Does legitimate tech support use remote control software?

Yes, it is normal for legitimate tech support to use remote support tools. It's far easier than trying to blindly walk someone through a complicated series of technical steps. Companies like TeamViewer exist because of this reason.

The risks of the software are:

  • having a persistent "back door" into a system, but there are security measures in most software to limit this
  • vulnerabilities in the software that could be exploited by others
  • a malicious tech support user using legitimate access to create harm

There are several functions in remote support tools besides cursor control that could also create secondary problems, like being able to upload and download files.

As long as all that is enabled is "remote viewing" or "screen share", your risks are limited. The more control you give, the higher your risks.

Yes, they do. A key difference is that typically you have initiated the session by asking them to help you. In order to do that they may ask you to launch a remote control tool, as it's both easier than assisting you on the phone and faster and more cost-effective than bringing the device in.

Commercial products available for this, e.g. TeamViewer (possibly branded), are designed to be transparent e.g. by avoiding persistent access (periodically changing passwords, verification to allow remote control session), showing dialogs of background actions like file transfers etc.

On the other hand, both legitimate and malicious actors may use the same tools:

  • A legitimate tech support might not be competent enough to use proper tools in a proper way, which may leave the computer more vulnerable to malicious third party actors. E.g. a password giving persistent access to a computer may seem convenient from their perspective, but such a password may leak, leaving their customers compromised.
  • Criminals use the same tools to look more trustworthy. They are skilled to act naturally and may seem to help you by solving actual problems and do their malicious actions in the background.
  • An individual employee on a legitimate tech support might abuse the position & trust. Although they eventually get caught, there's still such possibility. Just like a phone repair guy may steal your intimate photos while repairing a broken screen.

If you haven't genuinely initiated the session with a support you have chosen to trust (or otherwise know they should be actively monitoring your systems, as pointed out by @Draco-S), don't allow remote control.

  • If someone calls you to tell you have problems with your computer and offers help through remote control, it's a scam.

  • If your computer screen says your computer is infected and gives you a number to call or a remote control program to execute, it's a scam.

  • If you suspect something is wrong, contact someone you trust, instead.

With a legitimate tech support you are entitled to question their actions and ask them to explain what they are doing. You could also ensure the remote control tool is turned off / deactivated / uninstalled after the session.

The short answer is “yes, with some caveats”.

The long answer is yes, but you have to ensure that prior trust has been established with the support agent by ensuring one of the points is true:

  1. You have initiated the support call. For example, you call Microsoft, Dell, HP etc. and they ask to connect to your computer. This is safe because you know who are you calling.
  2. You have logged a ticket and received an expected callback. In this case, the agent will need to confirm the trust by providing you with the details only a legitimate party will know, like the ticket number, your name, case details etc.
  3. You have prior trust with an agent, for example, it's your company's IT department or an outsourced contractor that has access already.

There was an opinion that you must initiate the support case. This is not true, strictly speaking, especially for option 3 where your computer is a managed one. I have, on multiple occasions, called customers based on alerts raised by our monitoring software. But in this case we already have a remote control agent installed on the computer and call them to advise of the issue and notify that we need to take control.