|
|
|
Forum Member
 
Group: Forum Members
Last Login: 2/15/2007 10:36:50 PM
Posts: 25,
Visits: 25
|
|
| I really like that VNC is wrapped up inside of an ActiveX control (although it would be cooler if it was a managed .NET assembly instead). Anyway, my fear is that once this activeX control is installed on a machine it could be used by any piece of software on the system to take control of the computer. We need some way to keep any arbitrary program from using it, like a software key or something (I'm not sure what the answer is). What if this control becomes popular? Imagine what would happen if spyware apps looked for the existence of the s-code vnc control and exploited it. or worse yet, copied a licensed version and distributed it with their own spyware?! There needs to be some sort of safeguard, but I have no idea what that should be.
|
|
|
|
|
Supreme Being
Group: Administrators
Last Login: 2 days ago @ 7:10:09 PM
Posts: 1,163,
Visits: 1,909
|
|
This is a good question and unfortunately I think there is no answer to it. Some serial number protection wouldn’t be much help; we all know that any software can be cracked and such protection could be easily worked around. And the case with the ActiveX is pretty much the same as with the native VNC binaries, they also can be used by a spyware, etc. The binaries are currently detected by Windows Defender as a possible thread, so I guess if ServerX would become popular he would have the similar fate. This might be a good thing, since if a spyware would try to install the ActiveX, a user will be notified about it.
Kindest Regards,
SmartCode Solutions Support
|
|
|
|
|
Forum Member
Group: Forum Members
Last Login: 2/15/2007 10:36:50 PM
Posts: 25,
Visits: 25
|
|
| I agree that there is no easy fix. I'm worried about incurring liability if a customer's machine gets hacked because we placed this on there. I wish I could compile it so that it would only connect to a list of hosts predefined in the binary. I understand a hacker could modify it, but that would require a high level sophistication and a simple script kiddie would'nt be able to pull it off.
|
|
|
|
|
Supreme Being
Group: Administrators
Last Login: 2 days ago @ 7:10:09 PM
Posts: 1,163,
Visits: 1,909
|
|
We could compile a version, which would accept connections from predefined IP's. But again this wouldn’t be bullet proof. Besides we would charge some small fee for such customization  What’s really can protect an old user is a firewall, if it’s configured properly than a customer should be safe.
Kindest Regards,
SmartCode Solutions Support
|
|
|
|