Windows "Quick Assist" - Secure Enough?

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

G

GregM

Member
Dec 6, 2020
19
2
I just discovered MS "Quick Assist" on Windows 10 the other day and tried it out.

It seemed to work smoothly - (quite well actually) - when assisting a friend.
Normally I'd have used something like TeamViewer but wanted to try this out.

I found some info on it here: https://www.steeves.net/news/windows-10-quick-assist-remote-assistance-app/

Looking at point #2 under the "Does Quick Assist Leave Your Enterprise Exposed?" header:

2. Most firewalls & NAT will be bypassed – Quick Assist connects to a central Microsoft support server using the port 443 (for both sides of the assist connections), as such this will bypass most existing firewalls and NAT.
Click to expand...

Now I understand the article was written from an enterprises perspective; that's not what I'm looking at here.

I've never really trusted RDP, and after 'Blue Keep' feel justified in this.

This is different though is it not?

. . . being that port 443 is used for secure connections . . . after being connected with the assistance of the central Microsoft support server, is our connection (still?) secured?

If not, how is this different than say what TeamViewer, Anydesk, or any of the others that are out there are doing when we exchange ID numbers and passwords?

Thanks for your consideration.
 
  • Like
Reactions: garryweil
That article, being Enterprise focused, is noting that by using SSL for the connection, there is no way for the Enterprise monitoring tools to track/control the connection. It could be used to exfiltrate corporate data say. Assuming that MS is playing proxy in the middle, you connect to their server as does the client you are assisting, then to me, the only risk is that something malicious at MS could tamper or record your session. That seems little different from other providers in this space, you end up having to trust someone. (I guess they could be doing end to end encryption...? I don't know enough about their protocols.)
 
Being in an enterprise network I would suspect that they already have their cert in you cert store and can thus see your content regardless. Correct?
 
I didn't write the article so I don't know their motivation for being against the Microsoft solution. Some enterprise networks don't bug every PC, they just block most services. It would seem unlikely they would block Microsoft though...
 
It seems to me like it is 'end to end' encryption (noting the article is concerned that a corporation may not be privy to what is happening on their network).

I'm not sure how I'd confirm that though.

This is just me wanting an easy way to assist friends and family, and I wanted to know that I wasn't hanging it all out there for the whole internet to see per se.

Thanks for the replies everyone.
 
You must log in or register to reply here.

Similar threads

C
KDE Connect windows version might support Apple device
Replies
0
Views
268
Software
coffeeprogrammer
C
M
InSpectre & Windows 11
Replies
2
Views
3K
Software
Michael
M
Duckpaddle
Looking for a Windows Newsreader
Replies
0
Views
737
Software
Duckpaddle
Duckpaddle
D
Desktop Image software (windows 10)
Replies
18
Views
3K
Software
Ralph
R
C
Windows Hardening
Replies
9
Views
2K
Software
CredulousDane
C
Top Bottom
Back