Re: Remote control

From: Steve Littleford (
Date: 06/17/02

Date: Mon, 17 Jun 2002 08:04:48 -0300
From: Steve Littleford <>
To: "Calhoun, Heath" <>

I like VNC, but it is a little slow and I don't like the cleartext
password in the registry. We also found that Windows NT machines won't
come out of screensaver under VNC. However, I also know that the code
is freely available and that these details will be addressed eventually.
  If they really bothered me, I'd fix them.

> We used to use VNC on some systems on our network, but found it to be to
> slow and very unsecure.

I find VNC to be plenty fast over a network. It is over a modem that
Remotely Possible shines. Just don't set VNC for full screen updates.

> we found a tool anyone can download to crack the vnc password.

Let me see... Brute force attack over a local LAN. Aren't there other
ways an attacker can brute force password attack a Windows box?
Granted, there is no username in VNC. But the console *can* be locked
underneath, too.

> go into the registery searching for vnc and guess what... There is the
> password in clear text.

I agree, password in plain text on the local machine is not secure.
Even if your registry is locked down, you might have copies of it somewhere.

> Guess you get what ya pay for...

Every tool has its uses. You want a full blown commercial remote
control, file copy, and chat program? Buy one (for every machine in
your school). If you need something that runs on anything, fits on a
floppy and doesn't require installation, or can be run slowly from a web
browser, then VNC is worth a lot (a lot of saved trips back to the
server room).

This guy wants to control his servers from the same location. I'd tell
him to buy Remotely Possible because file copy over VNC isn't
straightforward. It is also faster over a WAN connection. But, if cost
were an issue he could install VNC and an ssh daemon. Then putty and
iExplore to control the box. You can get a free ssh daemon in the
CygWin project. He could even tunnel your VNC over SSH as many have
already suggested.


Relevant Pages

  • Re: Remote control server query
    ... I have been using vnc to control my workstation where i work however ... change my vnc password as it is always stored into the registry. ... administrator will invariably result in trench warfare. ...
  • RE: unidentified DOS "bad traffic" -- SOLVED
    ... After running the Deloder's VNC server password through the VNC password ... the VNC password that was set by the Deloder worm, ... For a the list of VNC related registry keys and values, ...
    ... Remote Desktop relies on your network password, ... I have been using vnc to control my workstation where i work however ... change my vnc password as it is always stored into the registry. ...
  • Re: Win CE 4.2 problem
    ... After some debugging I saw that the key wasn't written to the registry ... calls to a Shell API and the shell isn't running when you make them, ... VNC exectuable with a small application that lauches VNC and my ... When I test this application it creates the link and after a warm reboot ...
  • Re: Remote control
    ... I don't believe VNC keeps the password clear text in the registry. ... Subject: Remote control ... You want a full blown commercial remote ...