How unsafe is Emule (p2p)?

Hi All

I've been regularly telling (debating with) my collegue at work that using p2p s/w like emule isn't safe. He isn't convinced that there's a significant risk

AFAIK, apart from situation of getting sued for illegally downloading music, you can easily d/l files with viruses/trojans; and the s/w opens up ports on your pc which exposes you to bad hackers/crackers (is this correct about these ports even if its opened by the s/w?).

But beyond this, I can't explain further or in more detail why it's so risky to use. Anyone want to help me out?

cheers
jag

 

EVERYONE THINKS THAT FILE SHARING PROGRAMS ARE BAD. I THINK THAT AS LONG AS YOU CHECK THE RIGHT BOXES ON INSTALLATION AND SETUP, THE RISK IS MEDIOKE. THEN TIGHTEN UP SECURITY OF YOUR PC PROCESSES WITH PROGRAMS LIKE PROCESS GUARD AND WORMGUARD, THEN ADD SCRIPT SCENTRY BY THE GATE, AND TOP OFF WITH GOOD OLD SPYBOT(GUARD/BLASTER). THEN I THINK YOUR PRETTY MUCH WATER TIGHT! ALTHOUGH JUST TO MAKE SURE ADD A GOOD AV LIKE SOPHOS OR PANDA(ONLY ONES THAT HAVE WORKED FOR ME). AM I RIGHT?

 

When I had my computer repair shop I was always having to try and rescue a comp that had been used on p2p networks. In my opinion based on experience I don't think there is a safe p2p out there. Some people will say that I am wrong but my exrerience says I am not.

bigc

 

The topic poster stated that his was a WORK ENVIORMENT...there there wont be an opinion to install extra protection programs......therefore, its only a matter of time.......roll of the dice.....sooner or later...."craps"

what makes me nervous about this post is the "JAG" in the sig.....if the posters friend is in the military..........thats not a pretty thought....a couple of years ago in england (i think) an entire division was infected and part of the Royal Navy....any Brits here to comment on this..welcomed...

 

Don't click exe without scanning first. I've seen KAV, with my own eyes, warn me as a part file - not even an exe yet. I run emule often.

 

HI, as far as P2P goes, WINMX is very safe, no Spyware/Adware, Kazza Lite is ok as well.

You should always have the 3 basic security musts,

AntiVirus -up to date
FireWall - not XP [it only blocks incoming, an not very well]
WinUpdates.

Most users can settle for just these three, although Anti Spyware is almost a must as well.

 

But kazza lite is a cracked version of kazza and is illegal.

[edit] I just saw a web site that claims kazzalite is legal now, but I would be a little wary of it.

 

IMHO, it's best not to touch any P2P program at all. I consider P2P programs as a major security risk.

 

Thanks for the replies/opinions so far.

Just to clarify, I'm not associated with military or anything like that! And while i'm discussing this p2p stuff with a work collegue, he runs p2p on his home machine 24/7.

Actually his argument is that with an AV, decent f/w and anti-trojan, running emule is safe and I'm being paranoid/scaremongering
So what I'm asking whether he's right, or how much he's wrong.

From my limited knowledge & what folks have said, I see 3 main threats:

1. Bad files: the biggest risk is d/l a file an opening it/clicking on it (like an exe) which might be a trojan and u hope your security s/w picks it up. So already u are putting yourself under risk, buy exposing yourself to potential threats. I reckon I win the argument here, and I should send him to the wilders boards to get really scared if he thinks having the right security s/w makes you invincible!

2. Worms: piggybacking on a p2p application. How does this happen and wouldn't it be really difficult to detect as the s/w itself would be opening a port and u wouldn't be able to tell if u are sharing a file or spreading a worm. Is this right, if so, that would another score to me

3. Open ports: exposing your self to hackers. I'm assuming u can be hacked, but is this correct if the p2p program controls the port? Would there have to be a known exploit in say emule for this to happen, or could any hacker get thru any open port?

If all these 3 points (and any more) are true, then I reckon I would win the argument overall that p2p is inherently unsafe. Sorry guys for yet more questions/details, my knowledge is still noobie in these areas

cheers
jag

 

There has to be some kind of exploit, say a buffer overflow for example for the hacker to "get thru". Otherwise all he can do is to upload and download files like any emule user.

 

I could not have said it any better. Needless to say I completely agree

 

IF you use emule you MUST install PROTOWALL and the blocklist manager to stop those hackers...in fact you cannot stop them but you will see a lot blocked.

even without emule this thing is on my puter 24/7 . will not press ON without it starting up, together with the rest. it is now driver based and works flawlessly on my app.

http://www.bluetack.co.uk/modules.php?name=Content&pa=showpage&pid=1

 

WinMX stores P2P passwords in plaintext. As a result, these credentials could be exposed to other local users.
This issue has been reported in WinMX 2.6. It is thought that the issue may have been addressed in later versions, though no vendor confirmation is available.

WinMX is not that safe....

KaZaA, Grokster and Morpheus are file-sharing clients based on FastTrack P2P technologies. They will run on Microsoft Windows 9x/ME/NT/2000/XP systems. Ports also exist for variants of the Linux operating system.
It is possible for a user to craft a raw fake HTTP GET header to spoof the identity of an another existing user via the messaging service offered by vulnerable clients. The host and username in the header most both by valid for this to work.
Clients listen for messages on port 1214 by default, even when they are not actively connected to the service.
Any versions of file-sharing clients based on FastTrack P2P technologies which include the messaging functionality should be considered prone to this issue.
This is a security vulnerability because access control is based on client identities, supplied in the request headers.
Attackers may spoof their identity to exploit V-4122 "FastTrack P2P Technology Message Service Denial Of Service Vulnerability.

 

Emule is a security risk.

Emule Emule 0.29 c

It has been reported that the eMule Web Control Panel HTTP login mechanism may be prone to denial of service attacks. The issue is said to occur due to the mechanism failing to verify the origin of data transmitted via a login form. As a result, eMule expects a limited number of password characters to be transmitted when attempting to login. By making use of a malicious form, it may be possible for an attacker to transmit excessive data to eMule and effectively trigger a denial of service.

Emule Emule 0.27 b

A denial of service vulnerability has been reported for Emule. The vulnerability occurs when a Emule client recieves a chat request without a nickname.
This vulnerability was reported for Emule clients prior to 0.27c.

EMule+ EMule+ 1.0

eMule client has been reported prone to a heap overflow vulnerability. The issue presents itself when the client parses malicious data received from the server. This issue may allow an attacker to provide excessive data to an affected client using a malicious server. Ultimately an attacker may exploit this condition to execute arbitrary supplied instructions in the context of the vulnerable emule application.

 

What password?

WinMX does not use passwords,never has, the current ver is 3.53, so any info on ver 2.6 is about 3 years old.

 

Check again.... I still use ZA 4.5 instead of 5.1... WinMX 2.6 is still more popular than 3.53 for possibly the same reasons. I don't use P2P. Just passing info gained from actual experience dealing with customers' systems. Re: Passwords, check again....

 

I have used WinMX, KazaLite and LimeWire Pro for a period of years.

Not only have I not ever been infected by anything I've d/l'ed - I have never even received a warning/alert from any of my defensive programs that something even contained anything malicious that was trying to d/l!

So I guess it just depends. Pete

 

Newest version is 0.44b. If someone uses an older version that is 1 year+ old with known vulnerabilities, then I guess they get what they deserve, just like users of Windows that never run Windows Update.

 

I don't think its the version that matters in discussing eMule as a security risk. Its the concept. P2P. File Sharing... The risks are inherent in the concept!
Those who've stayed clean thus far are lucky! It's like one making the rounds of game, warez, casinos, porn sites and staying clean. The very thought is risky even if you swear on a stack of Bibles that doing so never got you infected....

By the way eMule ++ v.1.1 is available.

 

The Internet....The risks are inherent in the concept!

Hardly. The only way I know that nothing I've ever d/l'ed through any of the P2P programs I mentioned above even contained any malware is because I scan all d/l's before running them (P2P or non-P2P).

That doesn't qualify as "luck" - merely common sense. Things would have leaped all over an attempted infection should one have occurred - it never happened.

Stack of Bibles not necessary - the truth stands very solidly on its' own. Never an infection or even an attempted infection in years of using P2P.

It simply amazes me that people zero in on things like P2P and even IM programs as big bad sources of infections - there's absolutley no need for them to be if you know what you're doing.

If you don't know what you're doing then:

Opening your browser...The risks are inherent in the concept! Pete

 

some tips on using emule:

-- never use the integrated search, always use an index site (this way you have less risk on getting a fake file, virus or whatever)
-- use Protowall or Peerguardian or ipfilter.dat
-- use a firewall

i use p2p for some years and i never been hacked or got a virus, just use common sense and you're safe

 

Since I use the blocklist manager and Protowall (or exported to the BUILT IN blocked sites/ip's) the chances are smaller to get infected cause most of the bad hashes/malware IP's/malware servers are blocked by protowall/blocklist manager.

that is one of the best tools to use when p2p

 

You're absolutely right! My common sense tells me to stay away from P2P...

 

Please check on ports 1214, 1981 & 8473.... To you guys in Wilder, this may be a moot & academic point, but their very existence indicates that the vulnerabilities of P2P are real.

KaZaA, Grokster and Morpheus are file-sharing clients based on FastTrack P2P technologies. They will run on Microsoft Windows 9x/ME/NT/2000/XP systems. Ports also exist for variants of the Linux operating system.
It is possible for a user to craft a raw fake HTTP GET header to spoof the identity of an another existing user via the messaging service offered by vulnerable clients. The host and username in the header most both by valid for this to work.
Clients listen for messages on port 1214 by default, even when they are not actively connected to the service.
Any versions of file-sharing clients based on FastTrack P2P technologies which include the messaging functionality should be considered prone to this issue.
This is a security vulnerability because access control is based on client identities, supplied in the request headers.
Attackers may spoof their identity to exploit V-4122 "FastTrack P2P Technology Message Service Denial Of Service Vulnerability".

Exploit: The attacker must craft a raw HTTP GET request header with spoofed information to exploit this issue.

Workaround:
Users may opt to ignore all incoming messages, effectively disabling the vulnerable instant messaging functionality, but the threat is real.