Re: Remote Desktop and Terminal Services

Thanks for response Roger.

Confirmed my thoughts and Agree Upgrade is in order.

Have looked inside both the DLL and ActiveX but nothing jumped (function
name) out as being obvious. .

What started this was during develop the head of IT asked for access to my
system. I granted one time access, called their website, responded yes to a
prompt and he was immediately on my system. The only way I could think he
gained access was using either Remote Desktop (to my knowledge not part of
Win98), Terminal Services (again I don't believe part of Win98),
NetMeeting (possible but I'm not familiar with its usage) or code within his

Any ideas which and how I would locate (Registry entry, specific dll's, if
remote desktop, terminal services, or net meeting)?


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
"dw85745" <dw85745_NOT@xxxxxxxxxxxxx> wrote in message
I have two programs I've written.

Both programs maintain a link to independent vendor servers...

Program 1 uses a DLL supplied by the server vendor.
Program 2 uses an ActiveX supplied by the server vendor.

I still run Win98 (not SE) OS on the client machine which is accessing

1) Since I am using a vendor supplied DLL and ActiveX have I given them
remote access to my system ?

Any time one runs code supplied by another one is placing trust
in the author of that code. If the code is allowed network access
then that trust includes trust that nothing is being done via that
network capability that is undisclosed. This is really not specific
to dll or control or for that matter even Windows vs non-Windows.

2) If so, is there a way to prevent them from doing file manipulation,
screen capture, and screen scraping -- and if so, how?

No. It is inherently not possible to prevent an unknown from happening.
Further, you are attempting to protect something that is not designed to
be protected/protectable (Windows 98)

3) How do I check my system for RemoteDesk TerminalServices or
for Security purposes. So far a scan of the registry for "Remote",
Terminal" has not yielded a valid hit?

Similar to question 2. To find something you need to know for what
you are looking, and how to look for that under any possible disguise
that might be used.

If you are really worried, the best thing you could do would be to
move to use of a support operating system that does have a security
model within its design/implementation. For example, with XP the
code you run that uses that vendor supplied code could be run
within a specially defined limited user account, audit accesses made
to parts of the system by that account, study the job/process thread
tree of the code as it runs, monitor the network activity while that code
runs for communications with "other" IPs than the intended server(s)
etc. Some of that you could do on Win 9x, some you could not.