Q

How secure is pcAnywhere compared to Terminal Services?

I'm being asked, security-wise, about the differences between utilizing pcAnywhere to remotely access servers versus Microsoft's Terminal Services in administrative mode. Cost-wise Microsoft TSE is in the operating system at no cost. But how secure is Remote Desktop Protocol (RDP) when compared to pcAnywhere?
First, you should remember that RDP is just the communications protocol. While any security issues of the protocol (any software can have vulnerabilities) are important to know and correct (see security bulletins and keep systems patched), it is the overall security of the products that should be addressed. You should study what they offer (authentication, encryption means of blocking or allowing access), the protocols used to do so and your comfort level with the companies' security notification process. I have not seen any recent in-depth comparisons of the two products. However, my inclination is to use Terminal Services.

One of the main issues with any type of remote control product is its reliance on the user to set up proper security. PcAnywhere has some interesting security features in version 10.5, including a mandatory password and the ability to encode host and remote objects -- no code, no connection. The vendor indicates that it can do NT authentication and pcAnywhere authentication (but do not define the algorithm), LDAP, HTTP, HTTPS, FTP,...

Novel and Active Directory. For encryption: pcAnywhere encryption, Symantec encryption and public key encryption. I am always suspicious of proprietary security algorithms. Public key encryption, of course, can be very good, and there are industry standards.

One of the large issues here is that security must be configured, and administrators must choose and use strong passwords. Some earlier version of this product did not require a password, and many people did not set one. Terminal Services in administrator mode (Remote Desktop Administration on Windows 2003) only allows administrators access and uses Windows integrated authentication (you always needed a password -- but, of course, you could set a blank one). Three encryption levels can be set (including 128-bit encryption post-Windows 2000 SP2). If you wish, you can provide the additional security of using smart cards for Terminal Server access and/or use a VPN to further authenticate, encrypt and manage remote access to your computers.

My preference is to use the tool that I have -- Terminal Services -- but you will need to do some additional evaluation. Cost, as you mention, may weigh high on your list. I don't see any security benefit to using pcAnywhere over Terminal Services, and I do see a large cost difference.

This was first published in February 2003

Dig deeper on Endpoint security management tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close