Posted by: kurtsh | August 6, 2007

HOWTO: How to remotely support your parent’s/friend’s/small business’s PCs

This is reprint of a blog post I made back in Dec 2006 – it’s being reposted for the benefit of some new viewers, and besides, I put a lot of work into this article and wanted to do a rerun of the content.

My Mom has a 256MB Celeron-based PC with an 80GB drive and firewalled Windows XP SP2.  It’s behind a NAT-ted Router that connects to a PPPoE DSL connection, meaning the DSL IP address is always different – not unlike a cable Internet connection – and her PC is issued a 192.168.x.x address.   She had problems with it slowing down and a while ago, she even had spyware issues.  There is also a laptop PC (Dad’s) that has the same situation and it’s on the same network.

In the past, I’ve remotely controlled her PC but only after painfully walking her through the process of sending me a "Remote Assistance" invite.  (Incidentally, that was NOT a well thought out technology in Windows XP.  Who the @#$% ever thought computer-illiterate parents around the world would know how to "send Remote Assistance requests" to their offspring when their computer was having trouble?  Ridiculous.)  This was always done using Remote Desktop technology which is actually a very well optimized, high quality protocol however the facilities to connect to the remote workstation have been lacking at best.

So the question is: 

How does a person easily & quickly "remote control" their parent’s computer?

EXISTING REVIEWS?
I did some research and frankly, to my surprise, not a lot has written on this specific scenario.  Sure folks have written about "remote controlling" someone else’s over the Internet PC, but the assumptions made have always been that:

  • the person’s computer is a small business that can afford something relatively costly
  • the person’s PC isn’t NAT-ted (using a translated 192.168.x.x address)
  • the person’s PC is the ONLY PC to be managed behind the NAT
  • the end user is a customer, not a family member
  • the people putting the solution together didn’t mind installing, tweaking & configuring a ton of helper software

SOLUTIONS
I found a ridiculous array of tools and services and after culling through them and Windows Live search results, I’d examined several products:

My evaluation criteria was pretty simple.  It’s all the information above:  Assuming a broadband connection on both ends, I need basic high performance Windows-to-Windows remote control over multiple PCs behind a NAT using a DHCP assigned router and I need to be able to access the machine any time of the day without my parents involvement.

THE VERDICT
I’m not going to bore you with all my analysis.  After looking at all the products & services, it became readily obvious to me what solution works best for my parents:  There’s no question that LogMeIn Free wins hands down for this particular scenario, although it’s conceivable that GoToMyPC and maaaaaaaaaybe UltraVNC could be useful in other situations.

  1. NAT-SUPPORTED.  This is where most desktop-only software fails.  LogMeIn gets around the issue of having a NAT by registering itself with an online directory, and basically keeping a HTTP connection open all the time with the service, providing a "tunnel" to the DHCP-enabled router, through the NAT, and into the PC to be remote controlled.  This connection allows other PC’s to externally converse with the PC since a communicatins path has already been established between the service & the home PC.  No modifications need to be made to the router and nothing fancy needs to be installed on my PC.
    To be fair, UltraVNC does this exact thing however their facilities are entirely, "do-it-yourself".  If you’ve got the time and the will, you could actually set up a poor man’s version of this yourself through UltraVNC’s NAT-to-NAT Helper service.  But considering bullet #3 below… why bother?
  2. SECURE & CORPORATE-SUPPORTED.  This is where UltraVNC gets questionable.  LogMeIn Free software is proprietary, fully SSL-encrypted and supported by a corporation registered with the US government.  I’m not interested in using questionable freeware leveraging open source code written in some guy’s basement that might potentially expose my parents to privacy threats & intrusions.  I want a legally established company that stands behind their products and understands the legal consequences of their software’s integrity – or lack thereof.
  3. FREE.  And this is where GoToMyPC fails.  LogMeIn "Free" software & service is totally free.  The only thing you don’t get in the "free" version vs. the "Pro" version is direct PC-to-PC file transfer capabilities, and frankly, if you have Internet-based storage, it’s just as easy to transfer what you need between each PC through that resource.  Note that I’m not a leech:  I’m actually pleased enough with the software that I’m going to subscribe to it for my parent’s PC… at $49 a year, that’s worth having the pay-for product in my mind.  (Although, if I get some love from the Citrix folks and get a partner discount, I’ll probably switch over to GoToMyPC.com which is frankly a much more full-featured product with richer features than LogMeIn doesn’t have and it DOESN’T REQUIRE JAVA.  It is however the most expensive technology in this genera at $249/year.

HOW TO USE "LOGMEIN FREE"

1) Create an account:
https://secure.logmein.com/welcome/get_logmein_free/signup.asp
2) Download software & add a computer to your account:
https://secure.logmein.com/go.asp?page=products_free
(You can also download the installer separately here:  https://secure.logmein.com/logmein.msi)
3) Sign in from any computer to remote control the machine:
https://secure.logmein.com/go.asp?page=home
(Note that you need to have a JavaVM installed on the machine doing the controlling which sucks because Java’s slow relative to Native Win32 binaries, and besides, it’s one more thing that you need to keep patched.  This is one of the reasons I actually prefer the ridiculously more expensive GoToMyPC and its Win32 client for remote control.)

DISCOUNTS
Check this out:  I found this discount on line for the LogMeIn Pro product, which is a $20 discount off the annual subscription to Logmein.com.  Use the code:  JHZH-YXVL and you’ll find the cost go from $69.95/year down to $49.95/year.

A FINAL NOTE ON WINDOWS XP’S REMOTE DESKTOP
I’m a KoolAid drinker and I’m the first to try Microsoft’s own software.  But before anyone starts howling about using Remote Desktop over LogMeIn Free, recall that I need to support multiple computers behind the router.  Even if I were to configure port forwarding for port 3389 (RDP’s port) on the router, which I don’t really want to do, I would only be able to do this for one PC.  There’s an article on how to accomplish this if you want to set it up here.  (http://www.networkgarage.com/2006/04/cancel_your_gotomypc_subscript.html)

Incidentally,  pay no attention to the comments list to the folks screaming that RDP is insecure:  The protocol used to remotely control a Windows PC using the Remote Desktop Client 6.0 is not only encrypted using RC4, it’s also quite secure.  Be sure to be using the most recent remote desktop client software here, use WinXP SP2, and for good measure, upgrade to Windows Vista. 

In the interests of honesty, technically there is a very small threat of what is called a "man-in-the-middle" attack on WinXP systems using RDP 5.2, however let’s be clear… man-in-the-middle attacks are extremely rare and very difficult to accomplish and there are few people in the world with the technical sophistication to execute them.  It accounts for something like "less than 1000th of a percent of all intrusion attacks made" because of their difficulty and requirements to execute and would require invasively corrupting the routing cache on your personal workstation or setting up a rogue DNS server on your ISP or something really extreme to target just you specifically.

To give you an idea of the sophistication we’re talking about, this hacking technique is usually reserved for attacking eCommerce sites like eBay & financial institutions like Bank of America to intercept credit cards & passwords.  If someone is in fact truly attempting to use this technique against you and your computer, it’s not random:  You or your organization is probably important enough (or rich enough) that skimping paying $50/year for LogMeIn Pro, $200/year for GoToMyPC, or whatever support service you might otherwise be using isn’t exactly your first priority. 

Remember:  This is your Mom we’re talking about… not freakin’ Bill Gates.


Categories

%d bloggers like this: