PDA

View Full Version : Ammyy Admin issue


ccritchie
03-17-2012, 03:16 PM
Ammyy Admin issue

I am having an issue with unattended access.

Larry Sabo
03-17-2012, 04:35 PM
Not me, but I have only been using Ammy Admin for a half-dozen connects. Did you set a password for connections to prevent this sort of thing? You can't do that in advance if they download the program from the Ammyy site, of course, which is why I set up the program and host it on my site for download by the customer.

Larry Sabo
03-17-2012, 05:24 PM
It's explained on the Ammyy site, here (http://www.ammyy.com/en/admin_unattended.html). That's for unattended connections, but it also applies to regular connections, i.e., where Ammyy is not running as a service.

16k_zx81
03-17-2012, 05:24 PM
Thanks for your reply, Larry. How do you go about setting a password?

:eek:


.................................................. ...........

16k_zx81
03-17-2012, 05:42 PM
Yeah, Im all in favour of free software, but I wonder about the business cost of losing remote customers to 'mishaps' like this, not to mention reputation and WOM issues that could arise. Its a pretty alarming anecdote.

I concede that this may have been a simple configuration issue, and that there's every possibility the software was not at fault. . Im thinking back to when I used ammyy a couple of times, years ago, and at that point it was pretty unimpressive. It may have come a long way, but cant help but wonder if its entirely ideal for business use, compared to some of the more established commercial offerings available.

ccritchie
03-17-2012, 06:05 PM
Ammyy is a very easy-to-use tool, and I was considering getting the business license, but wanted to see how it works in the real world. Of course, now I am re-considering.

To compound the issue, because it's so easy to use and there is a free version available, there are reports out there of people being scammed using this tool (http://www.avforums.com/forums/isps-internet/1241546-ammyy-phone-call-scam.html) Even Ammyy has something about it on its site. (http://www.ammyy.com/en/admin_mu.html) Whether Ammyy is a good product or not, its image is being tarnished by folks who are getting burned and even assume that Ammyy is behind the scam.

Cambridge PC Support
03-17-2012, 06:22 PM
It looks like the IDs assigned are sequential, and I just tried a few subsequent IDs and "fell into" some random computer, which is pretty insecure really. They should at least assign random IDs.

So you've got a small windows of time where someone could randomly connect, then the user could hit "yes" to allow. Unless you talk them through setting a password before turning on the service.

Unless of course you use the Larry method, which I guess is only for a paid licence?

Larry Sabo
03-17-2012, 06:35 PM
If you're using it for business, you're supposed to have a Business (premium) license, which is only $60USD. I have one, of course, and find the program to be excellent. Wouldn't think of using it without password protection of the connection though.

Cambridge PC Support
03-17-2012, 06:49 PM
If you're using it for business, you're supposed to have a Business (premium) license, which is only $60USD. I have one, of course, and find the program to be excellent. Wouldn't think of using it without password protection of the connection though.

I've only used it in anger two times so far, and that's just the free trial version.

For $60 (38) it's a bargain and well worth a punt.

Vicenarian
03-17-2012, 07:34 PM
Just a tip; Ammyy admin is used a LOT by the 'Microsoft Scammers' as of late.

Cambridge PC Support
03-17-2012, 07:36 PM
Just a tip; Ammyy admin is used a LOT by the 'Microsoft Scammers' as of late.

Sold! :)




............................

ccritchie
03-17-2012, 11:15 PM
Just a tip; Ammyy admin is used a LOT by the 'Microsoft Scammers' as of late.

Yes, I mentioned that in my earlier post.

RedFoxComp
03-18-2012, 06:49 AM
Yes, I mentioned that in my earlier post.

In fact, so much so that Microsoft Security Essentials is automatically detecting and removing it as malicious software.

MobileTechie
03-18-2012, 01:46 PM
In fact, so much so that Microsoft Security Essentials is automatically detecting and removing it as malicious software.

Not that I've noticed and I use it all the time.

Larry Sabo
03-18-2012, 01:59 PM
Kaspersky sees it as benign, so that's good enough for me.

MobileTechie
03-18-2012, 03:04 PM
I don't think there is any doubt about it being benign is there? Just because some scammers use a product doesn't make it part of the scam. They also use CCleaner and MBAM.

codegreen
03-18-2012, 03:27 PM
It looks like the IDs assigned are sequential, and I just tried a few subsequent IDs and "fell into" some random computer, which is pretty insecure really. They should at least assign random IDs.


:eek::eek::eek:

"Pretty insecure" is quite the understatement. This alone is enough to keep me far away from Ammyy.

Cambridge PC Support
03-18-2012, 03:37 PM
:eek::eek::eek:

"Pretty insecure" is quite the understatement. This alone is enough to keep me far away from Ammyy.

It's fine for trialing on your own workbench PCs - and once you're happy with it then you buy it and can assign a password as Larry mentioned above.

For the cost, feature set and ease-of-use I think it's worth it.

Larry Sabo
03-18-2012, 04:31 PM
I don't think there is any doubt about it being benign is there? Just because some scammers use a product doesn't make it part of the scam. They also use CCleaner and MBAM.
There was in RedFox's post...In fact, so much so that Microsoft Security Essentials is automatically detecting and removing it as malicious software.That's why I posted what I did.

MobileTechie
03-18-2012, 05:53 PM
There was in RedFox's post...That's why I posted what I did.

I know. I was agreeing with you.

Larry Sabo
03-18-2012, 07:26 PM
<Blush> I'm a little slow. Sorry.

parker.casey
03-18-2012, 08:42 PM
that's one of the scariest security holes I've ever heard of.

MobileTechie
03-19-2012, 01:58 PM
You have to bear in mind that unless you install it as a service, the application is only on when you run it manually. So run manually it cannot be used to sneak in except at the exact time you are using it. And as said, if you set a password on it or restrict IP ranges or limit which users can attach then even that hole is closed. Granted the ought to come up with a better numbering system but it can be secured so easily that it seems to be a non-issue for techs using it.

ccritchie
03-19-2012, 07:41 PM
The fact remains, though, that UNLESS you set a password or limit the IP range, your session could easily be hacked. Ammyy Admin said as much via the support ticket that I submitted over the weekend. I also posted about my experience on their forums (which are muddled with all kinds of junk posts w/ links for various products that have nothing to do with Ammyy). My post and my forum account was deleted - twice. Apparently, they do not want anyone to know how insecure their product really is.

Yes, the host would have to click OK in order to allow a second "unauthorized" session to connect. But this could easily happen, as many novice computer users will click on virtually any box that pops up.

If you are running it as a service, with passwords and/or IP/ID limitations, then it's probably fine, but I don't have a lot of confidence in the product, which is risky to use out of the box. The Supremo tool looks very similar, though in my opinion the interface for the password is a bit easier to use.

Bubbajoe
02-11-2013, 04:40 PM
Bumping this thread. For anyone using ammyy now, have they made any improvements on this issue? I'm not terribly impressed with their website and support pages, but I do like their pricing. Maybe that should tell me everything I need to know (in order to stay away from this one)?

JAbbott
02-11-2013, 08:40 PM
I haven't used it myself but just took a look at their website and definitely looks sketchy. I'd probably try logmein free b/f i bought that.

Larry Sabo
02-12-2013, 03:43 AM
I still love AMMYY, and use it all the time. Once you customize it with your own password and other settings, there is no security risk that I'm aware of. It's that customize version that gets downloaded from my site or by me when on-site, so it's not like it takes any time or thought. My only problem so far, is KIS blocks it really well, making it impossible to guide the user on how to create an exception for it. I'm still working on that.

tf76
02-12-2013, 03:50 AM
I am using AMMYY ADMIN with no issues as well.
For the price it is very good.
Just set up a password and you're fine.

Regards,

Scoobaru
02-12-2013, 09:01 PM
My 2 pennys worth is this;

I've spent the last 3 weeks using various products on trial including Ammyy and I have to say that Ammyy fared quite poorly with our test subjects. The password situation is appalling IMHO. Free or paid for this is not exactly a difficult/costly thing to include.

After scouring through literally pages and pages of posts on TN and trialling umpteen different types of software we found that for ease of use for both staff and clients alike that Instant Housecall was a clear winner with Techinline a close second.

Foolishit made a valid point in a previous post when he said it is important for Remote Support to be easy and work first time for the Client as first impressions count. A bad impression is very difficult to overcome.

I agree and whilst it's nice to have something for free I'd rather pay that little extra and have a total solution straight out of the box that works first time every time.

Bubbajoe
02-12-2013, 09:12 PM
My 2 pennys worth is this;

I've spent the last 3 weeks using various products on trial including Ammyy and I have to say that Ammyy fared quite poorly with our test subjects...

Just curious, did you sample ScreenConnect? If so, why does it rate a distant 3rd at best? Thanks.

Larry Sabo
02-13-2013, 03:54 AM
The password situation is appalling IMHO.
Could you explain why you feel that is so? I just don't understand the issue. You add the password when you customize the program with their customizer utility and host the resulting executable on your site. Client downloads and runs the app and gives you their Client ID, you enter it and your password into your Ammyy admin module and connect away. What's the problem with that? Couldn't be easier, or more secure.

Scoobaru
02-13-2013, 10:00 AM
You shouldnt have to make it secure or limit the IP range it should be secure out of the box.

Like most things in life you get what you pay for.

Larry Sabo
02-13-2013, 02:09 PM
Okay, thanks for your explanation. Being a one-man-band working out of my home, customizing the program once with my password before hosting it for repeated downloads is worth the effort, given the under $70 price for a lifetime license that includes upgrades. The product does what I need it to do 99% of the time. I will use Techinline if need be, like I used to for years, but haven't had a need to do so since getting a premium Ammyy Admin license. To each his/her own.

Scoobaru
02-13-2013, 02:48 PM
Agreed Larry. I think if you're configuring both ends it's a cheap solution but for us it wasnt quite what we wanted.

Bubbajoe
02-13-2013, 11:03 PM
Scoobaru,

What didn't you like about ScreenConnect?

Scoobaru
02-14-2013, 03:31 PM
Scoobaru,

What didn't you like about ScreenConnect?

Self Hosting was the first and the main point.
We are just spreading our wings into MSP and RS and didnt want to have Self Hosted software. That's not to say this will not change in the future as we grow.

For us it isn't about one aspect over another it had to be the complete package. We had several things that were key to the product we needed. Mainly this had to work well for those that are completely lost outside of Facebook and E-bay.

We have a lot of Clients that fall into that category. With the Business Clients this is very different as you can set up everything onsite and await the calls. With the One-Offs you have a small opportunity to get things working immediately. We found that both Instant Housecall and Techinline were brilliant for this. We even had a 74 year old Client on in minutes. He was our first live Client and he was so taken with the service.

Overall IH shaded things but the amount of threads I've read through, searched and ran trials was very time consuming. Just glad we made a decision and so far so good.

If you havn't made a choice yet I don't think you'll go far wrong with IH.

Andrew

Bubbajoe
02-14-2013, 03:38 PM
Self Hosting was the first and the main point.
We are just spreading our wings into MSP and RS and didnt want to have Self Hosted software. That's not to say this will not change in the future as we grow.

For us it isn't about one aspect over another it had to be the complete package. We had several things that were key to the product we needed. Mainly this had to work well for those that are completely lost outside of Facebook and E-bay.

We have a lot of Clients that fall into that category. With the Business Clients this is very different as you can set up everything onsite and await the calls. With the One-Offs you have a small opportunity to get things working immediately. We found that both Instant Housecall and Techinline were brilliant for this. We even had a 74 year old Client on in minutes. He was our first live Client and he was so taken with the service.

Overall IH shaded things but the amount of threads I've read through, searched and ran trials was very time consuming. Just glad we made a decision and so far so good.

If you havn't made a choice yet I don't think you'll go far wrong with IH.

Andrew

Hmmm... so far, absolutely no issues self-hosting ScreenConnect for me on a 16/1 DSL connection. Will take a look at IH, but pricey IMO...

Scoobaru
02-14-2013, 06:49 PM
My main concern was that Self Hosting is fine for the Workshop/Office but when we're out on the road it would be far easier to use IH to log in immediately without fuss. Or have I misunderstood their blurb?

Bubbajoe
02-16-2013, 01:56 AM
My main concern was that Self Hosting is fine for the Workshop/Office but when we're out on the road it would be far easier to use IH to log in immediately without fuss. Or have I misunderstood their blurb?

I think you've misunderstood their blurb. Once you've set up the self-hosting, ScreenConnect can be accessed from anywhere and used to remote control any computer. (Assumes you leave the serving running).

Scoobaru
02-16-2013, 02:10 AM
Just when we thought it was over....another trial will begin ;)