Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Real-VNC  Security Issues & General Info

Posted on 2003-10-28
Medium Priority
Last Modified: 2010-03-19
I am thinking of using RealVNC to remotely access computers.  However, what are the experts opinions regarding its security, is its use going to make users more vulnerable.

Also, what is the programs reliability like?

And finally, do hardware / software firewalls have to be configured for the use of RealVNC (and programs alike).


(I will split points between the best responses).
Question by:semmes
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 31

Accepted Solution

qwaletee earned 300 total points
ID: 9638317
First, I woud probably use TightVNC instead of realVNC.  It tends to perform better, while still beig compatible and OS.


RealVNC "out of the box" supports only a very basic authentication mechanism, a password, which is only hashed.  You can use it in conjunction with SSH for better security.

here are variant versions available that supoprt use of MS Windows authentication.


It tends to have some problems with screen painting, requiring you to request a full screen refresh manually to correct. It occassionally has problems with full page scrolling, also requireing manual refresh.  if you are trying to access a fast-switch XP box, forget it.  Multiple simultaneous logins will blow its mind.

Firewalls have to be configued to let the correct ports through; usually, 5900 is sufficient ina default setup.  As with any port listener, your software firewall will haveto be set to recognize teh VNC daemon as a legitimate object.

Unix server version does not give you access to teh current screen.  It has its own x-windows space.


No file transfer built in.

Certain keysroke combinaions difficult or impossible

Cannot trap system keystrokes

Screen scaling is terrible.
LVL 35

Assisted Solution

ShineOn earned 100 total points
ID: 9638544
I agree with qwaletee about tightvnc vs realvnc.

My overview of remote-control:

Regardless of how you go, almost any remote-control software is a vulnerability added to your system.  The questions you need to answer, and weight according to the relative importance to your organization, are

1)  Cost  - What is my exposure, dollars and cents, to get this working out of the box?

2)  Performance - How fast will this respond?  What kind of overhead will this add to my network?  How efficiently does it use the bandwidth I have available?

3)  Security - What methods can be used to secure remote-control?  Are there any known vulnerabilities or exploits?  Are there ways to avoid those vulnerabilities or exploits?

Only you can decide the cost/benefit of any solution in this area.  For my dollars, the price/performance of any VNC solution beats any commercial product.  If you want double-blind multiply-secured and encrypted remote control, you can pay for the GoToMyPC service, which is actually a tad better response-wise than VNC, but will have ongoing costs for the service.

There are specific firewall ports that VNC uses (I will not go into that here) but it is easier to use VNC over a firewall or through a VPN than many other remote-control packages.

If you need firewall transparency, high security and features like file transfer and remote reboot, you're better off paying for GoToMyPC, in my opinion.
LVL 35

Expert Comment

ID: 9638569
Oh, also, GoToMyPC has remote print capability that is much easier to configure and use that that provided by pcAnywhere.   VNC doesn't do remote printing, AFAIK.
Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?


Assisted Solution

cwp earned 100 total points
ID: 9644956
Most *VNC don't support file transfers, but TightVNC is developing one (although most of it is in the CVS), and UltraVNC has a limited working solution (limited that there's no deleting remotely or resuming yet).

It has the ability to use some plugins for encryption (but so far I haven't got any of them to work), and the MS Windows authentication sucks at the moment because I don't know how to get it to block incorrect/blank passwords. Falling back to the single password authentication is as secure as what qwaletee said.

As for the reliability of UltraVNC, it comes with a video hook driver that determines exactly which parts of the screen has changed so that the server can only send that particular part to the client. I haven't had any screen refresh problems with this setup, although the performance is very sluggish when accessing from the Internet. However, the developers claim that it feels like you're actually sitting at the computer's console with this driver.

The firewall port depends on what display number you're using and is always 5900 + display number. But like qwaletee said, the default setup is on 5900.
LVL 35

Expert Comment

ID: 9645037
VNC is very reliable, and I have used it to remote-support desktops over a VPN WAN.  Depending on whose version you choose, it has moderate-to-good security.  If you don't need file transfer or remote print, I would have no problems recommending any VNC.  Performance only suffers, from my experience, when the host PC has high-graphics set (16-bit color or higher) and is running some photographic-type wallpaper like WebShots.  

Man, that really p'd me off when users ran WebShots.  But that's another topic...

Expert Comment

ID: 9645276
Now that would really suck.

However, I think all of them have the ability to not send the wallpaper info to the client, although it depends on which flavour of VNC for the accessibility of that option (only registry editing for the original VNC, I can't remember what TightVNC has, and UltraVNC has a checkbox right with the properties in the server config dialog box).

> Man, that really p'd me off when users ran WebShots.
If you leave the wallpaper on and tell the client to switch to 256 colors, you can see it turn ugly right before your very eyes. Now go get some revenge on it! ;)

Featured Post

Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question