 |
||
| Home | Forums | Article Search | Subscribe & Shop | Contact Us | Log Out |
| Remote Access |
 Email This
 Print ThisView My Personal Library |
|
Loading Zone August 2003 • Vol.3 Issue 8 Page(s) 68-71 in print issue |
|
|
Remote Access Your Crystal Ball Into Other Systems |
|
Most hackers want superpowers. A pretty good one is the ability to see and control things from afar—the power to twiddle your fingers and have things happen miles away. We can't levitate objects with our minds (yet), but we can control computers from afar. Remote-control software is even more useful than it is fun: It'll let a teleworker tap into her office PC from a hotel in Amsterdam, it frees a help desk operative from having to explain where the Start menu is, and it means network admins don't have to rush groggily into the office when a server goes on the fritz at 3 a.m. I looked at seven remote-control packages and found each to be pretty good. Each one is perfect for a different user: Let's call them Mr. Cheap, Ms. Simple, The Boss, Steve, Trinity, Mr. Big, and Bill. In general, remote-control packages lean toward either the teleworker or the administrator. VNC, GoToMyPC, Timbuktu, and Windows XP Remote Desktop focus on the telework aspect, with simple interfaces but no way to dig into the guts of a target system. pcAnywhere, RemotelyAnywhere, and NetOp provide more robust management features, but also more complex interfaces or installation processes. I tested using a Compaq PC with a 1.3GHz Celeron as a host and a Compaq Tablet PC as a guest, sometimes throwing an Apple iMac with an 800MHz G4 into the mix as well. I tried each package over an 802.11b wireless LAN connection using a 40Kbps dial-up link to the LAN.
 3 AM Labs RemotelyAnywhere 5.0 (Beta) Trinity is an IT administrator and tech support guru. Regularly called upon to rescue flailing users and revive choking servers, she wants to know everything about her target system. She wants diagnostic tools that aren't available on the target machines. She uses 3 AM Labs' RemotelyAnywhere, the king of administrative diagnostics. RA has an odd and elegant approach to remote control: It sets up a Web server on port 2000 of a host machine. All administration is done through a Web browser and Java applets. The applets only run on Windows machines, but this makes for a cheerfully installation-free guest user experience. The Web-centric system lets 3 AM use 128-bit SSL encryption as its security. This is no teleworker's screen-cloner. When you load RA, you immediately get a basic diagnostic of the host machine, including free memory, network configuration, and CPU load. Menu options reveal the host's open TCP ports, DLLs in use, PCI bus info, various performance monitors, and process lists. You can even change virtual memory settings and the priority levels of processes. Like to script? RA has a full scripting language and a robust scheduler. Prefer a command line? You can telnet securely into the host machine and run commands without the host user's knowledge. The system is even fast, and unlike most packages I tested, it gave a good try at showing video over a broadband connection. Over dial-up, its speed tied for second fastest with NetOp. Most of the administrative tools don't require opening up a full graphical remote-control panel, which is a godsend to groggy admins on dial-up connections. RA's one flaw is a lack of a true full-screen mode. Going full screen just brings up a very large window, so there may still be scrolling involved. You can change color depth and screen size on the fly, though. No other remote-control package comes close to RemotelyAnywhere in smarts. If your remote-access needs involve disabling drivers, rewriting the Registry, or other hard-core administrative tasks, you'll find RemotelyAnywhere will make a Trinity feel like Neo.
CrossTec NetOp Remote Control 7.5 Mr. Big runs a big business with a big help desk. He needs something that will scale. No matter the ease of use (the geeks can figure that out, right?), he wants to make sure that when his business is the size of Wal-Mart, his remote-access solution will keep chugging along. He should take a good look at CrossTec's NetOp. (I tested version 7.5; version 7.6 was announced at press time.) NetOp is built for huge enterprise installations. Adding to the normal host and guest functions, NetOp offers a name server, security server, and gateway server (to negotiate communication between different protocols and communicate between the name server and the outside world). Unlike other remote-access systems, NetOp also builds in a way to queue and answer several help desk requests at any given time. As you'd expect from a remote-administration tool, there's a decent scripting facility (though not as good or as complex as RemotelyAnywhere's scripting language) and the ability to record sessions for later review. An Inventory button brings up extremely detailed information about the host system, including pretty much everything you'd find in the Device Manager, plus lists of installed software and patches. In the File Transfer dialog box, a file's attributes show up as lowercase letters next to the file name. As big businesses often have legacy hardware, NetOp runs on Linux, OS/2, Solaris, DOS, Mac OS, and even Windows CE, as well as the full range of Windows OSes. (Mac support is new to version 7.6, so we couldn't test it.)
This power comes at a price: NetOp is tremendously difficult to use, starting at the install screen, where there's an Installer and Windows Installer that do the same thing. The manual is completely unreadable. The host and guest are separate applications. Though there's up to 256-bit AES encryption, it requires fiddling with some settings to get it to turn on. And you'll have to fiddle with those settings on several machines because unlike pc- Anywhere, there isn't a packager. This one is for a corporation with a strong staff of geeks. If you are up to a package that is very difficult to learn and master, NetOp brings powerful, scalable enterprise features to the remote-control world.
Expertcity GoToMyPC Personal 3.1 Ms. Simple wants an easy solution. She just wants to connect to her office PC from anywhere at any time without involving the office IT staff. Her choice is GoToMyPC Personal, a slick and simple pure telework solution. GTMPC is extremely easy to install and use. A simple installer sets up GTMPC as a system service on a host machine, and all guest access is done with an ActiveX or Java-based client downloaded through a Web browser. This installation-free client approach means GTMPC is the only remote-access system that will run at many Internet cafes and on other public machines. One bonus of the clientless approach is that the Java client is cross-platform, with limited functionality. I was able to control the WinXP host on a Mac, although I was booted down to 8-bit color and couldn't transfer the clipboard. The data stream is pretty bulletproof, protected by two levels of passwords and 128-bit AES encryption. Host security is enhanced by a lack of incoming connections. GTMPC holds no ports open and won't show up on port scanners, as it checks for requests by polling out to Expertcity every 15 seconds or so. The lack of incoming connections also means GTMPC works through many corporate firewalls, even automatically coping with NAT, which will cause teleworkers to cheer and IT managers to cringe. I got GTMPC running outbound through the firewalls at two major media companies. The personal version of GTMPC does not offer management or logging functions, but there's a corporate version with more options. Multiple simultaneous logins are also out of the question. It does, however, allow remote printing, clipboard transfer, file transfers, and drawing on the screen of the host computer, though the drawings are overwritten by any screen refreshes. Speed-wise, GTMPC is thoroughly in the middle of this pack, taking longer than other programs to minimize windows but maximizing them more quickly, for some reason. Typing was considerably more responsive in full-screen mode than in windowed mode. For simple folks who just want to get some work done, GTMPC is the perfect solution. It works from anywhere, is highly secure, and doesn't overwhelm you with management functions. Just remember that Internet cafe PC might have a keystroke logger installed.
Microsoft Windows XP Remote Desktop Bill likes an integrated solution. So, from the goodness of his heart, he gave us Windows XP Remote Desktop. Built into Windows XP Professional, Remote Desktop is a basic remote-control application that lets you connect to a WinXP Pro host from any machine running Win95 or greater. If you have WinXP Pro already, no installation is necessary. I tried to install Pro on top of WinXP Home; it took five hours and hosed my hard drive. You can install the guest application from the WinXP Pro setup CD. As you might expect from a remote-access program written by the same guys who wrote the OS, RD's performance is sprightly. It was the fastest of all the packages I tested over dial-up (though it did take a few minutes to rev up). Although occasional exploits are announced, the system uses 128-bit encryption for solid security. You can view a remote PC in full-screen and windowed modes, you can transfer clipboards, address remote drives from your local machine, and print on local printers from remote applications. There are two features unique to RD. While the other remote solutions remain silent, RD makes a yeoman's try to stream audio over the remote connection. I even got a choppy, but comprehensible, MP3 over a 40Kbps dial-up connection—pretty impressive. RD can also log multiple users into the same headless terminal, showing each their own Desktop. The users can't interact and neither can remote users interact with local users; for that, you need to use Remote Assistance, another built-in WinXP feature. RD lacks the cross-platform nature and management tools of other remote-access packages, but hey, it's a built-in OS feature. Gauged on that measure, it's pretty cool.
Netopia Timbuktu Pro for Windows Steve has one priority: He has a bunch of PCs and a bunch of Macs, and they need to be able to control each other. He doesn't want to cope with the insecurity or sluggishness of VNC, so he's left with one option: Timbuktu. Timbuktu is a decent remote-control program, but more importantly, it's the only enterprise-class system with hosts for both Windows and Mac OS. With big icons and no confusing IT-administrator features, this is one of the easiest remote-control programs to use. Timbuktu makes it uncommonly easy to find machines to control. You can use Netopia's LDAP servers to search by owner or computer name or run your own enterprise LDAP databases, so it's a good thing that all connections are encrypted. Although Netopia doesn't give details on the strength of its encryption, it's sure to be better than VNC's utter lack of security. Timbuktu makes it easy to control machines and exchange files across platforms, and speed over a LAN is acceptable, but dial-up performance is slow and there are too many other missing features. There's no clipboard-transfer function, no right-button support when you're using a PC to control a Mac, and although Timbuktu offers both windowed and full-screen modes, there's no screen scaling like pcAnywhere offers. For PC users, Timbuktu is weak on remote-administration features. The Mac version is extensively AppleScriptable, but there's no scripting function on the PC side, and no way to hit the command line on remote machines. Logging is restricted to a basic access log. Timbuktu lacks the go-anywhere portability of GoToMyPC and the remote-administration power of Remotely- Anywhere. But presuming he works in a cross-platform environment and has high-speed Internet access, this is the program that will get Steve's jobs done. Symantec pcAnywhere 11 (Beta) The Boss wants the industry standard. He's got a company to run, and he just wants the most popular remote-control package, one that IT staff will likely know already. So he gets pcAnywhere, the 800-pound gorilla of the remote-access field. Even if you're familiar with pcAnywhere, version 11 will surprise you. Symantec has ramped up its support for remote administration and management, aiming squarely at the IT staffer instead of at the average teleworker. (I was running a beta, as PCA 11 hadn't hit shelves by press time.)
The packager is a unique feature and makes large-scale deployments a breeze. Administration tools include lists of system services, a Registry editor, a task manager, and an event log. But PCA still lacks some of the management tools on NetOp and RemotelyAnywhere, such as a command scheduler or a system profiler. And a big raspberry goes to Symantec for leaving encryption off by default. Although PCA now supports symmetric and public-key encryption, you have to enable it manually on both the host and guest ends. This is less of a vulnerability than it appears, though, as most deployments of PCA 11 will be through the packager tool, which can create custom copies of PCA with encryption on by default. Speed-wise, our PCA 11 beta was the slowest of the commercial packages when it came to typing responsiveness. For file transfers, it was slower than Remotely- Anywhere and NetOp, but considerably faster than GoToMyPC, and it was particularly pokey over dial-up. I'm hesitant to make a final pronouncement on speed, however, as my copy was still in beta. pcAnywhere is certainly the cuddliest of our management-focused solutions, and it's got the tech support and history to make any boss smile. But if you're looking for a solution to help your legion of hard-core geeks dig deep into their supported users' computers, one of the other management-focused products may be a better bet. TridiaVNC Mr. Cheap has one priority: price. He's an open-source hacker, wears a T-shirt that hasn't been washed in days, and wants to control his headless Linux box from his WinXP PC through a secure, wired Ethernet network. He uses the TridiaVNC flavor of VNC (Virtual Network Computing), a freeware remote-access program. TridiaVNC is as basic as remote access gets. You can view and control one computer from another and transfer text (but not graphics) via the system clipboard. There's a full-screen mode and several options to speed things up by changing the data compression. Installation and operation are insanely simple; a tiny host program offers two dialog boxes with various options, and a tiny viewer responds. VNC can serve multiple displays to multiple simultaneous users on multiple connections. I connected a WinXP PC to a Tablet PC and Mac seamlessly. VNC's speed won't win any records. There's a two- to three-second delay on Web page loads and a noticeable delay while typing, even over a high-speed connection. Opening and closing menus and typing text were particularly slow on a dial-up connection, though VNC was generally no slower than pcAnywhere. There are also a few bugs in the protocol. When the host machine has an hourglass pointer, the viewer still displays an arrow, the SHIFT key tends to stick a bit, and there's some trouble with using the cursor to select multiple words in Microsoft OneNote. But you get what you pay for. VNC has one major advantage, other than its price:It's insanely crossplatform. Servers and viewers for Windows, Linux, Solaris, various flavors of Unix, and Mac are mature and well-maintained, and there are viewers for everything from the Nokia 9000 series handheld communicator to BeOS. If you run a Frankensteinian lab of headless old computers, you need VNC; alternatively, you can be the toast of the next DEFCON by managing your Linux box from your Nokia 9290 handheld. That is, if you don't mind being 0wned. VNC offers no security—zero. Everything is clear- text. On Unix systems, you can solve this by tunneling VNC through SSH. For Windows, Tridia offers a $49 Pro version with SSL encryption, or you can just trust in your VPN. VNC is a fine remote-control solution for Mr. Cheap, who's geeky enough to set up his own security and just needs to access his personal PCs. But if you want remote-management features, file-transfer capabilities, or built-in encryption, you're going to have to look elsewhere.  by Sascha Segan
|
|
 |
| Home Copyright & Legal Information Privacy Policy Site Map Contact Us |
| Copyright © 2010 Sandhills Publishing Company U.S.A. All rights reserved. |