- How To…
- Installing Mac OS X
- Exploring the Finder
- Configuring System Preferences
- Managing User Accounts
- Managing Files and Folders
- Securing Your Mac
- Application Tips & Techniques
- Utilities Tips & Techniques
- Apple Hardware
- Menu Master 1.2
- MacWireless 11g PC Card
- ChronoSync 3.0
- DejaMenu 1.2
- Endicia for Mac 2.5
- EyeTV 2.0
- VersionTracker Pro 4.1
- Squeezebox 3
- WhatSize 10.2.6
- AppZapper 1.3.1
- DeskPicture 10.02
- Full Tilt Poker
- Portable Handles
- PowerSquid Surge3000
- Firefox 2.0
- USB 2.0 Universal Drive Adapter
- Back-UPS RS 1500 LCD
- Google Desktop 220.127.116.11
- Google Earth 4
- OfficeTime 1.1
- iStat pro 4.01
- PTHPasteboard 4.2.0
- iBiz 3.1.5
- Iris 1.0
- Hazel 2.0.2
- Xspinner 1.0
- Apple Predictions For 2006
- Reviewing 2006 Predictions
- Apple Predictions for 2007
- The Broadband Battle
- Emulating Early Apples
- Tech Tips from a Trip Abroad
- Profiting from the "Macworld Effect"
- Macworld Expo 2007 Keynote
- Tired of Waiting for Apple
- Buying an External Hard Drive
- Things I Love About Leopard
- Macworld Expo 2008 Reflections
- Combo Update 10.5.2
- Things I Loathe About Leopard
Last updated Feb 25, 2005.
According to Apple, one of Leopard’s 300 new features is the ability to use the Finder to instantly initiate a Screen Sharing session with another Mac on your network. Apple suggests you can "change a system preference, publish an iPhoto library, or add a new playlist to iTunes," all of which sound appealing enough. However, there are serious security flaws in this implementation of Screen Sharing that need to be weighed against the convenience of remotely monitoring and controlling a networked Mac.
For Screen Sharing to work from within the Finder, the remote Mac must have this feature turned on. Choose Apple > System Preferences, then click Sharing. If it’s not already selected, turn on the Screen Sharing service (see the following figure).
Figure 467 Only turn on those resources you really intend to share.
If you’re following along, at this point I strongly advise you to allow access only to specific users that you know and trust. Do not allow access for all users! Doing so allows anyone on your network to start sharing your Mac’s screen without providing a password. If you instead allow access only to specific users, anyone attempting to share your Mac’s screen would first need to know a valid user name/password combination.
The most important thing to keep in mind is that changes you make to Sharing preferences affect the entire system, not just the environment of the user currently logged in. In my opinion, this is a horrific security hole because users can be spied upon without ever having personally turned on Screen Sharing (anyone who can authenticate as an administrator can turn on Screen Sharing). Furthermore, it means that any user permitted access to Screen Sharing can log in no matter who is the current user. This is unacceptable! Screen Sharing preferences should be unique to each user, not systemic! If people want to open up a huge gap in their defenses, that recklessness shouldn’t be allowed to compromise your security.
That’s right, Screen Sharing compromises the security of everyone who uses the shared Mac. Even when an authorized user logs in to start sharing your screen, on the shared Mac there’s no obvious indication that anything at all is happening. At the very least you might expect that an alert box would inform the current user of a request to share the screen, letting the user decide whether to allow the remote session to commence. Unfortunately, as implemented, there’s no indication that a sharing session has begun until someone already has access to your screen. Only then does a tiny Screen Sharing menu extra make an appearance toward the right side of the menu bar (see the following figure). The icon is so tiny and generic-looking that it easily blends in unnoticed. If ever there was a case for a subtly blinking icon, I would say this qualifies.
Figure 468 This menu extra is the only indication that someone is accessing your Mac via Screen Sharing.
OK, now that you know how to turn on Screen Sharing on the remote Mac and are aware of the security implications of doing so, let’s look at the feature with a new perspective, and assume you are the one who wants to access the remote Mac. Switch to the Finder, then double-click any volume icon. In the Sidebar at the left of the Finder window that appears, you should see the remote Mac listed under SHARED. When you select it while in column view, a Share Screen button appears below the Connect As button. In all other views, the Share Screen button is below the Spotlight search field in the upper right-hand corner of the window (see the following figures).
Figure 470 The location of the Share Screen button depends upon the view of the Finder window.
Once you click Share Screen, either the connection takes place immediately (if the remote Mac allows all users), or you must first authenticate as an authorized user (see the following figure). From a security standpoint, at least there’s no prompt, so you must know a valid user/password combination.
Figure 471 You must authenticate to start sharing someone’s screen who limits access to pre-approved users.
Once the Screen Sharing session begins, you see the desktop environment of the current user, not the screen of the user as whom you’re logged in. Get this! Even if someone switches users while you’re connected, you follow along and can see the newly logged-in user’s desktop.
If you are connected to a computer with multiple screens, you can opt to see them all in one window, albeit usually at a significant reduction in size to fit everything in the reduced windows dimensions. Or you can choose the desired display in the View menu. You then have the option of turning scaling on or off. When on, the entire remote display is scaled to fit the window. When off, you can see the full-size display but may need to scroll around to see what you want if there’s a mismatch in the size of your display and that of the remote computer.
Of course, Screen Sharing isn’t just about allowing you to see the other Mac’s display, it’s about putting you in the driver’s seat, allowing you to actually control the action. This can be useful if you’re asked to provide technical help, or demonstrate a complicated task. However, conducting such sessions often would be much easier if the participants could converse, but with Screen Sharing, it’s video only, no audio. That also means you can forget about listening to an iTunes collection or watching a movie with dialog, and you’re more than likely to get into a bunch of frustrating struggles for control of the cursor.
When you are done with your session, you can choose Connection > Close or click the window’s red close box at the far left of the window’s title bar. You can also switch to the Finder window with the shared computer selected, then click the Disconnect button to the right. There’s no confirmation dialog (another bad user interface choice), so be careful not to inadvertently disconnect.
Screen Sharing sounds like a great feature, but as implemented has some seriously specious behavior that unnecessarily compromises systemwide security. Fortunately, you can get all the benefits—and more!— of Screen Sharing, with none of the drawbacks, in the new version of iChat, which I’ll cover next week.