Buffer Overflow

The Safest Way To Do Remote Desktop Support

In a recent Q & A episode of the Security Now! podcast with Steve Gibson and Leo Laporte, a reader was concerned that doing remote desktop support on infected PCs from his computer could make him vulnerable to infection. As I always do, I immediately began thinking about how I would answer the question (my wife thinks I’m nuts because I’m always talking to myself while I listen to the podcast).  In my experience with remote support programs, I’ve never had a problem with malware, so never considered the issue. However, I have to agree that Steve’s answer amounts to the safest way to do remote desktop support on infected PCs. Here’s an (edited) excerpt from Security Now!Episode 146:

STEVE: …In a perfect world, [remote desktop support] would be completely safe because…

LEO:  You’re not really running anything on your system.  It’s a window into their system; right?

STEVE:  Exactly.  Essentially you’re seeing their video, and you are taking over their mouse and keyboard.  So it’s purely a remote I/O sort of deal.  But we know it’s not a perfect world… So if…there were a vulnerability in whatever remote communications software you were using, and malware knew about that, it would be…possible for the malware to detect that you had connected using VNC, GoToMyPC, Remote Desktop…and exploit a known problem in order to cause a buffer overrun at your end of the connection.

LEO: So anytime you’re having a conversation with another computer, there’s always that potential no matter what protocols you’re using.

STEVE: Yes. So what I would do if I were a person who was going to be sort of habitually connecting to probably infected remote machines…you’d want to do that in a VM [virtual machine] at your end.

I’ve often recommended using virtual machines for surfing the web. My post, “Two Ways to Operate Securely on the Web,” is a good example. Extend that security maxim to remote connections of all kinds and you’ll be even safer.

Foxit Reader Security Vulnerability

Since I discovered Foxit Reader in early 2006, I’ve been recommending it to everyone. There’s no question it’s a best-of-breed tool for speed and simplicity. But recently, Secunia issued a bulletin advising of a security vulnerability in the program. According to that bulletin, Foxit Reader version 2.3 build 2825 is vulnerable to a remote code execution buffer overflow. attack on your system. The problem will be fixed in the upcoming build 2912.

I’m still using version 1.3.x which, apparently, is not vulnerable. So, if you’re using an older version of Foxit, you should be OK; however, just as soon as build 2912 is available, I’m going to upgrade just to be on the safe side. You should, too.