Are UltraVNC and RealVNC Potentially Harmful?

If you’ve installed UltraVNC, RealVNC, or VNCScan lately, you were likely greeted with this scary window:


Microsoft has made great strides in security since the original release of Windows XP.  In later service packs, they turned the firewall on by default, built security measures into Internet Explorer, and disabled unneeded services.

More recently, Microsoft released their own consumer antivirus product named Security Essentials.  Being an Information Security professional, it’s hard for me to be upset with Microsoft throwing warnings like this when software that enables remote access to your computer is installed.

Being the software author of a program that is used legitimately by thousands of you across the globe to manage your business and school networks. this message is also quite frustrating!  It looks scary … and red; two things that we are conditioned as IT Professionals to squash like a cockroach. 

Is UltraVNC a threat to your network?

Like any remote management software, the answer lies in how you manage the software.  VNCScan is an excellent tool for this because it can be used to audit where VNC and RDP is enabled on your network and remove it if needed.  It also allows you to take control of misconfigured VNC installations by deploying a secured profile using encryption and Windows or Active Directory authentication.

The first time that you run VNCScan, create a managed group, then scan your networks IP range, you may be surprised to find rogue VNC installations on your network installed by end users.  Over time, the background scanner can discover other installations as they appear and even email you when they are found.

The bottom line is that VNC is a great network management tool that is relied upon by millions of IT professionals every day.  If you lose control of the tool, however, it can be a nightmare to secure.  VNCScan is your key to preventing that on your network.

It’s your network.  Take control of it with VNCScan!