Posted by: Ken Harthun
Buffer Overflow, Remote management, Vulnerabilities
In a recent Q & A episode of the Security Now! podcast with Steve Gibson and Leo Laporte, a reader was concerned that doing remote desktop support on infected PCs from his computer could make him vulnerable to infection. As I always do, I immediately began thinking about how I would answer the question (my wife thinks I’m nuts because I’m always talking to myself while I listen to the podcast). In my experience with remote support programs, I’ve never had a problem with malware, so never considered the issue. However, I have to agree that Steve’s answer amounts to the safest way to do remote desktop support on infected PCs. Here’s an (edited) excerpt from Security Now!Episode 146:
STEVE: …In a perfect world, [remote desktop support] would be completely safe because…
LEO: You’re not really running anything on your system. It’s a window into their system; right?
STEVE: Exactly. Essentially you’re seeing their video, and you are taking over their mouse and keyboard. So it’s purely a remote I/O sort of deal. But we know it’s not a perfect world… So if…there were a vulnerability in whatever remote communications software you were using, and malware knew about that, it would be…possible for the malware to detect that you had connected using VNC, GoToMyPC, Remote Desktop…and exploit a known problem in order to cause a buffer overrun at your end of the connection.
LEO: So anytime you’re having a conversation with another computer, there’s always that potential no matter what protocols you’re using.
STEVE: Yes. So what I would do if I were a person who was going to be sort of habitually connecting to probably infected remote machines…you’d want to do that in a VM [virtual machine] at your end.
I’ve often recommended using virtual machines for surfing the web. My post, “Two Ways to Operate Securely on the Web,” is a good example. Extend that security maxim to remote connections of all kinds and you’ll be even safer.