Thoughts on AMMYY?

[madcow007]

did a string dump on aeroadmin found the following commands

-minimize
-sims
-transit
-update
-silent
-cur_rights
-base_port
-addr

hopefully at least one of them will help you out not sure what they all do

mini update it seems it also stores a couple files in

C:\ProgramData\Aeroadmin

settings.bin
guid.bin

dont know the format so cant edit them

 

[ell]

did a string dump on aeroadmin found the following commands


hopefully at least one of them will help you out not sure what they all do

mini update it seems it also stores a couple files in

C:\ProgramData\Aeroadmin

settings.bin
guid.bin

dont know the format so cant edit them

Hi, your way ahead of me on this, I spent my free time today making a command to get aero to start as a service, I was pretty proud of myself when i got it, til I tried to get it to also start in safe mode w/networking. Never got a reg command to do it, i tried this one
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aeroadmin]
@="Service"
No go, be back at it tomorrow. Another thing I found aeroadmin isn't killed by roguekiller either, haven't tried jrt or adwcleaner yet. That's a huge plus.

 

[Vyper28]

My reason not to use AMMYY is simple. It's heavily used by hackers/scammers, and on more than one occasion I've had a client install AMMYY and IMMEDIATELY get a connect request before I even try to connect to them. On one occasion the client clicked yes and from that moment it was my responsibility to undo the damage done. I spent almost an hour fixing issues the hijacker had done, I bill $110/hour. It cost me money, and I wont trust it again.

 

[MDD1963]

I find cautioning folks to click 'stop' (on the left hand 'client' side of the program's window) immediately upon opening AMMY is enough (installing a connect password at this point is advised), but, admittedly, this security risk/hole could be cured if AMMYY simply changed to a client number and 4 digit password by default, similar to Teamviewer's current implementation.

 

[ell]

I'm dumping Ammyy, you can't even download it from Chrome anymore, I have it still on some clients machines (my password on it of course and with exceptions installed in their antivir) but for new clients I think I'm going with Aero, I made a couple scripts to run it in safe mode w/networking. Its not as fast as ammyy but for the few remotes i do it should be enough.

 

[HFultzjr]

I've been using Ammyy for over a year now and like it a lot. I have my logo on the app and host it on my website for clients to download BUT never use it without a password on it, before I bought it I used the free version and a couple times some random hacker would log into my host before they could close the app. As Larry mentioned it is a battle to keep the clients protection from blocking you, and msfts too so I guess for someone who doesn't do a lot of remote support its ok, and its cheap but if I used it every week I'd probably shop for something else because of that.

"BUT never use it without a password on it, before I bought it I used the free version and a couple times some random hacker would log into my host before they could close the app"

^^^^^ This. Tried the free version and was "hacked" with random connections almost instantly.
Never went back, never will.
Very scarey, even for me.

 

[ell]

"BUT never use it without a password on it, before I bought it I used the free version and a couple times some random hacker would log into my host before they could close the app"

^^^^^ This. Tried the free version and was "hacked" with random connections almost instantly.
Never went back, never will.
Very scarey, even for me.

Don't ever use the free version, I bought the starter version for $33 and you can customize it and put your password on it, then I host it on my website, works great, no hackers then, BUT its totally blocked by just about every antivirus out there. Its too embarassing to try and coax the client through disabling their security (even that doesn't work sometimes)

 

[HFultzjr]

Don't ever use the free version, I bought the starter version for $33 and you can customize it and put your password on it, then I host it on my website, works great, no hackers then, BUT its totally blocked by just about every antivirus out there. Its too embarassing to try and coax the client through disabling their security (even that doesn't work sometimes)

I agree, but it just scared the crap out of me how fast it happened.
IMHO, Not for me.
Your mileage may vary.

Thanks,
Harold

 

[ell]

I agree, but it just scared the crap out of me how fast it happened.
IMHO, Not for me.
Your mileage may vary.

Thanks,
Harold

yup, it did the exact same thing for me, one of my best clients too! soooo embarassing

 

[Brantley @ Foolish IT]

I tested AMMYY long ago, but found Ultra VNC Single Click suited my budget and needs better than their product did. ScreenConnect and TeamViewer are worth every penny they ask for though, each has it's ups and downs but much better than any cheaper alternatives IMO.

 

[ell]

I tested AMMYY long ago, but found Ultra VNC Single Click suited my budget and needs better than their product did. ScreenConnect and TeamViewer are worth every penny they ask for though, each has it's ups and downs but much better than any cheaper alternatives IMO.

Ultra VNC Single Click looks good but I'd need the reboot to safe mode capability.

 

[Brantley @ Foolish IT]

It works in Safe Mode you just have to be able to get them there, which is sometimes easier said than done (especially with it being "locked down" in Win8+) but one of the features in our tools (d7ii & dSupportSuite) you can reboot to safe mode with networking pretty easily, then they just have to launch the client again. If you want it all in one swift quick action the investment in the other two products (Teamviewer and ScreenConnect) really are worth it. There's other limitations and quirks to work around with UltraVNC Single Click but it's worth it for it being completely free.

I used Single Click for a couple years in another support job I had, they were trying to get away with LogMeIn's free version and when I came in I was like "We can't rely on this, they are going to force ppl to start paying eventually". So I setup UltraVNC SC and started using it myself (everyone else kept using LMI) then the day came they couldn't use it anymore and they all switch immediately. LMI Rescue is supposed to be decent, but their price point was way off mark at the time and my bosses preferred free. I don't like LMI because of all the services and files it requires on a system to run.

 

[MDD1963]

It's been a while since I first installed the free AMMYY version on a laptop and virtual machine; on a newly installed AMMYY with default settings (no password/access definitions/permissions set) ,does any inbound AMMYY connection attempt require the user to click "Yes", / "allow", etc.? Or can any random scammer connect just with the sequentially assigned client number?
EDIT: went and installed free version of AMMYY on son's Win8 laptop; for absolute certain, it requires the user to manually grant/accept incoming connection access.

I really don't see an issue.

If you don't know who is connecting, don't accept the first request from India, Pakistan, or Uzbekistan that comes along? (I'd think a very strong caution to users the instant they download and are opening/running AMMYY for the first time, the risk could be reduced to....well, virtually zero, but, never rule out anything)

 

[OaksLabs]

I really don't see an issue.

If you don't know who is connecting, don't accept the first request from India, Pakistan, or Uzbekistan that comes along?

I am right there with you. Our issue is the dancing pigs phenomenon : https://en.wikipedia.org/wiki/Dancing_pigs. However, it's really no different than the end user infecting the PC with malware (they can do a lot more damage with a web browser than they could with a remote access tool that must be running for connection pop-ups to pop-up anyways).

 

[MDD1963]

What's with Chrome, actually not even allowing the option of overriding/downloading Ammyy? Quite darn arrogant, IMO.....

Will Teamviewer be next once it is misused by some scammer with an accent? (as if it isn't already)

 

[Larry Sabo]

I just posted how I feel about it on Chrome's forum, and sent Mozilla a complaint as well because they are just as guilty. Any others that use Ammyy Admin please feel free to post a reply there--not that it's likely to do any good.

 

[Instant Housecall - Corey]

If you want it all in one swift quick action the investment in the other two products (Teamviewer and ScreenConnect) really are worth it.

... or you could just use Instant Housecall, which offers "swift quick action" and includes D7.

 

[BlazonTech]

My reason not to use AMMYY is simple. It's heavily used by hackers/scammers, and on more than one occasion I've had a client install AMMYY and IMMEDIATELY get a connect request before I even try to connect to them. On one occasion the client clicked yes and from that moment it was my responsibility to undo the damage done. I spent almost an hour fixing issues the hijacker had done, I bill $110/hour. It cost me money, and I wont trust it again.

This is one of the many horror stories I have heard about AMMYY, it seem they reused the same connection code or whatever they call their ID. Hackers/spammers just keep wacking the same ID and they will eventually get accepted by a naive user.

 

[Larry Sabo]

I'm trialling InstantHousecall but still prefer Ammyy, because it's so much faster and I guess because I'm more used to it. It just works great for me. Any tech who uses the uncustomized Ammyy app is asking for trouble. It takes just seconds to customize the app with your own password and eliminate the risk of your customers being hacked/scammed. <sigh> The customizer is free to paid users.

Unfortunately, Dropbox is now blocking downloads of my customized app for reasons we're trying to work out, so installing it while on-site or using another remote app is required. Now, that sucks!

 

[tucsonpc]

Unfortunately, Dropbox is now blocking downloads of my customized app for reasons we're trying to work out, so installing it while on-site or using another remote app is required. Now, that sucks!

You could always upload the file to your website temporarily until the install is complete.