If you're using the Remote Desktop client on a Windows 98 laptop over a wireless network to access your Windows XP desktop are you making your entire system vulnerable to cyberterrorists even though you're using wireless encryption?

There are several different issues to consider here. Windows XP, when properly configured and with current security patches installed, is a pretty secure operating system (remember that no operating system is or can be completely secure). The Remote Desktop Protocol (RDP) is vulnerable to a cryptographic flaw that creates a security vulnerability. Everyone who uses Remote Desktop should apply the following patch to the XP machine [if you have not already done so.Download it here:]

The biggest security concerns with this setup are the Windows 98 operating system and 802.11 wireless networking. Windows 98 was designed as a consumer operating system (OS), not a business OS, and it is inherently much less secure than Windows NT, Windows 2000 and Windows XP.

For example, you don't have to log on to the computer. Of course, this doesn't matter as much if the computer is physically secure. That brings us to the wireless network. "Out of the box," 802.11b wireless networking equipment is notoriously insecure. Most wireless access points don't enable encryption by default, they broadcast the SSID (the name of the network, which is needed to connect to it) and use a standard (well known) administrator password. All of these defaults need to be changed. Even if you do this, WEP (Wired Equivalent Privacy), the wireless encryption protocol, is vulnerable to a smart black hat hacker.

The distance limitations of the technology (about 300 feet with normal antennas) provide limited security. If you're in an apartment building, someone next door can easily pick up the signal. Even if you're on a large estate, special directional antennas (called a "Yagi") can be used by hackers to greatly extend the distance and pick up the signal from much farther away. The bottom line: wireless shouldn't be used for transferring sensitive data unless you invest in extra security measures like application layer encryption and authentication. That doesn't mean wireless is worthless. It takes a lot of time and trouble for a hacker to crack the WEP key and access your wireless data. Most home users don't have data that makes that worthwhile.