophistication and a simple script kiddie would'nt be able to pull it off.
|
|
By Yury Averkiev (s-code) - Thursday, November 16, 2006
|
We could compile a version, which would accept connections from predefined IP's. But again this wouldn’t be bullet proof. Besides we would charge some small fee for such customization  What’s really can protect an old user is a firewall, if it’s configured properly than a customer should be safe.
|
|