VNC is not a security risk.

I have heard about companies removing VNC from their corporate computers because of security risk. I feel like this is akin to removing your liver because you might get liver cancer. While it is possible that VNC could be used to do damage to your corporate network, it is only possible if you install it incorrectly. I hope to dispel the fear of having VNC installed, and to show you how to make it safe.

VNC is a necessary tool for our company to support our clients. It allows us to see your computer screen at the same time as you see it. We can use it for support, training and, with particularly tough support issues, we can bring in developer help - all of us sharing the same screen. Pictures, in this case, are worth way more than 1000 words.

VNC started out as an open source project from AT&T bell labs, and has since sprouted several flavors as different groups have "forked" the project. The big three right now are Real VNC, Tight VNC and UltraVNC. Of the three, I believe that UltraVNC has a couple of key features that really set it apart as the best choice: Integrated NT security, and File Transfers.

So, what are the security risks? Almost none, if you set it up right. The big security issue I have heard about is "The password is easy to break". Most VNC flavors only have a single password - not a user name / password combination. UltraVNC allows you to use Windows Security with user names and passwords instead of the simple password.

The big point here is: The difficulty of cracking passwords is moot.

You can only try to break a password if VNC Server is running on the client computer. VNC server can be installed two ways - "Application Mode" and "As a Service". We recommend installing VNC in "Application Mode". This means, the only time remote control can happen is when you actually run the VNC application. When you install it as a service, VNC is always running in the background - and is therefore susceptible to hacking. Also, since we ask you to use the "Add New Client" function in VNC server - we never need to know your password in the first place. So, when you do your install, VNC Server makes you choose a password the first time you run it. Choose a strong password. Crazy strong. No one needs to know it anyway. If you need to change it, you always can by resetting it from the VNC Server application.

So - Install VNC in "Application Mode" with a Crazy Strong password. Run it when you need support from us and close it when we are done helping you. The security risks are then reduced to almost zero.