Windows "Quick Assist" - Secure Enough?

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

GregM

Member
Dec 6, 2020
19
2
I just discovered MS "Quick Assist" on Windows 10 the other day and tried it out.

It seemed to work smoothly - (quite well actually) - when assisting a friend.
Normally I'd have used something like TeamViewer but wanted to try this out.

I found some info on it here: https://www.steeves.net/news/windows-10-quick-assist-remote-assistance-app/

Looking at point #2 under the "Does Quick Assist Leave Your Enterprise Exposed?" header:

2. Most firewalls & NAT will be bypassed – Quick Assist connects to a central Microsoft support server using the port 443 (for both sides of the assist connections), as such this will bypass most existing firewalls and NAT.

Now I understand the article was written from an enterprises perspective; that's not what I'm looking at here.

I've never really trusted RDP, and after 'Blue Keep' feel justified in this.

This is different though is it not?

. . . being that port 443 is used for secure connections . . . after being connected with the assistance of the central Microsoft support server, is our connection (still?) secured?

If not, how is this different than say what TeamViewer, Anydesk, or any of the others that are out there are doing when we exchange ID numbers and passwords?

Thanks for your consideration.
 
  • Like
Reactions: garryweil
That article, being Enterprise focused, is noting that by using SSL for the connection, there is no way for the Enterprise monitoring tools to track/control the connection. It could be used to exfiltrate corporate data say. Assuming that MS is playing proxy in the middle, you connect to their server as does the client you are assisting, then to me, the only risk is that something malicious at MS could tamper or record your session. That seems little different from other providers in this space, you end up having to trust someone. (I guess they could be doing end to end encryption...? I don't know enough about their protocols.)
 
Being in an enterprise network I would suspect that they already have their cert in you cert store and can thus see your content regardless. Correct?
 
I didn't write the article so I don't know their motivation for being against the Microsoft solution. Some enterprise networks don't bug every PC, they just block most services. It would seem unlikely they would block Microsoft though...
 
It seems to me like it is 'end to end' encryption (noting the article is concerned that a corporation may not be privy to what is happening on their network).

I'm not sure how I'd confirm that though.

This is just me wanting an easy way to assist friends and family, and I wanted to know that I wasn't hanging it all out there for the whole internet to see per se.

Thanks for the replies everyone.