Remote desktop applications are widely available; most lists are exhaustive with a surface-level overview of features and functionalities. With security becoming a growing concern in our daily lives, we must ensure that the applications we are using to establish a connection into our computers are secure and transmit information securely.
Here, we look into some of the most popular remote desktop softwares and the security level they provide. This list is inspired by outright free or "free for personal use" remote desktop tools.
Note: With the exception of one tool, all of these tools are multi-platform.
Microsoft Remote Desktop
We begin with Microsoft Remote Desktop. If you are only looking to connect into Windows-based PC's with Professional Edition licenses, Microsoft Remote Desktop is the perfect choice [albeit with some additional set up for access outside the local network].
Encryption
Microsoft Remote Desktop uses the SSL/TLS standard encryption. That is, the session should be using at minimum an AES-128 encryption. There is not any indication to confirm the minimum session encryption Microsoft requires; however, given that the web is using SSL/TLS with a minimum of AES, there is no reason to assume otherwise.
Note: In Microsoft's documentation, they implement the RDP protocol using RC4 56- or 128-bit keys; the level of encryption is decided by the administrator. This is used in environments with centralized host, mainframe, or terminal-based [or simply Windows Server's].
Authentication
Microsoft Remote Desktop supports 2-factor-authentication [2FA] or multi-factor-authentication [MFA] in environments leveraging Active Directory [enterprise use].
For home use, the authentication is the login password to the user account on the PC.
Privacy
The host privacy features Microsoft Remote Desktop includes is a Blank Host Screen feature where the screen will remain locked when the user is accessing the PC. This ensures that anyone attempting to watch the screen - while you remotely control your desktop - cannot.
Data privacy is a different issue. This falls under Microsoft's privacy practices and, depending on your feelings towards Microsoft, the data collected following a session might not be preferred.
Chrome Remote Desktop
Chrome Remote Desktop is a multi-platform remote desktop tool that can be used so long as you have Chrome installed with the extension. To get access to your PC's, you will need to login using your Google account.
Encryption
Chrome Remote Desktop uses SSL/TLS. At the very minimum Google secure the session with AES 128-bit encryption; AES 192- and 256-bit encryption standards are supported as well.
Authentication
An advantage of using Chrome Remote Desktop is that if your Google account has 2FA enabled, then you have 2FA to secure unauthorized account logins for your remote desktop client.
Additionally, an authorization password could be created to access your desktop.
Privacy
When you log into your computer remotely, curtain mode blanks the host screen to curb anyone with physical access to your computer from seeing what you are doing.
With respect to data privacy, Google routes the traffic through its own relays and stores session statistics. Just as Microsoft Remote Desktop, you are bound by Google's privacy and data collection practices.
RealVNC
RealVNC has made available VNC Viewer and VNC Server free for personal use. This is a multi-platform remote desktop tool requiring the installation of its own software on your device, and an account if you choose to access your computer outside of the local network.
Encryption
RealVNC advertises their encryption standard as AES 256-bit; that is true only if you have an enterprise license. The encryption used for remote desktop sessions of any other plan is AES 128-bit.
RealVNC also leverages RSA 2048 public key encryption for protecting authentication credentials.
Authentication
RealVNC supports 2FA/MFA for its accounts, increasing the security of your account and access to your PC. Additionally, desktop authorization passwords must be set within the server application and supplied by the client to gain access to the desktop.
Privacy
A blank screen feature is available with RealVNC's tool. However, this feature may or may not be available depending on your system hardware.
Data is collected from a session and deleted following connection termination as long as the user does not agree to "Send Usage Data" or is not signed in. Otherwise, the data sent to RealVNC includes:
- IP Addresses
- Machine name, brand, model, and manufacturer
- Frequency/usage
- Software version
- Subscription information
- Network name
- Other session specific information
The data is used to improve the software product, service, and more.
AnyDesk
AnyDesk is a multi-platform remote desktop tool allowing you to connect to your PC from anywhere. To use this, you would need to download the tool [which is free for personal use]. AnyDesk is one of the few tools focused on providing the best security.
Encryption
AnyDesk uses TLS1.2. The session is AES 256-bit encrypted and authenticates both the encrypted and unencrypted data for added security. This is called AEAD verification.
Authentication information is encrypted using one of: RSA 2048 bit; or Epileptic-curve Diffie-Hellman 256-bit.
Authentication
AnyDesk user accounts can be secured using 2FA/MFA, reducing the risk of unauthorized access to an account. Also, a password could be set for further authorization before a connection could be established with the remote PC.
Privacy
AnyDesk supports a blank screen privacy mode [just as the others].
The data collected by AnyDesk following a session:
- IP Addresses
- Machine data [incl. screen resolution & CPU]
- Duration of the session
The data collected is used to improve the software and monitor contract performance.
TeamViewer
TeamViewer is the last and one of the most popular multi-platform remote desktop tools on the list. Just as the last few options on the list, you would need to download the application to your device TeamViewer Server and TeamViewer Client and create an account.
Encryption
TeamViewer uses AES 256-bit to encrypt the remote session. Authentication information is encrypted using 2048-bit RSA public key encryption.
Authentication
TeamViewer user accounts, just as RealVNC and AnyDesk, can be secured using 2FA/MFA. Desktop authentication passwords could be set for additional verification.
Privacy
TeamViewer, like its alternatives, includes a blank screen feature for added privacy.
The information collected by TeamViewer following a session:
- IP Addresses
- Location data
- Device ID [generated with the device MAC Address]
- Session data
- Screen name
TeamViewer also connects the software download with a Google Analytics ID for website usage tracking.
Note: TeamViewer software versions ranging from version 8 to version 15.8.3 have had critical vulnerabilities; and there was a major breach in 2016 which was undisclosed for years.
You cant go wrong with choosing any one of these remote desktop tools. The tool you choose will depend on how comfortable you are with some of the information being shared as well as your platform.