Upgrade by uninstalling
No security software is far better than this piece of crap. At least by going bare, the user would be a bit more cautious rather than relying on the AV to protect them.
Really, remote support should be relayed through an SSH connection with the support person sending their public key to the user to be supported. The support application would then add that to the authorized_users file, which is normally left completely blank. The support certificate would be created by a CA set up for that purpose and its public key added to the AV product. This way, the VNC server remains fully secure until its needed, and when they do connect, bot ends can be validated. No passwords to deal with, just secure connections. And the certificate the support person is using could be made single-use by revoking it once the end user confirms the ticket is closed and the issue fixed.
Biting the hand that feeds IT
