Re: Remote Desktop and Terminal Services

Well, all I can say is that it is something installed on but not bundled
with Win9x. ?? PcAnywhere, Vnc, or ???

"dw85745" <dw85745_NOT@xxxxxxxxxxxxx> wrote in message
news:OKF1zrqpGHA.2400@xxxxxxxxxxxxxxxxxxxxxxx
not clear what you mean by "he was on my system"

He requested to watch me while I stepped through (run with breakpoints) my
program.
He then requested control and while I watched was able to use Explorer to
go to the directory where his DLL was located in order to verify the DLL
version/date.

To me this is TOTAL control!!

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:en3EE8opGHA.2292@xxxxxxxxxxxxxxxxxxxxxxx
Of the three remoting technologies you mention only NetMeeting works
on Win9x at least AFAIK. It is more likely that he leveraged a
capability
of the control or dll. It is not clear what you mean by "he was on my
system", as for example you could have been seeing results from remote
script execution thinking he had to have been logged in to effect that.
As far as where to look you would need to ask in a Win9x group, or
let someone else respond, as I have never used the DOS family OSs
from Microsoft.

"dw85745" <dw85745_NOT@xxxxxxxxxxxxx> wrote in message
news:%23uZiccnpGHA.4032@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for response Roger.

Confirmed my thoughts and Agree Upgrade is in order.

Have looked inside both the DLL and ActiveX but nothing jumped
(function
name) out as being obvious. .

What started this was during develop the head of IT asked for access to
my
system. I granted one time access, called their website, responded yes
to
a
prompt and he was immediately on my system. The only way I could think
he
gained access was using either Remote Desktop (to my knowledge not part
of
Win98), Terminal Services (again I don't believe part of Win98),
NetMeeting (possible but I'm not familiar with its usage) or code
within
his
DLL.

Any ideas which and how I would locate (Registry entry, specific dll's,
if
remote desktop, terminal services, or net meeting)?

David

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:usdJt8ipGHA.4932@xxxxxxxxxxxxxxxxxxxxxxx
"dw85745" <dw85745_NOT@xxxxxxxxxxxxx> wrote in message
news:ewFdyigpGHA.4188@xxxxxxxxxxxxxxxxxxxxxxx
I have two programs I've written.

Both programs maintain a link to independent vendor servers...

Program 1 uses a DLL supplied by the server vendor.
Program 2 uses an ActiveX supplied by the server vendor.

I still run Win98 (not SE) OS on the client machine which is
accessing
the
servers.
.
QUESTION:

1) Since I am using a vendor supplied DLL and ActiveX have I given
them
remote access to my system ?

Any time one runs code supplied by another one is placing trust
in the author of that code. If the code is allowed network access
then that trust includes trust that nothing is being done via that
network capability that is undisclosed. This is really not specific
to dll or control or for that matter even Windows vs non-Windows.


2) If so, is there a way to prevent them from doing file
manipulation,
screen capture, and screen scraping -- and if so, how?

No. It is inherently not possible to prevent an unknown from
happening.
Further, you are attempting to protect something that is not designed
to
be protected/protectable (Windows 98)

3) How do I check my system for RemoteDesk TerminalServices or
NetMeeting
for Security purposes. So far a scan of the registry for "Remote",
Terminal" has not yielded a valid hit?

Similar to question 2. To find something you need to know for what
you are looking, and how to look for that under any possible disguise
that might be used.

If you are really worried, the best thing you could do would be to
move to use of a support operating system that does have a security
model within its design/implementation. For example, with XP the
code you run that uses that vendor supplied code could be run
within a specially defined limited user account, audit accesses made
to parts of the system by that account, study the job/process thread
tree of the code as it runs, monitor the network activity while that
code
runs for communications with "other" IPs than the intended server(s)
etc. Some of that you could do on Win 9x, some you could not.










.

Relevant Pages

  • Re: Remote Desktop and Terminal Services
    ... Have looked inside both the DLL and ActiveX but nothing jumped (function ... remote desktop, terminal services, or net meeting)? ... Both programs maintain a link to independent vendor servers... ... to dll or control or for that matter even Windows vs non-Windows. ...
    (microsoft.public.security)
  • Re: Remote Desktop and Terminal Services
    ... with Win9x. ... Familiar with PcAnywhere but NOT installed my machine. ... That's why I thing it must be part of his DLL. ... Both programs maintain a link to independent vendor servers... ...
    (microsoft.public.security)
  • Re: Remote Desktop and Terminal Services
    ... go to the directory where his DLL was located in order to verify the DLL ... To me this is TOTAL control!! ... Both programs maintain a link to independent vendor servers... ... network capability that is undisclosed. ...
    (microsoft.public.security)
  • Re: HELP - how to reference 2 different versions of the SAME DLL in a VS.NET 2005 Windows App pr
    ... Each of the controls requires adding a reference to a base class ... DLL called ... Control #2 appear to demand only version 1.00.2848.5685 of this ... have you contacted the vendor on this? ...
    (microsoft.public.dotnet.languages.vb)
  • Re: MORE Lyle Blake Info......
    ... control that will do what you want to do... ... Why not take all your best stuff, gather it into a DLL and produce your own ... core functionality for Windows? ... >Of course the Parent App will almost certainly not be one of my own ...
    (comp.lang.pascal.delphi.misc)