Bernard et al, > >specific users is a secure activity, but our IT guys are now > saying that > >it doesn't necessarily protect our systems from worms or viruses that > >may already inhabit the trusted user's computers. > > That's correct, in that if there was a weakness in VNC it could be > exploited through the open port.
No, it isn't. They are talking about viruses/worms propagating, which is not possible via the RFB protocol. > VNC server there. To find that out they would need to sniff > all of the > network traffic to see what addresses were in use. If they > succeeded in > doing that they would also harvest the password. This is not true. The authentication scheme used by VNC Free Edition uses a challenge-response protocol to protect the password. Session data is not protected, however, unless you use VNC Personal or Enterprise Edition at both ends. Regards, Wez @ RealVNC Ltd. _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
