> AnyDesk spokesperson Matthew Caldwell did not respond to an email from TechCrunch. CrowdStrike, which is working with AnyDesk to remediate the cyberattack, declined to answer TechCrunch’s questions when reached Monday.
> AnyDesk did not respond to questions asking if any customer data was accessed, though the company said in its statement that there is “no evidence that any end-user systems have been affected.”
> “We can confirm that the situation is under control and it is safe to use AnyDesk,” AnyDesk said. “Please ensure that you are using the latest version, with the new code signing certificate”.
Mmm. If I were an AnyDesk customer I'd definitively want more details on what actually happened before I used their software again.
>AnyDesk did not respond to questions asking if any customer data was accessed, though the company said in its statement that there is “no evidence that any end-user systems have been affected.”
In my experience, this answer is equivalent to "Yes, customer data was accessed".
If it wasn't, they'd say something like "We have no reason to believe customer data was accessed", instead of trying to shift the focus to whether or not end-user systems were caught up in the blast radius.
Sad that what we white wash with the label "PR" or sometimes a hair worse "spin" is actually misrepresentation and dishonesty which is so pervasive (and therefore actually horrible) in corporate culture that it is totally normalized. I don't care if every country in the world does it, it is not okay to deceive, twist, and spin things.
If (huge if!) those screen shots are legit, then Anydesk was storing passwords in cleartext or equivalent; many of them are far too random to be bruteforced so quickly.
The last one, where both the domain name and password start with QR, makes me think the screenshots might actually be legit.
The vagueness of end-user is also a little concerning, are they using it in sense a lot of corporate it folks do to mean employees, or are they implying their customers are their end users.
"Apache Guacamole is a free and open-source, cross-platform, clientless remote desktop gateway maintained by the Apache Software Foundation. It allows users to control remote computers or virtual machines via a web browser, and allows administrators to dictate how and whether users can connect using an extensible authentication and authorization system."
RustDesk is often mentioned as an open source alternative.
It has a bunch of weird code smells that make me a bit hesitant to use it for supporting family members, but it seems to work well from what I read from others?
I use Teamviewer quite regularly, but that has some issues with Wayland. Free for personal use, but closed source with no self-hosting capabilities.
I've used TeamViewer, then AnyDesk and now RustDesk. TeamViewer and AnyDesk are both German companies.
RustDesk works really well and is fast. I switched from TeamViewer because they wanted money. I switched from AnyDesk because it gave me more problems with disconnecting, has the worst UI of the three and sometimes my screen would be a minute or more behind what the host was seeing.
There's a lot of "just make it work" code in there. A "customer said software didn't work in China because of a missing cert, now importing cert on startup and it works" kind of deal.
For a while it used `sed` to disable Wayland on Linux in a way that only applies to Gnome (specifically on Ubuntu and a few other distros). The code also has a bunch of other exec()s with several commands piped into each other to parse the output.
None of it seems ill-intended, but it's code I would straight reject if I would be tasked to review it.
Somewhat cross-platform (I mostly use Windows)... I use Tailscale (or just wireguard) and RDP. RDP works great on Windows and is gaining more support in Linux. VNC works as a fallback, but is slow compared to RDP.
Not free, but I was using Remotix until they got bought out by Acronis who haven't really done much but increase the price and rebrand it (really long name "Acronis Cyber Protect Connect"). It does work on Linux and MacOS but I always found the performance to be lacking and the UI is workable but not great.
MeshCentral is great, just migrated all my rustdesk setup to it.
I mostly use it for family remote support and things tho, performance isn't amazing but it's plenty good.
Also supports things like relaying over an agent, hardware key authentication, file browsing. It's a little wonky in spots but overall it's such a great piece of software.
I was using TeamViewer on Linux fairly extensively over a decade ago, and I don't really recall having issues with it. I haven't used it much recently.
Teamviewer is a no brainer, cross platform, to handle my retired dad's computer on the other side of the country and/or customer's screens on the other side of the world.
Teamviewer hasn't worked for me in years. At some point it started to claim I was using it for commercial purposes, and even after convincing support that this wasn't the case, I've never been able to maintain a connection for longer than a minute since.
I use SimpleHelp; it's a self-hosted Java server and clients have to install an app; works on Windows and Mac and Linux. It's over port 80+443. Not FOSS.
Suppose I have a computer at home I want to be able to access from anywhere in the world. I can pay a host, a vpn, something like aws or resort to proprietary solutions like teamviwer or similar options. I don't want to resort to any of these alternatives. I want something that is both open source and that I don't have to pay for. The only solution I could find was tor (or maybe i2p) which has its own downsides: high latency, low bandwidth and requires special tools. Is there any possibility I'm not considering?
Any reason why you can't run a VPN server in your home environment? I run wireguard and OpenVPN at home on my router. I don't pay for static IPs but they rarely ever actually change.
Well, I don't have the need for Remote Desktop. I use SSH, Linux Shells, Bash, Byobu, or my web servers running at home and serving stuff through the browser. I have two Remote Windows Laptops that I administer with the standard Windows Remote Desktop.
> AnyDesk did not respond to questions asking if any customer data was accessed, though the company said in its statement that there is “no evidence that any end-user systems have been affected.”
> “We can confirm that the situation is under control and it is safe to use AnyDesk,” AnyDesk said. “Please ensure that you are using the latest version, with the new code signing certificate”.
Mmm. If I were an AnyDesk customer I'd definitively want more details on what actually happened before I used their software again.