Re: Remote Desktop and Terminal Services

Of the three remoting technologies you mention only NetMeeting works
on Win9x at least AFAIK. It is more likely that he leveraged a capability
of the control or dll. It is not clear what you mean by "he was on my
system", as for example you could have been seeing results from remote
script execution thinking he had to have been logged in to effect that.
As far as where to look you would need to ask in a Win9x group, or
let someone else respond, as I have never used the DOS family OSs
from Microsoft.

"dw85745" <dw85745_NOT@xxxxxxxxxxxxx> wrote in message
news:%23uZiccnpGHA.4032@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for response Roger.

Confirmed my thoughts and Agree Upgrade is in order.

Have looked inside both the DLL and ActiveX but nothing jumped (function
name) out as being obvious. .

What started this was during develop the head of IT asked for access to my
system. I granted one time access, called their website, responded yes to
a
prompt and he was immediately on my system. The only way I could think he
gained access was using either Remote Desktop (to my knowledge not part of
Win98), Terminal Services (again I don't believe part of Win98),
NetMeeting (possible but I'm not familiar with its usage) or code within
his
DLL.

Any ideas which and how I would locate (Registry entry, specific dll's, if
remote desktop, terminal services, or net meeting)?

David

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:usdJt8ipGHA.4932@xxxxxxxxxxxxxxxxxxxxxxx
"dw85745" <dw85745_NOT@xxxxxxxxxxxxx> wrote in message
news:ewFdyigpGHA.4188@xxxxxxxxxxxxxxxxxxxxxxx
I have two programs I've written.

Both programs maintain a link to independent vendor servers...

Program 1 uses a DLL supplied by the server vendor.
Program 2 uses an ActiveX supplied by the server vendor.

I still run Win98 (not SE) OS on the client machine which is accessing
the
servers.
.
QUESTION:

1) Since I am using a vendor supplied DLL and ActiveX have I given
them
remote access to my system ?

Any time one runs code supplied by another one is placing trust
in the author of that code. If the code is allowed network access
then that trust includes trust that nothing is being done via that
network capability that is undisclosed. This is really not specific
to dll or control or for that matter even Windows vs non-Windows.


2) If so, is there a way to prevent them from doing file manipulation,
screen capture, and screen scraping -- and if so, how?

No. It is inherently not possible to prevent an unknown from happening.
Further, you are attempting to protect something that is not designed to
be protected/protectable (Windows 98)

3) How do I check my system for RemoteDesk TerminalServices or
NetMeeting
for Security purposes. So far a scan of the registry for "Remote",
Terminal" has not yielded a valid hit?

Similar to question 2. To find something you need to know for what
you are looking, and how to look for that under any possible disguise
that might be used.

If you are really worried, the best thing you could do would be to
move to use of a support operating system that does have a security
model within its design/implementation. For example, with XP the
code you run that uses that vendor supplied code could be run
within a specially defined limited user account, audit accesses made
to parts of the system by that account, study the job/process thread
tree of the code as it runs, monitor the network activity while that code
runs for communications with "other" IPs than the intended server(s)
etc. Some of that you could do on Win 9x, some you could not.






.

Relevant Pages

  • Re: Remote Desktop and Terminal Services
    ... go to the directory where his DLL was located in order to verify the DLL ... To me this is TOTAL control!! ... on Win9x at least AFAIK. ... Both programs maintain a link to independent vendor servers... ...
    (microsoft.public.security)
  • Re: Remote Desktop and Terminal Services
    ... go to the directory where his DLL was located in order to verify the DLL ... To me this is TOTAL control!! ... Both programs maintain a link to independent vendor servers... ... network capability that is undisclosed. ...
    (microsoft.public.security)
  • Re: HELP - how to reference 2 different versions of the SAME DLL in a VS.NET 2005 Windows App pr
    ... Each of the controls requires adding a reference to a base class ... DLL called ... Control #2 appear to demand only version 1.00.2848.5685 of this ... have you contacted the vendor on this? ...
    (microsoft.public.dotnet.languages.vb)
  • Re: GEDOM as a database format
    ... In the Microsoft world, for instance, implementations of this object model ... database by simply loading the appropriate DLL provided for that database. ... But adding a third tier - database, API and presentation layer - to a self-contained app. ... However there is one sector where it makes a lot of sense and that's the software as service sector with the vendor is serving data via the API rather than just flogging code. ...
    (soc.genealogy.computing)
  • Re: App Crash after READ MSCORRC.DLL
    ... > control and as such you might want to check with the vendor of the ... >> find resources in resource file. ... >> After Adding the Diretory und copying the DLL in der directory it makes ... >> So i Think it must be related with the DLL? ...
    (microsoft.public.dotnet.framework)