"As-is"?
Here is what the FAQ says:
How secure is TightVNC?
Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted (for password encryption, VNC uses a DES-encrypted challenge-response scheme, where the password is limited by 8 characters, and the effective DES key length is 56 bits). So using TightVNC over the Internet can be a security risk. To solve this problem, we plan to work on built-in encryption in future versions of TightVNC.
In the mean time, if you need real security, we recommend installing OpenSSH, and using SSH tunneling for all TightVNC connections from untrusted networks.
So do I need to intsall this OpenSSH in order to be secure?
This confuses me, to be honest.
PK