Re: screen scrape / remote manipulation

Thanks Anteaus:

Doesnt' appear to be a code solution other than a packet monitor which is
clock tick sensitive.

Since everyone uses third party software that "trust" is the only option
to keep your own development proprietary.


"Anteaus" <Anteaus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FFF844B6-A0AA-4CAA-AA9F-1323A508DDBB@xxxxxxxxxxxxxxxx

Functionally a dll is no different from an .exe in terms of spying
capability. The priveleges it has will depend on those of the .exe that
calls
its functions. If it's called by a system process there is little you can
do
to restrict its activities; if launched under a standard useraccount then
you
may be able to restrict its priveleges.

If I absolutely had to use this DLL, but didn't trust the author, then for
me it would either be the virtual machine route, or a spare computer.

The other option is to install software capable of monitoring TCP/IP port
connections, and observing if it does anything unexpected in terms of
connecting to outside sites or resources.

"David" wrote:

Thanks JS and Anteaus:

Since new to this subject, still climbing the learning curve so my
questions
may not be as pointed as they should be.

The biggest issue I see, is what is contained within the dll. In other
works if I shut off all remote access using XP (Group Policy), since a
hard
connection is established between the dll (on the client) and the server,
is there anyway (without reverse engineering the dll) to keep the server
from coming back down onto the client and doing whatever?

Setting a separate user account may help, but since the dll would
normally
reside in windows system directory, then a separate user account would
seem
to be for naught?

"Anteaus" <Anteaus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6155CC7C-864B-4D2A-8078-9AEE1C059A46@xxxxxxxxxxxxxxxx

If I follow you correctly, you are concerned about installed software
monitoring other processes or windows on the computer and 'phoning
home'
information?

If so, the risks can be mitigated to some extent by running as a
limited
user instead of an Administrator, but the bottom line is that if you
don't
trust the software author, don't install it onto any valued platform.

Open source software is obviously preferable in this respect, if the
coder
is prepared to reveal what the package contains, then it is far less
likely
to contain anything unethical or skulduggerous.

One workaround (which I use a lot as a software-evaluator) is to
install
any
questionable software into a virtual machine. Most VMs have a facility
to
roll the machine back after testing is complete, and this is much safer
(and
quicker) than just uninstalling. The other advantage is that it would
be
very
hard for software runnign in the VM to access anything outside of that
'sandbox' unless I specifically allow it to.

Leading brands are Microsoft Virtual PC, VMWare and VirtualBox. The MS
offering is not all that fast, but it's the slimmest and simplest to
use
of
the three.

"David" wrote:

My interest lies in stopping /preventing rather than doing.

-------------------------------------------------------

It is fairly easy to screen scrap a public web page.

My question relates NOT to a web page, but to a client program that is
logged into a server using server provided dlls which reside on the
client
and establish the link and data transport between the client and the
server.

Question:

Can the server operator either through XP or the dlls:

1) screen scrape the client
2) display the client screen as a window on the server terminal
3) remotely manipulate the client in anyway.

If the answer to the above is yes:

1) What if anything can be done in WinXP-Pro to stop or prevent it,
an
if
so, how?
2) Any specific link or reference would be appreciated as internet
searching has only yielded commercial programs to install which will
allow
remote which is what I want to prevent.
manipulation.








.

Relevant Pages

  • Re: Fax on Terminal Server from SBS2K3
    ... please make sure the Fax service is installed on the TS server. ... you can try the steps below to install Shared Fax Client: ... 248340 Installing and Using Programs in Windows 2000 Terminal Services ...
    (microsoft.public.windows.server.sbs)
  • RE: Fax monitor incoming + outgoing calls?
    ... The detail steps to install share fax client as follows: ... Start server management console, locate Client Computers node, click ... To the folder redirection GPO issue: ... How to stop Folder Redirection in Windows Server 2003 and in Windows 2000 ...
    (microsoft.public.windows.server.sbs)
  • RE: No Client or Server Desktop Access Through RWW SBS 2003 SP2
    ... The SBS server is running SP2. ... However I don't know if the client computers do. ... To successfully install SBS 2003 SP1, ...
    (microsoft.public.windows.server.sbs)
  • Re: Fax on Terminal Server from SBS2K3
    ... activity logging in the shared fax in the server box. ... Microsoft CSS Online Newsgroup Support ... Follow the wizard to install Shared ... you can try the steps below to install Shared Fax Client: ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 Fax Sharepoint Routing
    ... Business Server 2003 and click "Change/Remove", ... If the Fax Services component was original installed by using the SBS ... Install fro the Fax Server component. ... And then we should push the shared fax client application from server to ...
    (microsoft.public.windows.server.sbs)
Loading