Help me connect Mac-at-home to Windows-at-work?
October 9, 2009 7:40 AM
What could happen to my mac if I connect remotely to my windows computer at work. Is there a viciously secure way of doing this?
I need to connect my home mac to my office's windows computer remotely. So far, this has stumped the tech guy so I've been using a small windows netbook and connecting via vpn. But opening files on the company network takes forever and we need a better solution.
He is currently working on a solution that allows me to connect to the small business server using my mac via the windows Remote Desktop Connection Client 1.0.3 for Mac.
This worries me because I don't want windows stuff touching my mac! But my worry is based on mere suspicious distrust of windows rather than any actual knowledge of how these things work.
Those of you who do know about these things: Will using this client application make my mac vulnerable to windows risks; and, if so, is there a better more secure solution? (or a better solution with the netbook?)
I need to connect my home mac to my office's windows computer remotely. So far, this has stumped the tech guy so I've been using a small windows netbook and connecting via vpn. But opening files on the company network takes forever and we need a better solution.
He is currently working on a solution that allows me to connect to the small business server using my mac via the windows Remote Desktop Connection Client 1.0.3 for Mac.
This worries me because I don't want windows stuff touching my mac! But my worry is based on mere suspicious distrust of windows rather than any actual knowledge of how these things work.
Those of you who do know about these things: Will using this client application make my mac vulnerable to windows risks; and, if so, is there a better more secure solution? (or a better solution with the netbook?)
RDC isn't going to turn your Mac into a windows machine. It's just a program, and a pretty good one. I use LogMeIn to go the other direction (from my Vista laptop out in the world back home to my Mac), and it's good but not great. You could use that instead of RDC, if your work admins will allow you to put the client on your work machine. I prefer RDC.
Tip: I use a Microsoft wireless keyboard and mouse on my Mac, without any of the keys reprogrammed (so I have to use the Command key on the Mac keyboard itself), and the Ctrl and Alt keys, etc pass through very nicely to all my RDC connections, slightly better than the native Mac keys do.
posted by Lyn Never at 7:53 AM on October 9, 2009
Tip: I use a Microsoft wireless keyboard and mouse on my Mac, without any of the keys reprogrammed (so I have to use the Command key on the Mac keyboard itself), and the Ctrl and Alt keys, etc pass through very nicely to all my RDC connections, slightly better than the native Mac keys do.
posted by Lyn Never at 7:53 AM on October 9, 2009
I agree 100% with rokusan and, in fact, make this kind of connection all the time. The only case in which you might be concerned is if your office machine is already compromised and the Remote Desktop service is replaced with a rogue service that specifically targets OS X clients.
It's exceedingly unlikely, and relies on terrible security in your office.
Also, you might want to use version 2 of the RDC app on the Mac, if you can. It's way better.
posted by uncleozzy at 7:54 AM on October 9, 2009
It's exceedingly unlikely, and relies on terrible security in your office.
Also, you might want to use version 2 of the RDC app on the Mac, if you can. It's way better.
posted by uncleozzy at 7:54 AM on October 9, 2009
I use RDC to connect my Mac to my work machine (Windows) and you can't just, for instance, drag a file from the Windows system to your Mac drive. If I need to work on something in the native Mac universe, I have to email it using Outlook (that is, from within the RDC-provided Windows connection) to my gmail, then downloading it.
Check to make sure your work will support the newer version of RDC. There's some randomness at my work such that we are strongly encouraged to use the older version rather than the newer, but I can't remember why.
On preview, yeah, I don't use the feature that odinsdream mentions - that's why I email things if I need them on in the Mac world rather than the Windows one.
posted by rtha at 8:11 AM on October 9, 2009
Check to make sure your work will support the newer version of RDC. There's some randomness at my work such that we are strongly encouraged to use the older version rather than the newer, but I can't remember why.
On preview, yeah, I don't use the feature that odinsdream mentions - that's why I email things if I need them on in the Mac world rather than the Windows one.
posted by rtha at 8:11 AM on October 9, 2009
Incidentally, there are other Remote Desktop clients available. I use CoRD because I think it feels a bit more like a Mac app than Microsoft's version.
posted by smackfu at 8:12 AM on October 9, 2009
posted by smackfu at 8:12 AM on October 9, 2009
Will using this client application make my mac vulnerable to windows risks; and, if so, is there a better more secure solution?
No. The way these type of clients work is that you connect to and are authenticated by the Windows machine, the Windows machine sends you screenshots of what is going on in the Windows machine, and your machine sends it input like keystrokes and mouse clicks. That's a bit of an oversimplification, but there's not a whole lot more going on.
So, with that in mind, let's look at the risks involved:
1. You're connecting to a remote machine and sending data back and forth. If the software you are using on your side has flaws in it, those flaws could possibly be exploited to do bad things. This is true for any kind of Internet software though, so if you're not afraid to IM with people who use Windows machines or do other common types of Internet communication on your Mac you shouldn't be afraid to use a remote desktop client. Make sure your client is up to date though, so you get any security updates if flaws have been found.
2. You're getting back screenshots of a Windows machine. Since screenshots aren't executable code, there's not much bad that can happen from that. See #1 as far as taking advantage of flaws in this process goes.
3. You're sending input like keystrokes and mouse-clicks to a Windows machine. Keystrokes can be things like passwords and other secret information, so if the Windows machine has some sort of keylogger on it that can capture remote desktop keystrokes you could be compromised. I would guess this is a pretty unlikely situation, but if you are worried about it, don't send any keystrokes that you wouldn't want a third-party to see.
4. The machine you are connecting to is a Windows machine. So if you download spyware to that machine, that machine will have spyware on it. It can't get to your Mac, but it's still a problem for the remote machine.
posted by burnmp3s at 8:13 AM on October 9, 2009
No. The way these type of clients work is that you connect to and are authenticated by the Windows machine, the Windows machine sends you screenshots of what is going on in the Windows machine, and your machine sends it input like keystrokes and mouse clicks. That's a bit of an oversimplification, but there's not a whole lot more going on.
So, with that in mind, let's look at the risks involved:
1. You're connecting to a remote machine and sending data back and forth. If the software you are using on your side has flaws in it, those flaws could possibly be exploited to do bad things. This is true for any kind of Internet software though, so if you're not afraid to IM with people who use Windows machines or do other common types of Internet communication on your Mac you shouldn't be afraid to use a remote desktop client. Make sure your client is up to date though, so you get any security updates if flaws have been found.
2. You're getting back screenshots of a Windows machine. Since screenshots aren't executable code, there's not much bad that can happen from that. See #1 as far as taking advantage of flaws in this process goes.
3. You're sending input like keystrokes and mouse-clicks to a Windows machine. Keystrokes can be things like passwords and other secret information, so if the Windows machine has some sort of keylogger on it that can capture remote desktop keystrokes you could be compromised. I would guess this is a pretty unlikely situation, but if you are worried about it, don't send any keystrokes that you wouldn't want a third-party to see.
4. The machine you are connecting to is a Windows machine. So if you download spyware to that machine, that machine will have spyware on it. It can't get to your Mac, but it's still a problem for the remote machine.
posted by burnmp3s at 8:13 AM on October 9, 2009
Thanks so much all, my mind is at ease!
posted by OlivesAndTurkishCoffee at 2:39 PM on October 9, 2009
posted by OlivesAndTurkishCoffee at 2:39 PM on October 9, 2009
This thread is closed to new comments.
Nothing can get out of the VLC-like Remote Connection window. Nothing is really using your Mac that way: you're just remote-controlling the Windows box at the other end.
Even if you somehow copied a Windows virus or spyware or whatever. to your Mac and tried to run/install it.. it wouldn't work on your Mac anyway, the same way normal Windows software can't run on your Mac.
The only very bizarro possible problems I can imagine: you copy a Windows Word or Excel file that has a very clever macro virus, then open that using the Mac version of Windows or Excel and it ends up infecting your other Word or Excel files at home.
Very very unlikely though, even then. You're fine.
posted by rokusan at 7:48 AM on October 9, 2009