My interest lies in stopping /preventing rather than doing.

-------------------------------------------------------

It is fairly easy to screen scrap a public web page.

My question relates NOT to a web page, but to a client program that is
logged into a server using server provided dlls which reside on the client
and establish the link and data transport between the client and the server.

Question:

Can the server operator either through XP or the dlls:

1) screen scrape the client
2) display the client screen as a window on the server terminal
3) remotely manipulate the client in anyway.

If the answer to the above is yes:

1) What if anything can be done in WinXP-Pro to stop or prevent it, an if
so, how?
2) Any specific link or reference would be appreciated as internet
searching has only yielded commercial programs to install which will allow
remote which is what I want to prevent.
manipulation.

Remote Desktop
Get started using Remote Desktop with Windows XP Professional:
http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx

How to disable Remote Desktop by using Group Policy
http://support.microsoft.com/kb/306300

As to the client app you would need to know what ports
the client/server use AND if any of the application layer
DLLs on the client have this capability.

You could monitor the ports for activity but I'm not sure
how much good this will do.

--
JS
http://www.pagestart.com



"David" > wrote in message
...
> My interest lies in stopping /preventing rather than doing.
>
> -------------------------------------------------------
>
> It is fairly easy to screen scrap a public web page.
>
> My question relates NOT to a web page, but to a client program that is
> logged into a server using server provided dlls which reside on the
> client and establish the link and data transport between the client and
> the server.
>
> Question:
>
> Can the server operator either through XP or the dlls:
>
> 1) screen scrape the client
> 2) display the client screen as a window on the server terminal
> 3) remotely manipulate the client in anyway.
>
> If the answer to the above is yes:
>
> 1) What if anything can be done in WinXP-Pro to stop or prevent it, an if
> so, how?
> 2) Any specific link or reference would be appreciated as internet
> searching has only yielded commercial programs to install which will allow
> remote which is what I want to prevent.
> manipulation.
>

If I follow you correctly, you are concerned about installed software
monitoring other processes or windows on the computer and 'phoning home'
information?

If so, the risks can be mitigated to some extent by running as a limited
user instead of an Administrator, but the bottom line is that if you don't
trust the software author, don't install it onto any valued platform.

Open source software is obviously preferable in this respect, if the coder
is prepared to reveal what the package contains, then it is far less likely
to contain anything unethical or skulduggerous.

One workaround (which I use a lot as a software-evaluator) is to install any
questionable software into a virtual machine. Most VMs have a facility to
roll the machine back after testing is complete, and this is much safer (and
quicker) than just uninstalling. The other advantage is that it would be very
hard for software runnign in the VM to access anything outside of that
'sandbox' unless I specifically allow it to.

Leading brands are Microsoft Virtual PC, VMWare and VirtualBox. The MS
offering is not all that fast, but it's the slimmest and simplest to use of
the three.

"David" wrote:

> My interest lies in stopping /preventing rather than doing.
>
> -------------------------------------------------------
>
> It is fairly easy to screen scrap a public web page.
>
> My question relates NOT to a web page, but to a client program that is
> logged into a server using server provided dlls which reside on the client
> and establish the link and data transport between the client and the server.
>
> Question:
>
> Can the server operator either through XP or the dlls:
>
> 1) screen scrape the client
> 2) display the client screen as a window on the server terminal
> 3) remotely manipulate the client in anyway.
>
> If the answer to the above is yes:
>
> 1) What if anything can be done in WinXP-Pro to stop or prevent it, an if
> so, how?
> 2) Any specific link or reference would be appreciated as internet
> searching has only yielded commercial programs to install which will allow
> remote which is what I want to prevent.
> manipulation.
>
>
>

Thanks JS and Anteaus:

Since new to this subject, still climbing the learning curve so my questions
may not be as pointed as they should be.

The biggest issue I see, is what is contained within the dll. In other
works if I shut off all remote access using XP (Group Policy), since a hard
connection is established between the dll (on the client) and the server,
is there anyway (without reverse engineering the dll) to keep the server
from coming back down onto the client and doing whatever?

Setting a separate user account may help, but since the dll would normally
reside in windows system directory, then a separate user account would seem
to be for naught?

"Anteaus" > wrote in message
...
>
> If I follow you correctly, you are concerned about installed software
> monitoring other processes or windows on the computer and 'phoning home'
> information?
>
> If so, the risks can be mitigated to some extent by running as a limited
> user instead of an Administrator, but the bottom line is that if you don't
> trust the software author, don't install it onto any valued platform.
>
> Open source software is obviously preferable in this respect, if the coder
> is prepared to reveal what the package contains, then it is far less
> likely
> to contain anything unethical or skulduggerous.
>
> One workaround (which I use a lot as a software-evaluator) is to install
> any
> questionable software into a virtual machine. Most VMs have a facility to
> roll the machine back after testing is complete, and this is much safer
> (and
> quicker) than just uninstalling. The other advantage is that it would be
> very
> hard for software runnign in the VM to access anything outside of that
> 'sandbox' unless I specifically allow it to.
>
> Leading brands are Microsoft Virtual PC, VMWare and VirtualBox. The MS
> offering is not all that fast, but it's the slimmest and simplest to use
> of
> the three.
>
> "David" wrote:
>
>> My interest lies in stopping /preventing rather than doing.
>>
>> -------------------------------------------------------
>>
>> It is fairly easy to screen scrap a public web page.
>>
>> My question relates NOT to a web page, but to a client program that is
>> logged into a server using server provided dlls which reside on the
>> client
>> and establish the link and data transport between the client and the
>> server.
>>
>> Question:
>>
>> Can the server operator either through XP or the dlls:
>>
>> 1) screen scrape the client
>> 2) display the client screen as a window on the server terminal
>> 3) remotely manipulate the client in anyway.
>>
>> If the answer to the above is yes:
>>
>> 1) What if anything can be done in WinXP-Pro to stop or prevent it, an
>> if
>> so, how?
>> 2) Any specific link or reference would be appreciated as internet
>> searching has only yielded commercial programs to install which will
>> allow
>> remote which is what I want to prevent.
>> manipulation.
>>
>>
>>

Functionally a dll is no different from an .exe in terms of spying
capability. The priveleges it has will depend on those of the .exe that calls
its functions. If it's called by a system process there is little you can do
to restrict its activities; if launched under a standard useraccount then you
may be able to restrict its priveleges.

If I absolutely had to use this DLL, but didn't trust the author, then for
me it would either be the virtual machine route, or a spare computer.

The other option is to install software capable of monitoring TCP/IP port
connections, and observing if it does anything unexpected in terms of
connecting to outside sites or resources.

"David" wrote:

> Thanks JS and Anteaus:
>
> Since new to this subject, still climbing the learning curve so my questions
> may not be as pointed as they should be.
>
> The biggest issue I see, is what is contained within the dll. In other
> works if I shut off all remote access using XP (Group Policy), since a hard
> connection is established between the dll (on the client) and the server,
> is there anyway (without reverse engineering the dll) to keep the server
> from coming back down onto the client and doing whatever?
>
> Setting a separate user account may help, but since the dll would normally
> reside in windows system directory, then a separate user account would seem
> to be for naught?
>
> "Anteaus" > wrote in message
> ...
> >
> > If I follow you correctly, you are concerned about installed software
> > monitoring other processes or windows on the computer and 'phoning home'
> > information?
> >
> > If so, the risks can be mitigated to some extent by running as a limited
> > user instead of an Administrator, but the bottom line is that if you don't
> > trust the software author, don't install it onto any valued platform.
> >
> > Open source software is obviously preferable in this respect, if the coder
> > is prepared to reveal what the package contains, then it is far less
> > likely
> > to contain anything unethical or skulduggerous.
> >
> > One workaround (which I use a lot as a software-evaluator) is to install
> > any
> > questionable software into a virtual machine. Most VMs have a facility to
> > roll the machine back after testing is complete, and this is much safer
> > (and
> > quicker) than just uninstalling. The other advantage is that it would be
> > very
> > hard for software runnign in the VM to access anything outside of that
> > 'sandbox' unless I specifically allow it to.
> >
> > Leading brands are Microsoft Virtual PC, VMWare and VirtualBox. The MS
> > offering is not all that fast, but it's the slimmest and simplest to use
> > of
> > the three.
> >
> > "David" wrote:
> >
> >> My interest lies in stopping /preventing rather than doing.
> >>
> >> -------------------------------------------------------
> >>
> >> It is fairly easy to screen scrap a public web page.
> >>
> >> My question relates NOT to a web page, but to a client program that is
> >> logged into a server using server provided dlls which reside on the
> >> client
> >> and establish the link and data transport between the client and the
> >> server.
> >>
> >> Question:
> >>
> >> Can the server operator either through XP or the dlls:
> >>
> >> 1) screen scrape the client
> >> 2) display the client screen as a window on the server terminal
> >> 3) remotely manipulate the client in anyway.
> >>
> >> If the answer to the above is yes:
> >>
> >> 1) What if anything can be done in WinXP-Pro to stop or prevent it, an
> >> if
> >> so, how?
> >> 2) Any specific link or reference would be appreciated as internet
> >> searching has only yielded commercial programs to install which will
> >> allow
> >> remote which is what I want to prevent.
> >> manipulation.
> >>
> >>
> >>
>
>
>

Thanks Anteaus:

Doesnt' appear to be a code solution other than a packet monitor which is
clock tick sensitive.

Since everyone uses third party software that "trust" is the only option
to keep your own development proprietary.


"Anteaus" > wrote in message
...
>
> Functionally a dll is no different from an .exe in terms of spying
> capability. The priveleges it has will depend on those of the .exe that
> calls
> its functions. If it's called by a system process there is little you can
> do
> to restrict its activities; if launched under a standard useraccount then
> you
> may be able to restrict its priveleges.
>
> If I absolutely had to use this DLL, but didn't trust the author, then for
> me it would either be the virtual machine route, or a spare computer.
>
> The other option is to install software capable of monitoring TCP/IP port
> connections, and observing if it does anything unexpected in terms of
> connecting to outside sites or resources.
>
> "David" wrote:
>
>> Thanks JS and Anteaus:
>>
>> Since new to this subject, still climbing the learning curve so my
>> questions
>> may not be as pointed as they should be.
>>
>> The biggest issue I see, is what is contained within the dll. In other
>> works if I shut off all remote access using XP (Group Policy), since a
>> hard
>> connection is established between the dll (on the client) and the server,
>> is there anyway (without reverse engineering the dll) to keep the server
>> from coming back down onto the client and doing whatever?
>>
>> Setting a separate user account may help, but since the dll would
>> normally
>> reside in windows system directory, then a separate user account would
>> seem
>> to be for naught?
>>
>> "Anteaus" > wrote in message
>> ...
>> >
>> > If I follow you correctly, you are concerned about installed software
>> > monitoring other processes or windows on the computer and 'phoning
>> > home'
>> > information?
>> >
>> > If so, the risks can be mitigated to some extent by running as a
>> > limited
>> > user instead of an Administrator, but the bottom line is that if you
>> > don't
>> > trust the software author, don't install it onto any valued platform.
>> >
>> > Open source software is obviously preferable in this respect, if the
>> > coder
>> > is prepared to reveal what the package contains, then it is far less
>> > likely
>> > to contain anything unethical or skulduggerous.
>> >
>> > One workaround (which I use a lot as a software-evaluator) is to
>> > install
>> > any
>> > questionable software into a virtual machine. Most VMs have a facility
>> > to
>> > roll the machine back after testing is complete, and this is much safer
>> > (and
>> > quicker) than just uninstalling. The other advantage is that it would
>> > be
>> > very
>> > hard for software runnign in the VM to access anything outside of that
>> > 'sandbox' unless I specifically allow it to.
>> >
>> > Leading brands are Microsoft Virtual PC, VMWare and VirtualBox. The MS
>> > offering is not all that fast, but it's the slimmest and simplest to
>> > use
>> > of
>> > the three.
>> >
>> > "David" wrote:
>> >
>> >> My interest lies in stopping /preventing rather than doing.
>> >>
>> >> -------------------------------------------------------
>> >>
>> >> It is fairly easy to screen scrap a public web page.
>> >>
>> >> My question relates NOT to a web page, but to a client program that is
>> >> logged into a server using server provided dlls which reside on the
>> >> client
>> >> and establish the link and data transport between the client and the
>> >> server.
>> >>
>> >> Question:
>> >>
>> >> Can the server operator either through XP or the dlls:
>> >>
>> >> 1) screen scrape the client
>> >> 2) display the client screen as a window on the server terminal
>> >> 3) remotely manipulate the client in anyway.
>> >>
>> >> If the answer to the above is yes:
>> >>
>> >> 1) What if anything can be done in WinXP-Pro to stop or prevent it,
>> >> an
>> >> if
>> >> so, how?
>> >> 2) Any specific link or reference would be appreciated as internet
>> >> searching has only yielded commercial programs to install which will
>> >> allow
>> >> remote which is what I want to prevent.
>> >> manipulation.
>> >>
>> >>
>> >>
>>
>>
>>

If you must make identical posts to multiple newsgroups, please cross-post
one (1) message to all of them. Thank you.

Multiposting vs Crossposting:
http://www.blakjak.demon.co.uk/mul_crss.htm

David wrote:
> My interest lies in stopping /preventing rather than doing.
>
> -------------------------------------------------------
>
> It is fairly easy to screen scrap a public web page.
>
> My question relates NOT to a web page, but to a client program that is
> logged into a server using server provided dlls which reside on the
> client
> and establish the link and data transport between the client and the
> server.
>
> Question:
>
> Can the server operator either through XP or the dlls:
>
> 1) screen scrape the client
> 2) display the client screen as a window on the server terminal
> 3) remotely manipulate the client in anyway.
>
> If the answer to the above is yes:
>
> 1) What if anything can be done in WinXP-Pro to stop or prevent it, an if
> so, how?
> 2) Any specific link or reference would be appreciated as internet
> searching has only yielded commercial programs to install which will allow
> remote which is what I want to prevent.
> manipulation.