For annoying reasons, I found I urgently needed to install a VNC client on a Windows desktop. A quick internet search, along with memories of colleagues’ opinions, led me to examine three alternatives: RealVNC, MobaXTerm and TightVNC. They all offer free home versions for users like me, so I downloaded each to try them out.
The RealVNC legal terms are problematic: during installation, they state the version being installed, the free home use version, is time limited. I don’t want that, so I cancelled the installation.
MobaXTerm, I installed, and then immediately uninstalled. It shows evidence of being abusive. In particular, it added an icon to my desktop, a common product installation rudeness. When I attempted to delete the icon, immediately after installation, as is my usual habit, I could not do so. Windows ignored my attempt to bin it; I wasn’t even asked for administrator permissions. MobaXTerm appears to have an attitude problem: God knows what else it might do against my direct instruction. I immediately uninstalled the product; I didn’t even run it. Incidentally, if this unremovable icon’s a bug, it’s a weird one; desktop icons are a solved problem, even though they’re a mess.
That left me with the home user flavour of Tight VNC. I’ve installed it, and have used it. So far so good. It does what I expect it to do, and fails where I expect it to fail. I can connect to, and use, a macos server happily. I can’t copy the content of the macos clipboard, because the Mac has it’s own non–X way of going things like that. If that becomes a problem, I’ll move on. But, for now, Tight VNC is sufficient.
Unfortunately, the Tight VNC installer attempted to install, by default, a VNC server. I can see why some people may like a server, so that they can, for example, connect to a Windows desktop from some weird operating system that has no RDP client. However, I would strongly recommend you avoid it because it’s a security hazard: it gives the nasty people another feature to crack, another route to break, to hijack and abuse your property. My objection is not that Tight VNC can install a server, but that it’s installed by default. That’s why I cannot recommend Tight VNC, even though it was the only product that fulfilled my immediate needs.
Indeed, it’s obvious that none of these products have any concern about basic Windows security: one wants to install an unnecessary server that serves an insecure protocol; another does things directly against the express instructions of the user; the third has legal terms that contradict its stated market. Mind you, worrying about security with VNC is rather like worrying whether a mother of triplets is a virgin. The VNC protocol is about as secure as an open door between a nursery and a chocolate factory, the only real issue is whether the teachers or the children are the first to scoff the chocolate. Of course, you can make VNC a little less insecure by, for example, tunnelling it over SSH (I believe Apple do that), but that’s tinkering. I don’t like the attitude of any of these VNC client vendors, to add extra layers of insecurity, whether technical or legal. Admittedly, I didn’t make any payment, and perhaps I got what I paid for.
Ultimately, it’d be a lot more sensible for me to resolve my original problem by learning how to control macos servers from the command line, or perhaps simply reminding myself to verify both my bastion hosts are behaving before I go out.