P2P misconceptions (rant mode 110%)

Hello,

Bear with me before i present my case.

I have ceased my participation on another security forum due to a clash of cultural / intellectual differences in thinking regarding the P2P applications.

The story goes like this: in the context of web security, several people mentioned P2P programs as the source of all evils and they should be avoided at all costs. What angered me was the active tense used to describe the P2P programs as in: P2P apps can infect you...

Then, stealing was mentioned. Using P2P is stealing. It is illegal....

I objected to these claims, since P2P is a LEGITIMATE protocol, just like any other protocol, used for transferring files over the web. Then, the issue of getting infected. People infect. Not computers. Computers do what we tell them.

But the idea does not seem to get through. Hell, I was even told that since the servers of the forums are on the US soil, the talk about P2P, which is supposedly illegal over there, is risky and can quickly transform into links to cracks and such... In the context of my post... To say the least, I was offended.

So here's the message I wish to convey:

P2P is legitimate. Maybe Big Brother does not acknowledge it, but no one cares. P2P is widely used to share, for instance, Linux distributions all over the world and is one of the more effective methods of doing so.

P2P is not dangerous. Stupid people are. Downloading cracks via browser, email or P2P client is the same. Only interfaces change.

P2P does not infect you. Stupidity does. Sharing your system folder, downloading executables called downloader.exe and such is stupidity. And apparently, it's easier to be stupid using P2P than browser.

Stealing has nothing to do with P2P. It has to do with the morality of a person. It's a choice. Not the Satan made me do it kind of thing. No one forces you to download music or movies.

Regarding music and movies, there are music and movies made outside of Hollywood. For example, Czech movies, French movies from the 50s and 60s, and so forth. Obtaining these is extremely difficult. And yet they are alive due to P2P. P2P helps keep old, forgotten items of culture stay alive. It increases the international cultural exposure.

P2P apps come with bundled crap. Some do. So? There are tons of shady security programs, bundled or falsely advertising their abilities. Does that mean that anti-spyware programs are evil, because there are hundreds of bad clones out there?

When you download one such and ruin your machine, you cannot blame the technology for your inability. YOU downloaded and YOU ruined your computers. If you don't know otherwise, stick to bricks. Licensing people to use computers sounds like a good idea. Don't know what anti-virus is? Tough. Don't use one then. Or learn.

Next time you read a post or hearing some saying how you get viruses and trojans through P2P - hence the P2P is evil - means:

That person is the thief against which he advocates. probably having tried and having his fingers burned.
That person lacks the knowledge and discipline to be allowed to use the Internet.
That person lives in a corporate dream.

Cheers,
Mrk

 

Mrkvonic, I'm in total agreement with you.
How would I get some of my files without it. Example, the Security Gateway virtual appliance from Astaro Internet Security or Virtual Appliances from VMWare Market place, Linux distro...the list goes on to cultural films and music as you already noted.
P2P is legit.

 

While users can work towards bad ends using P2P, you can do the same with ftp, http, email, Windows Explorer, you name it. P2P approaches certainly tend to be an efficient mode for dissemination, nothing more. P2P itself is valueless.

I guess if the argument is made that P2P programs will infect you and therefore should be avoided at all costs, then by logical extension every browser, email client, and ftp client should be avoided as well (that's really the only internally consistent position). They all can be, and in fact are, used to unfortunate ends.

Blue

PS - if you do happen to remove all P2P, browser,email client, ftp client, etc., programs from your machine, you will certainly be rather safe. Of course, you might well just unplug from the Internet as well and be done with it....

PPS - I'm not a heavy P2P user, but on occasion, it's the most appropriate tool...

 

I 100% agree with you.

Its not just the narrow minded people, but its the Media and the Corporations who are feeding them Misinformation, for example

Look at www.fact-uk.org.uk they very cleverly mention, "illegal trade", "Raising the awareness of the impact of this type of crime", "the purchase of these products sustains this illegal activity and generates proceeds of crime"

BUT burried at the bottom of the page they then say:

"it is not an offence to buy pirated DVDs" - the distribution and sale is though.

You can see why people get confused on matter, on UK law alone, not considering international variations !

Infection - not because of P2P - if someone emailed you the same file that infected you via P2P you would still get infected when you open it.

Stealing - depends which country you are in, UK copyright is not covered by any criminal law (which stealing comes under), another country it could be.

Blaming the P2P app is like saying guns kill... (its the person who pulls the trigger that kills).

P2P apps come loaded with crap, same happens with any software, what about MS onecare toasting your inbox recently ?!?

 

I had to get rid of my satellite tv. Therefore, I remotely log into my home computer from work in the wee hours of the night and start downloading tv shows such as 24, Battlestar Galactica, Heroes, Lost, after they air and they are done by the time I get home from work. They are downloaded through bittorrent and the quality on my LCD monitor rivals broadcast tv. People around the world are also able to do this. It has made a lot of American shows reach worldwide popularity.

This is absolutely legit, especially since more and more tv shows are being streamed over the internet from ABC, CBS, NBC and FOX.

I have never received malware from the USE of P2P. And neither will you. Only from what you download. These people are not real security gurus if they do not know this.

 

I wonder, if you could send me PM with the link of that forum, so I could avoid it.
I use p2p for years and I downloaded malware just once, called hacker's ebooks & tools.
P2P is not more risky than visiting an unknown webpage, it is a user, who opens the door.
P2P or HTTP, both contains illegal & infected stuff, there is not a clean protocol these days.

I am with you, I know that feeling, when I read it, I just roll the eyes and go away.
It is like browsers, people get infected via them, because they have no security at all.
Free porno?! It is a myth, people will pay it, one way (malware) or another (keyloggers).
Simply put, blaming software, protocol is easier than a user blaming himself for his mistakes.

 

youve made some good points Mrkvonic and i wholefully agree with them.

also id like to add, not all the warez, porn, and other stuff is infected. it is illegal but not necessarily malware.

overall, i think people overexaggerate the dangers of p2p and like as been said, the blame should be placed on the user.

 

OK sorted that.
Now recommendations for best tool ??

 

People WILL continue to say those things, including here.
There's nothing we can do.
Don't leave us Mrk!

Fortunatly, not everyone is like that, and many have the ability to change opinion, once there's a discussion, and they read the other side's arguements -it's only a program, using a protocol, to download; the problem is what you choose download, or what program you use.

 

Hello,

Worry not! Wilders is a great place. Security aside, one of the best forums I have come upon, in all categories. Such a fine variety of minds, cultures, opinions.

The incident occured elsewhere. Not here. Cannot happen here.

Mrk

 

I won't get into the copyright end of this, since in many countries the governments themselves haven't yet sorted out what the "official" line should or will be.

As for malware, I agree that it's a combination of malevolent people plus lack of common sense and security by the user, rather than anything inherent in, say, P2P applications. I don't know what specifically was said at the forum you referred to, but one of the reasons P2P has in some circles gotten a bad name is that it's become a popular and convenient channel for spreading malware, much as email used to be.

It's essentially the same problem as with Win and IE -- sure, they both have horrible security holes still. But the other reason there are so many security problems with Win is because it's still (unfortunately) the most widely used OS in the world, and therefore a natural target for malware because of the much larger number of potential targets.

 

IMHO, P2Ping is safer than browsing. P2P apps don´t have to deal with scripting, remote code execution and such.
Safe P2P use requires the same things that safe browsing:
- Secure apps (Emule, Firefox)
- Whitelist (server list, NoScript)
- Blacklist (Bluetack, SpywareBlaster)
- Common sense (what can I download, where I can go, what can I expect if I do this thing, etc)
- Discipline/care (VM, sandboxes, etc)

P2P has given me access to worldwide culture, period.

 

That says it all in a nutshell, you should have just left it at that. I agree 100%

It amazes me also that in the "information age" there are still so many stupid people out there. If they could be bothered to spend merely a fraction of the time they spend "pimping out" their myspace profiles to research this stuff... these problems wouldn't exist. But I guess they have their priorities.

But the bottom line is that there ARE a ton of stupid people out there, that is inevitable, so P2P does pose a problem non-the-less (regardless of whom is at fault for it).

 

It's not so much that people are stupid, many of the ones you are talking about are certainly not stupid by any objective metric. They are uninformed and/or misinformed. There's a big difference in intelligence and subject matter ignorance. Further, that difference not only influences the way you approach the issue, but also in how you approach a simple discussion of the issue. The major problem you have is the unwillingness of people (in general) to admit the limitations of the scope of their knowledge.

Blue

 

Agreed
The only way to learn something is admitting that you know next to nothing.

 

Hi

This is not stupidity, it's called arogance.

Cheers

 

Is that not a pretty text-book example of stupidity?

 

Not necessarily.

People "learn", "observe", or "study" many things throughout the day and throughout their lives. From a personal perspective, I've found that the more you learn, the more likely you'll be performing continual reality and consistency checks on your knowledge without external prompting.

You won't assume that the most recent factoid to pass by your ears is the complete story with respect to some topic. Very intelligent people learn information, learn it well, and practice it well within the target scope of that content. They're not stupid by any stretch of the imagination. However, you can be smart and start to unknowingly apply knowledge outside of it domain of applicability. Is there a distinction between this type of behavior and stupid? In my own experience, the answer is yes.

It's not simply a semantic nicety. If you explicitly provide the background context as to why the scope of their knowledge is constrained and therefore not applicable to the task they are trying to apply it to, they will generally step back, reassess, and readily incorporate this new knowledge appropriately into their actions. Those that are genuinely stupid are simply not able to crack through this dynamic reassessment of facts and context.

It comes down to really being able to separate what you know, from what you think you know. It's not always easy, and even the intelligent can confuse the two.

Blue

 

Hi Blue,

Nicely put.

I've always admired your lucidity - despite our recent difference of opinion

Regards

 

I'm sorry but I consider it stupidity to assume that you know everything and to let your guard down as a result of it. Even if the person is book smart and/or possesses a great deal of knowledge on the subject, there is still some degree of stupidity involved to assume that you have all the answers.

Not to mention arrogance

 

I do agree that there are way too many P2P misconceptions, however, not meaning to be too harsh in what I am saying, I recently had an altercation on another forum, that also specialized in the same area as the one where you came from, about whether or not *nix was more secure then windows, and the owner of the forums told the original poster that there was "lots" of spyware for linux . The people merely refused to accept new ideas. This same dispute came over whether outbound is really an effective solution to malware. Quite quickly, both threads were locked when the discussion became to heated for the admins (who just as willingly partook in the disputes back and forth).

I no longer visit that forum (or really did that often anyways or am allowed to because of my disagreements ), but I see it as a very common thing to blame certain things as where malware comes from, when in fact all security is is common sense and the user operating the system (nice play on words ).

Unfortunetly, people in those forums while they do do some nice things for others, tend to over generalize about certain issues, and some of it comes from the training they receive and what they are told. However, it works half-way decently I guess, but when you see repeat victims posting, you tend to wonder what went wrong? Sure, downloading files that were coolMusic.exe instead of there favorite mp3 helped contribute to the factor, but that is user ignorance, and education is definetly the best way to go about solving malware problems.

Oh well, this is a nice rant as well, but I agree whole-heartedly with your post and the points you make.

Cheers,

Alphalutra1