Helping people with computers... one answer at a time.

Remote assistance is a very appealing feature to allow someone to remotely fix your machine. The risks, however, are significant.

Is it safe to allow a tech support person from a reputable firm to have remote access to your computer to solve a problem? I recently had an issue that required me to contact such a company, and permitted the tech to view my desktop. My problem was solved, but I couldn't help thinking that this was a bad idea. Can they browse around inside your machine if you give them this kind of access?

How much do you trust them?

No, seriously, how much do you really trust them?

Because, all other issues aside, this is all a matter of trust.

It depends on the technology that the remote assistant uses, but yes, you are in fact giving someone the potential of complete access to your machine.

They could presumably do whatever they wanted.

"Remote access is a wonderfully appealing tool."

Now, most of the remote access technologies used by these firms allow you to watch what the technician is doing as he or she does it. That's kinda cool, and often even instructive.

The problem is that once connected, there's actually no guarantee that there isn't more going on that you can't see.

That's why I say it's all about trust.

Remote access is a wonderfully appealing tool. Rather than relying on your description of the problem the technician can see the problem, and investigate directly on your computer. Rather than trying to walk you through a complicated set of steps that you don't need or care to actually understand to resolve an issue, the technician can just do it for you.

I really, truly, honestly get the appeal.

The problem is compounded because there are several levels of trust at play as well. You might trust company X - many companies are absolutely worth your trust. You might trust that they or their technicians don't have malicious intent. But how do you trust that the technician you're talking to actually knows what he or she is doing? How do you even tell?

Personally, I'd be very reluctant to let anyone connect up to my machine that way. In fact, I can perhaps vaguely recall allowing someone to do it once, a long time ago.

But I do also realize that sometimes it's just the most expedient approach to problem solving, and that by-and-large the reputable companies and technicians doing it are probably quite competent.

But it still feels like a huge risk.

I'd just make darned sure that you only do this with companies that you trust deeply, and that you try to establish some level of trust with the individual technician you're dealing with.

And, for safety's sake, make a full backup of your machine first. Just in case they screw it up (which, sadly, I've heard of as well).

Article C3767 - June 20, 2009 « »

A version of this article that can be republished without cost is available at ArticlesByLeo.com terms).

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

22 Comments
Carl R. Goodwin
June 23, 2009 8:31 AM

One of the first things that I do after I reformat my machine is to turn OFF "Remote Assistance".

Glenn P.
June 24, 2009 6:39 AM

I disabled Remote Assistance almost as soon as we got our computer. That was so long ago (and I do believe I used more than one method) that I no longer remember how to re-enable it, assuming that such should ever be necessary.

And I shall make SURE it ain't necessary, because NOTHING can EVER be THAT necessary!!!

misja
June 24, 2009 9:14 AM

as a technician i am very happy with remote access. it means i can solve my customers problems from a distance and that means faster. as otherwise the client will have to bring the pc or laptop to me (or i have to go to them) there is no extra risk for them. the risk is there anyway when i have the machine on my desk with full access. obviously my clients trust me. they have to trust me otherwise i can not solve the problem. in my opinion only when you are skilled enough to solve each problem yourself you have the option not to give access to somebody else.

Thom
June 24, 2009 4:21 PM

I've, worked in several phases of this technology in the last 25 years. I'm semi-retired now, and I use remote control almost exclusively for support. It allows me to keep the labor charge down by discounting my cost & time to travel. And, I don't have to carry disks (tools) etc, to a customer's site. Everything is on my local system that I'll need.

Jeffrey
June 24, 2009 11:01 PM

windows remote access can be disabled, but I use a remote access not involving the windows service as part of my job....
the other point to make is, as I have read on other posts, if it is not physically secure it is not secure, and the other options for the service my company provides is for the customer to take the computer to the storefront or a tech to go the home. That means there is no difference between what I do remotely, and what any other tech for the company does.

Hughon
June 27, 2009 12:22 AM

I understand the concern for security and safety with having someone you know nothing about, gaining access to your PC remotely, granted or not. But you must ask yourself this question. Is it any safer to bring your PC to a local support shop for repair, when you know nothing about them either?

I looked at it this way. When you give access to a technician remotely, of course there is the risk they may access more than you hope. But at least you can terminate the connection at any given time you don't feel comfortable with what they are accessing. Yes, you have that much control over the entire process, thanks to todays standard of connectivity. You have to actually say yes to it before they actually connect to your PC, and can stop the process anytime.

However, what about the process you can only control to a point when you bring your PC to a local repair shop. You bring your PC in, you gave your information to someone(could be a technician), and then was told to come back the next day for pickup. But what you may not know is the level of invasion into your privacy that took place in this process, and the big thing is, you can't stop it and you don't really know what they did.

At least with remote access, you can see everything the technician is doing.

Cheers

You're raising some good points, however the issue to me is one of accountability. While there are risks in taking your PC to a shop (I've talked about them before), you know who they are, and if there's an issue you go back to the repair shop an talk to the same person. There's an individual involved, that you can see and meet and talk to face-to-face. That changes the relationship.

With remote assistance from many large vendors you have no idea who it is that you're letting access your machine. They could be next door, they could be on the other side of the planet. If you call back with an issue, you'll likely get a completely different person who won't know what the first one did. IMO it's just too anonymous, and too risky.

I totally understand the appeal to the technicians themselves - they, of course, know who they are and know that they are trustworthy. Unfortunately customers don't have that knowledge, they can only make assumptions.

- Leo
27-Jun-2009


Bonita
June 27, 2009 12:17 PM

Completely agree with article, Leo.

My first (and probably last) experience with Remote Assistance (with my ISP) was less than perfect. Was trying to install the ISPís security suite and the download button on the website did not work. The technician wanted to do Remote Assistance.

After downloading a considerable number of files to make this possible, the tech flew through screen after screen for about 10 minutes and had to give up. (Much later I found out that all that had been needed was to uninstall the prior version of that security suite first).

After the Remote Assistance, problems immediately began with my Internet connection, and a System Restore did not help. I ended up having to reinstall Windows (with Dellís guidance).

The computer damage may have been an unusual case. But, at best, the technicians simply work too fast for a novice to follow what they are doing, and the session left me just as ignorant as before. Personally, for me, it is far preferable for the technician to give steps and let me do the work so that I can learn how to hopefully solve the problem without tech support if it happens again.

Michael Horowitz
June 30, 2009 3:08 PM

The advice to make a disk image backup before letting a total stranger "drive" your computer is an excellent one. No matter what the software problem is, an image backup from a bootable CD should be possible. Great defensive computing, Leo.

Let me also suggest using an external hard drive for storing all your sensitive files. This way, by simply removing the hard drive you know there is nothing on the computer that you wouldn't want a stranger to see (be they a remote stranger or a local computer repair outfit).

I have no connection to Lenovo at all, but I very much like the concept behind their ThinkPad USB Secure Hard Drive. Its an external 2.5 inch hard drive that does hardware encryption with NO dependency on any software on your computer at all. You enter a password into the device by pressing buttons on it. Your computer is oblivious to the hardware encryption, so it should work with any OS.

Of course, you pay more for this security in the ballpark of $90 extra when compared to a standard external hard drive. But, if you have sensitive files, its a great way to go.

I don't use it, preferring the free TrueCrypt, but I'm a techie. For many computer users dealing with TrueCrypt is too much. And, there is great safety in not having any sensitive files on the computer at all, encrypted or not.

See my blog for more about the hardware
http://blogs.computerworld.com/about_the_lenovo_thinkpad_usb_secure_hard_drive

Mitchell
February 5, 2010 9:16 AM

A technician, yes. Anyone else that is not family, no! These remote access programs can be a lifesaver, but in the wrong hands they can leave you 100% vulnerable to attack and, worse, while you think you are receiving support, you can be getting attacked..as you watch!

Pat
April 22, 2010 7:08 PM

I allowed a McAfee tech. access to my computer, he did a great job fixing the problem. After I blocked future access. Not so funny, a week later someone or something trying gaining access to my computer, asking for permission, I blocked it!!!!
Is this something I should be very concerned about?

Lester
June 3, 2010 10:00 AM

A comment on the other side. I do computer consulting out of my home, and remote access is one of my handiest tools. Most of the people I'm helping don't really know that much about computers and trying to guide them through something can be a real pain. Will I misuse this? Hardly? Could I? Hardly, since I don't keep log on information. The question is more: Do they want my help or don't they? If not, don't bother me, if they do, then let me do what I need to do. I realize that most of these people actually know me, which might make a difference...

I'm sure it does. But would you let someone you didn't know connect that way to your machine? That's exactly what many companies are asking people to accept.
Leo
05-Jun-2010

Frostbyte
June 3, 2010 11:52 AM

I have extensive experience from both ends of this issue. I'm a consultant that provides full computer services to the SMB (Small/Medium Business) market and remote access is essential to what I do for a living. It allows me to solve client issues rapidly, efficiently, and cheaply. It's an income multiplier for me as I can be logged onto several different clients and working on all of them simultaneously. Being as I provide full services to these clients and have full access to everything on servers and workstations trust isn't really an issue. If they didn't trust me they wouldn't hire me. My clients love the service, it's so nice to call and say "blah blah isn't working, fix it please". Even when a physical button needs to be pushed I can call them and tell any non-technical employee to do what needs to be done.

I also do this for relatives, it really saves me a lot of time and when you have a family like mine you're expected to contribute like every one else.

Having said that, the other end of the stick is that I often need to let vendors have access to client systems. I've been working on computer systems for almost 30 years but no one knows everything and it's often best to let the vendor deal with their own software problems. I NEVER let them have full access and I ALWAYS stay logged on and watch what they do while they do it. I've seen vendor technicians do things like try to create a Domain Administrator for themselves, try to leave the remote access software installed and running by default, uninstall programs and features that have nothing to do with their issue or software, etc. Very often during this process it's my observation/suggestion that actually solves the issue. At the end of the day I'm responsible for these computer systems and no one else is going to be held accountable for them so due diligence is required.

My advice to the general user is not to allow this type of connection unless you know enough about how your computer works to be SURE that you are in control. I wouldn't take a technician's word for anything, you don't know them at all. I especially wouldn't take an offshore technicians word for anything. If they want you to download and install something, make sure you know how to uninstall it when that support session is finished.

Even the reputability of a company is no guarantee. Especially with offshore support (as in from India), that tech may be under influences you have no inkling of. I especially don't trust the various Anti-Virus vendor's techs. Besides any other agenda they may have their first move is usually to uninstall any and all software from any competitor. I had one insist that a disk imaging program from another vendor had to be uninstalled to repair their AV software, which was total bullhockey. If they're hacking your computer and selling access to the _____ (fill in your own bad-guy, Identity Thieves, Spammers, etc.) the worst they'll suffer in their country is to get fired, and probably not even that.

Under no circumstances should you ever allow them to work on your computer when you're not directly in voice contact on the telephone and you are directly observing what they're doing on the screen. Ask a LOT of questions and make sure a few of them have to do with how to kill that remote software and uninstall it when they log off.

Remember, these guys usually aren't actual employees of the vendor, ISP, etc. They're in a boiler room in a foreign country and getting paid by "calls resolved". That means the faster they can fob you off so they can mark your call resolved and get on to the next call the more money they make. Their incentive isn't to solve your problem, it's to mark your call as resolved as fast as possible. So DON'T let them hurry you, haste makes waste and that goes double in computers. You called for support, get supported and don't be afraid to slow them down to something you're comfortable with.

This is a main reason why they want remote access also, so they can fly through the call as fast as possible. If they try that, disconnect the remote session immediately and tell the tech on the phone that if he can't take the time to explain each step to you while he's doing it that you'll have to proceed without remote access. That will put him on notice that you're not going to be run over rough-shod.

Most of them aren't really technicians either, they're looking at a flow-chart and a script on a computer screen in front of them and if your problem isn't covered by their flow-chart they have no clue how to help you. BUT they don't want to bump you up to a higher tier of support because then they lose the revenue from your call. That's also why they always ask you if your problem is (whatever) in different words than you used when the call initiated, their English is mediocre and they are reading from the beginning of the flow chart to be sure they're on the right page.

Another tip for offshore support, if you have trouble understanding their English just tell them you can't understand their accent. Stick to that story and usually they'll bump you up to a supervisor with better language skills. Don't be afraid to ask to talk to a supervisor if you're not comfortable for any other reason also.

All of this information is to be kept in mind when you're allowing some total stranger access to your system. There are ways to upload things to your computer and run them that you can't see on the screen so think long and hard about trusting a technician with remote access. Just because it's on the computer and it's a major vendor support you're talking to doesn't really negate the fact that you are trusting everything to a total stranger.

On top of all of that, some remote access programs are flawed or exploitable so even if the company is reputable and the tech is honest that doesn't stop a bad-guy from scanning your ports looking for a vulnerability opened by a remote access program or it's aftermath.

Harvey S. Frey
June 3, 2010 1:50 PM

I've had cases where a tech has changed settings which screwed up my internet access, and then didn't know how to fix them.

I now routinely insist that they tell ME what to do, and if they want me to change anything, I have an opportunity to record prior settings.

They don't seem offended.

john
June 22, 2010 9:37 AM

Frostbyte "would not take a tech's word for anything" and says "Even the reputability of a company is no guarantee."
But he wants people to trust him? He says he can watch while the remote guys do the job but some of theier work can be hidden.
I know a guy who calls to people to fix computers and he told me how he can get behind any password and laughed at how people password protect files.
When a laptop hard drive died on me i went to shop and watched while the guy put in a new one and took away the old one.
someone said remove hard drive before giving it to shop. how will they be able to find out what is wrong with it then since the OS is on the hard drive?

Joan
June 26, 2010 10:31 PM

In the comments area - they mention that they are sure to BLOCK any access once the remote access is over... HOW exactly does one go about that?

Depends on what technology they're using for remote access.
Leo
27-Jun-2010

Arthur Glazer
December 22, 2010 2:45 PM

What about the guy that comes to your house? He can do the same damage. You folks are paranoid. You are supposed to be hiring someone who does the job; who you trust no matter how the repair is done - remote or on- scene.
I use a remote utility that asks for a code at each end. When the connection is cut, (and can be by the client at any time) new codes must be generated. There is no way for me to go back in later. It won't work. And believe me, I've got better things to do than prowl around someone's system. Again, the same damage could be done with their PC in my lab. I don't look where I don't belong - period.
As far as changing settings- the same could be done back at the lab. You either trust them or you don't.
Those who hire me, trust me. I have a reputation to uphold and would like to stay in business.
You call someone because you want an issue resolved - watch them. Learn. But trust them. Or don't call!

chris
January 1, 2011 12:24 PM

Hi, I recently allowed a linksys phone technician have access to my 2008 IMAC (runs MAC OS X). I have not noticed anything wrong with or strange with the computer since then, but I have been concerned that my computer may still be in some kind of danger. At this point, would you recommend running some kind of anti-virus or spyware program to make sure that nothing malicious has been installed? Or am I in the clear if everything has been okay since the remote session?

thank you for the post!

Alexander Nicol
February 25, 2011 8:12 AM

I thnk it is ok for say Toshiba.HP,Microsoft my
ISP to be able to share my computer.I have done
so in order to fix a problem.Now if i had something on my hard that may be illegal, i would not share.

Charlie Griffith
March 2, 2012 3:00 PM

I asked for Dell's Tech services guy on the 'phone in India (one can't get around the Indian call center system....it seems that everybody does it...cheaper labor....) to take over my new Dell under warranty to fix a problem, and I most definitely didn't want to be "talked through" a two hour session of agonizingly detailed steps on my keyboard with those staccato accents...in this case the English was good, clear, and the connection was perfect.

So, their procedure is that once both of you are connected, he brings up a page on your screen containing a blank space in which you type the five digit number he dictates to you over the phone from India. That enables him to "enter" your machine.

After that, you can watch your cursor being moved about on your screen by the Indian tech guy....it's a surreal experience....but there you have it.

I had no qualms, because my email account as well as banking, etc are all password protected....each separately from the other....there is no "master password" for anyone to hack.

For me, the key thing was that I was watching my cursor move on my screen at all times.

Then.....the mutual connection can be severed by you at any time if you don't like the way things look. Hence...the 'control' is still with you....the asking customer.

In my case, I was completely satisfied during and after the successful session.

Cheers, and good luck.

Charlie Griffith
March 2, 2012 3:23 PM

...here's an afterthought....the sound-character-quality of the voice on the other end of the phone is important. Presumably these phone-tech guys are chosen for English proficiency....but that's a matter of degree.
They generally speak in harsh-sounding staccato automaton-scripted accents in which the English is textbook correct, which unfortunately ends up sounding like a string of rapid syllables.

So...it's still your call (no pun) ....if you don't like the sound-quality-confidence-factor in his voice, break off the connection.

I had one female on the other end of the phone who was completely unreadable....their high pitched sound simply does not transmit well over a digital phone line across ten or twelve time zones...and, bounced from a satellite. Low-pitched male voices are without question the best.

Mishach
September 11, 2012 11:24 AM

I have had a few problems with my VISTA and as I was not willing to pay a tech a lot of money, I chatted with a tech of microsoft (always the same). He took over my laptop and within short time the problems (small for him to resolve, impossible for me to do it myself) were gone. I'm trusting ms techs and will use them again.The good thing is that after a chat you receive a follow-up mail with the tech's name. You can save it and therefore use it each time you need help.

darlene
March 20, 2013 6:30 PM

I am new to computers and ended up getting into problems that i let a tech from a company remotely fix for me.I have windows 8 and i don't know if this is supposed to happen but a small metro tile from the parent company was left behind on my computer,although no matter how often i tried i couldn,t open the tile. I sent an email to the parent company telling them i was nervous of this. The tile and the message i sent have completely disappeared off my computer which scares me even more because now I wonder if they still have access to my laptop to do this. Is it possible or am i being unduly concerned? Can they still remotely access my laptop even though i pushed the button that supposedly cut the link?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.