I'm just getting back into P2P and want to be as secure as "reasonably" possible.
I'm using Shareaza, all three networks.

Using my NAS Box
All files are DownLoaded to external USB HDD. <-- just for P2P
Outpost FW set to "Allow" Shareaza <-- could be better, but I'm lazy
NOD32 scans D/L folder daily
AVG AV realtime protection + daily Scan
SpyWare Terminator realtime, no HIPS + daily Scan
SocketScanner Monitor
CyberHawk
SSM Free in learning mode: Figure if CH & SocketShield doesn't alert. It may be OK.

Is this reasonable?


...screamer

That's when the AS's are useful. :thumb: However, real-time, maybe you got too much, but if the machine runs well, it's just an opinion:)
I got no AS real time, but it's my preference. Prevx1 is there for me.

I've been using SandboxIE, and i got to say, this one rocks, and it's so small!!
Maybe you could use it to open the files inside the sandbox, and check them out, if you feel you must on some cases.
SSM, if you like it, ok, but i would choose between that and CH. So, CH:D

SocketShield/Link Scanner is useless with P2P :)

Security in P2P:
-Only connect to trusted servers/peers.
-Use a IP blacklist such as Bluetack´s lists with PeerGuardian/Protowall.
-Don´t use P2P to download apps and cracks excepting few ones (OpenOffice, Linux ISOs, etc)
-Before downloading anything, check users opinions/ratings about the file.
-If you download documents, PDFs, open them with third-party viewers which don´t allow scripts/macros.

Better approach:
-Use P2P under Linux.
-Use P2P in virtual machines.

I was thinking on what to do when files are downloaded, but Lucas referred to some more important points. Before you download.
I would add download files that have plenty of sources.

I've been getting some Event 1000 errors / NTDLL.dll faulting: I disabled DEP for Shareaza. Is this going too far or should I live w/ the errors?

Give this freebie a try:thumb: After the NOD scan, if your still leary, run it in Bufferzone first!.

BufferZone Security for P2P File Sharing - http://www.download.com/BufferZone-Security-for-P2P-File-Sharing/3000-8022_4-10597240.html

-{ Quote: "SocketShield/Link Scanner is useless with P2P :)

Security in P2P:
-Only connect to trusted servers/peers.
-Use a IP blacklist such as Bluetack´s lists with PeerGuardian/Protowall.
-Don´t use P2P to download apps and cracks excepting few ones (OpenOffice, Linux ISOs, etc)
-Before downloading anything, check users opinions/ratings about the file.
-If you download documents, PDFs, open them with third-party viewers which don´t allow scripts/macros.

Better approach:
-Use P2P under Linux.
-Use P2P in virtual machines." }-

Hello,
That's the best advice you could get. Nothing to do with AS, AT, AV. No different than using any other program.
Mrk

I additionto whats been said, you need to trust the network(s) and application you want to use.
Shareaza is good and stable, when I last used it G1 network suffered from a LOT of fakes, G2 was not popular enough and the Ed2k implementation was never as good as emule/edonkey (not fully featured, imparied download speeds).

Things to look out for in you P2P app:

Block listing (can also be done with another util), useful for blocky bad sources and servers.
Fake lists (version of emule I have pick up common fakes).
Ability to find alternate file names of what you are downloading si useful (emule has this, I cannot remember if shareaza does), if I do a search and get a result for "cool martial art clip" I can lookup alternate names, if its things like "karate clip" and "martial art fight" it should be ok, but if the alternate names are things like "xxx hot sucky sucky" I know that people are spreading fake files.

I run emule as a service and login with a limited user account to check the files out, this means that if my AV doesn't pick the crud up, atleast it can't spread far.

I've uploaded 140 gigs and downloaded 200 gigs (all legal) with emule to date and only had half a dozen files with trojans/viruses and probably 1 in 100 files (after apply my common sense file name test above) is a fake OR doesn't work.

-{ Quote: "
Block listing (can also be done with another util), useful for blocky bad sources and servers.
Fake lists (version of emule I have pick up common fakes).
Ability to find alternate file names of what you are downloading si useful (emule has this, I cannot remember if shareaza does), if I do a search and get a result for "cool martial art clip" I can lookup alternate names, if its things like "karate clip" and "martial art fight" it should be ok, but if the alternate names are things like "xxx hot sucky sucky" I know that people are spreading fake files.
" }-

All great advice. PG2 and fake lists, and looking at the alternate names:thumb:
By the way, "xxx hot sucky sucky" lol

Hello,
Nick what files do you dl / ul?
Mrk

Movies/clips, training videos for the Martial, TV programs like 24, UFC reruns, MotoGP reruns, music, the odd commercial movie, of course i am very careful about what I share (in the UK it is NOT a crime to download)... :D

Hello,
Well, it's curious. I was thinking you were into apps or such, the fact you encountered trojans alongside these. Must have been special files.
Mrk

I do download the odd small file pdf, word doc which can be renamed archive, which nod32 picks up... i'd say the half a dozen that I have downloaded is not bad, as i've been downloading for 4 years :)

Thanks for all this info guys. I'm digesting it.

@Tobacco, I tried BufferZone P2P free. It slowed thing down to a crawl and I had a tough time connecting to the networks. I'll be fine w/o it though.

@MRK : "Nothing to do with AS, AT, AV. No different than using any other program."
Why do you say this? I don't understand... I scan the files D/L'd to the external HDD w/ Spyware Terminator, AVG AS, NOD32 daily.

...screamer

He meant that it's more important how you downloaded them. Before downloading, the measures you take here, are more important.
IMO, it's still good to have scanners to check if the files are ok.

Hello,

What I meant:

People say you need special AV, AT, AS and more to protect yourself if you are using P2P. I say no.

P2P is another way of downloading files. No different than using a browser. Just as you download pigmy.exe from some website, you can download pigmy.exe through P2P.

The dangers are equal. No reason to "upgrade" the security of your system just because you have another vector of download.

What you download matters. But again, it's no different than downloading through browsers. If all you downloads are cracks for software, you're likely to be surprised one day. If you only download movies and music, the chances of an infection are very remote.

Sometimes, the availability of bad stuff through P2P is higher than browser, but not much. You can download cracks through a browser too, by visiting various sites. In the end, what you use and how you use it means everything.

Finally, you have bundled P2P apps, but this is no different than deliberately infecting your machine.

The advice that lucas offered is 99.99% of security:

-Only connect to trusted servers/peers.
-Use a IP blacklist such as Bluetack´s lists with PeerGuardian/Protowall.
-Don´t use P2P to download apps and cracks excepting few ones (OpenOffice, Linux ISOs, etc)
-Before downloading anything, check users opinions/ratings about the file.
-If you download documents, PDFs, open them with third-party viewers which don´t allow scripts/macros.

Not different than wise browsing:
-Only download stuff from sites you trust.
-Use site whitelisting - by limiting sites (no scripting).
-Check rating / opinion about programs / stuff you download.
-If you download documents, use third-party viewers that don't allow / support scripting.

Mrk

Got it, Thanks MrK :)

-{ Quote: "Hello,
Well, it's curious. I was thinking you were into apps or such, the fact you encountered trojans alongside these. Must have been special files.
Mrk" }-

raises hand
aps is what I tended toward at one point
(these days I know more about freeware\opensource alternative so do it less but sometimes its the only way to get ghostware)
but any exe off P2P is a rather opaque proposition, your going to have to trust it or virtualize it, its unlikely to get flagged by a signature scan before an install, and your going to allow it at the HIPS. Studying it in a virtual environment seems prudent