 
            David Simon Cooper wrote:
Hello folks,
I am promoting remote desktop access for support services to a couple of small companies I am working for. I can use the linux VNC client to connect to the XP machines and help them when they have problems, I tested it at home and it works great, I am setting up their on site firewall to use static real IP addresses from the ISP and to do the routing etc, I have this sorted. I am recommending the Free Edition of VNC (I will ensure the company makes a donation to the developers for each licence) because it is simple and fast. I have a few questions you may be able to answer:
a) Free edition - The password challenge response is encrypted using DES but all other traffic is not. I will not be sending any critical data over the link but how is the data represented? I am guessing it does not send the text that is visible on the screen on the remote system as plain text etc rather that it uses some kind of framing technology. If I am seeing all of the data on their screen I take it that their VNC server is not sending all of the data as is back to me.
b) Personal edition - I could buy them this version as it is only about £15 per licence and it does support full encryption but I am concerned about the speed (I am 120 miles away) and it does not have a Linux version which means I would either have to use an XP machine to provide support, I could instead buy the over-the-top enterprise edition or settle for the unencrypted Free Edition.
I have considered the security implications. To make things safer with the Free Edition I could just put an icon on their desktop and ask them to run the user mode app whenever they want me to connect, this would mean the server is only running when they want stuff fixed, they could close it when stuff is done, very safe. I would of course have the "ask for permission" option enabled on VNC for security reasons.
Do you folks have any views on this?
I've come to this thread somewhat late so I'll make the reply very brief. I use VNC in a similar situation, although I've not actually used it in anger over the internet yet. Personally I use TightVNC which has a number of optimisations and feature improvements (although I've not checked to see if any of the others match them - I wouldn't expect these things to stand still!). There are two key advantages of this version for me:
1. it comes straight out of the Debian sources 2. it has a built in parameter to tunnel over SSH
The first is a minor benefit, but the second saves a lot of hassle with security issues - particularly as each of my customers has a Linux server on site (needed for the SSH tunnel).