Remote access is something of an occasional tool for most people. They might use it to help mom find that website, but for us in I.T., this is a fundamental tool, nearly as important as a web browser or a file manager. I’ve written about other tools, such as Logmein, that abandoned it’s free users, only to jack up the price of its flagship product; for some by more than $6,000 a year. But, here’s the thing, spit on your users, turn your back on them if you want, but if gouging is your thing while outfitting a swanky headquarters with all the bells and whistles. Come on.
And this is an overall trend of super-expensive remote access software has intensified. For Teamviewer, you’ll pay $123 a month or more for a reasonably allotted license. Most major remote access tools are very expensive while, thankfully some of the open source tools have been maturing. Why this is not fundamentally a feature inside of the Windows operating system (outside of the 1990s era RDP admin crap), is beyond me. This should be a teamviewer-esque utility that we can enable with two-factor on every Windows box.
Enter ScreenConnect, something we’ve utilized for many years. It’s a tight package of tools and it gets the job done. If I recall, we’d use d the tool when it was reasonably priced. I’ve written about how to install and use Screenconnect too. It’s something that has preformed solidly, even though hosting was forced on the Windows platform away from Linux, but that was a minor bump in the road.
For ScreenConnect, CWL has paid almost $5,000 over the last five for the pleasure of using the software. This, keeping in mind, is self-hosted. So Connectwise, the company that makes ScreenConnect, does not need to provide any hosting servers, no CPU cycles, no bandwidth, nothing but the software. Okay, maybe this software is “worth it,” but what you should know also is security updates are wrapped into the update model. So, your safety while hosting the software is pay-to-pay; and wow is this unsafe. We learned this lesson back in early 2024 when a major authentication bypass vulnerability popped up. If you were not paying the many thousands asked to keep the product current, you would not get an on-premise security update. Well, the backlash was intense and Connectwise relented, offering an update at the time for free (It didn’t matter for us because we’d already paid).
When I think about this tool that makes many thousands off incremental updates but offers no Linux version, no docker version, limited support for anything other than what is packaged in ConnectWise’s suit of tools. These folks don’t seem to innovate much because they don’t have to.
Recently, we found ourselves in a tricky spot. Our server was eligible for an update to 25.1.7.9171, but ScreenConnect had released versions that blew past that, sitting at a latest version of 25.1.10.9197. Our current version was 24.4.4.9118, so while in the process of migrating to something new, we wanted to keep this as updated as possible. However, on the download site, the only version they provided was 25.1.10.9197, something we’d have to pay $1,624.18 USD to get as a stop-gap. All we needed was the newest version possible (for now). ScreenConnect used to always provide recent installer releases on another page – but that was ripped off their site leaving a 404 error.
I emailed the company to get the most recent release possible (before the current one). The request was simple,
Can you please provide a link for build 25.1.7.9171 (or the most recent release that was no higher than build 25.1.7.9171) of ScreenConnect? I don’t see it on your site anywhere. I would like to update my server to the latest possible for now.
Gosh, not simple at all though. Throughout he many replies, there was not one straight answer. The first one being an inane regurgitation of “Download it here,” even though I had explicitly said it wasn’t available on their site:
I replied again trying to further clarify that this didn’t answer my question and that I simply needed the version I was requesting. That it’s always been the practice of the company to make available recent releases. The next reply was somehow worse than the first:
So, no answer to my my request after several replies. Worse than that, I had no idea if they were even clear about what I wanted or were willing to fulfill the simple request of obtaining the newest version of the software we paid for. After several messages and a new support ticket, my request was finally fielded by someone who apparently had the answer:
It did turn out I had the newest possible release. The newest version had simply leapfrogged past my eligibility, which itself seems questionable, but there were no releases in the middle I could use. This, of course, could have been the first response from them, but it wasn’t. It was an auspicious end for us and hosting this company’s software. The net-effect here is that we’ve had enough with ScreenConnect. We’re moving away from the platform.
Another Security Hack
By late April, I’d understood that my instance was getting older by the day. While moving devices off the platform, a noted arrived from Connectwise about a security issue.
ConnectWise has issued a new security bulletin on our Trust Center concerning a security fix to ScreenConnect versions 25.2.3 and earlier. ScreenConnect versions 25.2.3 and earlier versions can potentially be subject to ViewState code injection attacks. This notice contained a somewhat vague reference to an out-of-band update from the group. This mention looked like this:
If you elect not to renew maintenance, we have released free security patches for select older versions dating back to release 23.9. Versions of ScreenConnect can be downloaded from the ConnectWise website. The updated releases will have a publish date of April 22nd, 2025, or later. Partners on a version older than 23.9 will be able to upgrade to 23.9 at no additional charge.
I wasn’t the only one unsure whether there might be an update for those of us not without maintenance. Looking at the referenced website, there was download for 24.4.10.9243, which would upgrade me past the current 24.4.4.9118. I downloaded this and started the upgrade process and was presented with this message from the installer:
At this point, it wasn’t clear if running this update would kill my active license. I wasn’t the only one, as other’s on Reddit were unsure too. Few were willing to take the chance. Since I could create a backup in case something went wrong, I just did the update. Thankfully, it didn’t mess up the current license and the update went through:
Our migration off Screenconnect continues. The landscape of these tools seems to narrow more and more. Is there a Canadian company that can build a remote access tool? Be sure to let me know if you’re running an instance of the software.