Re: Remote Desktop and Terminal Services



Thanks for response Roger.

Confirmed my thoughts and Agree Upgrade is in order.

Have looked inside both the DLL and ActiveX but nothing jumped (function
name) out as being obvious. .

What started this was during develop the head of IT asked for access to my
system. I granted one time access, called their website, responded yes to a
prompt and he was immediately on my system. The only way I could think he
gained access was using either Remote Desktop (to my knowledge not part of
Win98), Terminal Services (again I don't believe part of Win98),
NetMeeting (possible but I'm not familiar with its usage) or code within his
DLL.

Any ideas which and how I would locate (Registry entry, specific dll's, if
remote desktop, terminal services, or net meeting)?

David

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:usdJt8ipGHA.4932@xxxxxxxxxxxxxxxxxxxxxxx
"dw85745" <dw85745_NOT@xxxxxxxxxxxxx> wrote in message
news:ewFdyigpGHA.4188@xxxxxxxxxxxxxxxxxxxxxxx
I have two programs I've written.

Both programs maintain a link to independent vendor servers...

Program 1 uses a DLL supplied by the server vendor.
Program 2 uses an ActiveX supplied by the server vendor.

I still run Win98 (not SE) OS on the client machine which is accessing
the
servers.
.
QUESTION:

1) Since I am using a vendor supplied DLL and ActiveX have I given them
remote access to my system ?

Any time one runs code supplied by another one is placing trust
in the author of that code. If the code is allowed network access
then that trust includes trust that nothing is being done via that
network capability that is undisclosed. This is really not specific
to dll or control or for that matter even Windows vs non-Windows.


2) If so, is there a way to prevent them from doing file manipulation,
screen capture, and screen scraping -- and if so, how?

No. It is inherently not possible to prevent an unknown from happening.
Further, you are attempting to protect something that is not designed to
be protected/protectable (Windows 98)

3) How do I check my system for RemoteDesk TerminalServices or
NetMeeting
for Security purposes. So far a scan of the registry for "Remote",
Terminal" has not yielded a valid hit?

Similar to question 2. To find something you need to know for what
you are looking, and how to look for that under any possible disguise
that might be used.

If you are really worried, the best thing you could do would be to
move to use of a support operating system that does have a security
model within its design/implementation. For example, with XP the
code you run that uses that vendor supplied code could be run
within a specially defined limited user account, audit accesses made
to parts of the system by that account, study the job/process thread
tree of the code as it runs, monitor the network activity while that code
runs for communications with "other" IPs than the intended server(s)
etc. Some of that you could do on Win 9x, some you could not.




.



Relevant Pages

  • Re: Remote Desktop and Terminal Services
    ... Have looked inside both the DLL and ActiveX but nothing jumped (function ... remote desktop, terminal services, or net meeting)? ... Both programs maintain a link to independent vendor servers... ... to dll or control or for that matter even Windows vs non-Windows. ...
    (microsoft.public.security)
  • Re: Remote Desktop and Terminal Services
    ... Both programs maintain a link to independent vendor servers... ... Program 1 uses a DLL supplied by the server vendor. ... Program 2 uses an ActiveX supplied by the server vendor. ... network capability that is undisclosed. ...
    (microsoft.public.security)
  • Re: Remote Desktop and Terminal Services
    ... go to the directory where his DLL was located in order to verify the DLL ... To me this is TOTAL control!! ... on Win9x at least AFAIK. ... Both programs maintain a link to independent vendor servers... ...
    (microsoft.public.security)
  • Re: GEDOM as a database format
    ... In the Microsoft world, for instance, implementations of this object model ... database by simply loading the appropriate DLL provided for that database. ... But adding a third tier - database, API and presentation layer - to a self-contained app. ... However there is one sector where it makes a lot of sense and that's the software as service sector with the vendor is serving data via the API rather than just flogging code. ...
    (soc.genealogy.computing)
  • Re: Remote Desktop and Terminal Services
    ... go to the directory where his DLL was located in order to verify the DLL ... To me this is TOTAL control!! ... Both programs maintain a link to independent vendor servers... ... network capability that is undisclosed. ...
    (microsoft.public.security)