How unsafe is Emule (p2p)?

Discussion in 'other security issues & news' started by jag1967, Nov 1, 2004.

Thread Status:
Not open for further replies.
  1. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    Hi All

    I've been regularly telling (debating with) my collegue at work that using p2p s/w like emule isn't safe. He isn't convinced that there's a significant risk

    AFAIK, apart from situation of getting sued for illegally downloading music, you can easily d/l files with viruses/trojans; and the s/w opens up ports on your pc which exposes you to bad hackers/crackers (is this correct about these ports even if its opened by the s/w?).

    But beyond this, I can't explain further or in more detail why it's so risky to use. Anyone want to help me out?

    cheers
    jag
     
  2. AUXHILLARYmikE

    AUXHILLARYmikE Registered Member

    Joined:
    Aug 31, 2004
    Posts:
    12
    Location:
    I live in Crosskeys near Cardiff in Wales. United
    EVERYONE THINKS THAT FILE SHARING PROGRAMS ARE BAD. I THINK THAT AS LONG AS YOU CHECK THE RIGHT BOXES ON INSTALLATION AND SETUP, THE RISK IS MEDIOKE. THEN TIGHTEN UP SECURITY OF YOUR PC PROCESSES WITH PROGRAMS LIKE PROCESS GUARD AND WORMGUARD, THEN ADD SCRIPT SCENTRY BY THE GATE, AND TOP OFF WITH GOOD OLD SPYBOT(GUARD/BLASTER). THEN I THINK YOUR PRETTY MUCH WATER TIGHT! ALTHOUGH JUST TO MAKE SURE ADD A GOOD AV LIKE SOPHOS OR PANDA(ONLY ONES THAT HAVE WORKED FOR ME). AM I RIGHT?
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    When I had my computer repair shop I was always having to try and rescue a comp that had been used on p2p networks. In my opinion based on experience I don't think there is a safe p2p out there. Some people will say that I am wrong but my exrerience says I am not.

    bigc
     
  4. The topic poster stated that his was a WORK ENVIORMENT...there there wont be an opinion to install extra protection programs......therefore, its only a matter of time.......roll of the dice.....sooner or later...."craps"

    what makes me nervous about this post is the "JAG" in the sig.....if the posters friend is in the military..........thats not a pretty thought....a couple of years ago in england (i think) an entire division was infected and part of the Royal Navy....any Brits here to comment on this..welcomed...
     
  5. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Don't click exe without scanning first. I've seen KAV, with my own eyes, warn me as a part file - not even an exe yet. I run emule often.
     
  6. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    HI, as far as P2P goes, WINMX is very safe, no Spyware/Adware, Kazza Lite is ok as well.

    You should always have the 3 basic security musts,

    AntiVirus -up to date
    FireWall - not XP [it only blocks incoming, an not very well]
    WinUpdates.

    Most users can settle for just these three, although Anti Spyware is almost a must as well.
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    But kazza lite is a cracked version of kazza and is illegal.

    [edit] I just saw a web site that claims kazzalite is legal now, but I would be a little wary of it.
     
  8. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    IMHO, it's best not to touch any P2P program at all. I consider P2P programs as a major security risk.
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    All P2p Programs & file sharing are inherrently dangerous

    By their nature you are open to attack, you allow others to share your files and with much of the newer malware floating around that particularly target P2P applications any small crack in the door is enough to let them in

    Yes common sense and good security can cut down on the risk a bit but it's always there and one slip and you have been compromised

    About 50% of current worms/viruses/trojans are spread by P2P methods, apart from an infected file being downloaded many nasties piggyback on the actual p2p application and/or watch for the open ports taht they need to get on

    it's no good you only allowing 1 folder shared, you still need at least one port always open for the file sharer to request the file from you, once the worm finds that port it's in your system and you have been got
     
  10. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    Thanks for the replies/opinions so far.

    Just to clarify, I'm not associated with military or anything like that! And while i'm discussing this p2p stuff with a work collegue, he runs p2p on his home machine 24/7.

    Actually his argument is that with an AV, decent f/w and anti-trojan, running emule is safe and I'm being paranoid/scaremongering
    So what I'm asking whether he's right, or how much he's wrong.

    From my limited knowledge & what folks have said, I see 3 main threats:

    1. Bad files: the biggest risk is d/l a file an opening it/clicking on it (like an exe) which might be a trojan and u hope your security s/w picks it up. So already u are putting yourself under risk, buy exposing yourself to potential threats. I reckon I win the argument here, and I should send him to the wilders boards to get really scared if he thinks having the right security s/w makes you invincible!

    2. Worms: piggybacking on a p2p application. How does this happen and wouldn't it be really difficult to detect as the s/w itself would be opening a port and u wouldn't be able to tell if u are sharing a file or spreading a worm. Is this right, if so, that would another score to me

    3. Open ports: exposing your self to hackers. I'm assuming u can be hacked, but is this correct if the p2p program controls the port? Would there have to be a known exploit in say emule for this to happen, or could any hacker get thru any open port?

    If all these 3 points (and any more) are true, then I reckon I would win the argument overall that p2p is inherently unsafe. Sorry guys for yet more questions/details, my knowledge is still noobie in these areas

    cheers
    jag
     
  11. bill2r

    bill2r Guest

    There has to be some kind of exploit, say a buffer overflow for example for the hacker to "get thru". Otherwise all he can do is to upload and download files like any emule user.
     
  12. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    I could not have said it any better. Needless to say I completely agree :)
     
  13. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    IF you use emule you MUST install PROTOWALL and the blocklist manager to stop those hackers...in fact you cannot stop them but you will see a lot blocked.

    even without emule this thing is on my puter 24/7 . will not press ON without it starting up, together with the rest. it is now driver based and works flawlessly on my app.

    http://www.bluetack.co.uk/modules.php?name=Content&pa=showpage&pid=1
     
  14. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    WinMX stores P2P passwords in plaintext. As a result, these credentials could be exposed to other local users.
    This issue has been reported in WinMX 2.6. It is thought that the issue may have been addressed in later versions, though no vendor confirmation is available.

    WinMX is not that safe....

    KaZaA, Grokster and Morpheus are file-sharing clients based on FastTrack P2P technologies. They will run on Microsoft Windows 9x/ME/NT/2000/XP systems. Ports also exist for variants of the Linux operating system.
    It is possible for a user to craft a raw fake HTTP GET header to spoof the identity of an another existing user via the messaging service offered by vulnerable clients. The host and username in the header most both by valid for this to work.
    Clients listen for messages on port 1214 by default, even when they are not actively connected to the service.
    Any versions of file-sharing clients based on FastTrack P2P technologies which include the messaging functionality should be considered prone to this issue.
    This is a security vulnerability because access control is based on client identities, supplied in the request headers.
    Attackers may spoof their identity to exploit V-4122 "FastTrack P2P Technology Message Service Denial Of Service Vulnerability.
     
  15. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    Emule is a security risk.

    Emule Emule 0.29 c

    It has been reported that the eMule Web Control Panel HTTP login mechanism may be prone to denial of service attacks. The issue is said to occur due to the mechanism failing to verify the origin of data transmitted via a login form. As a result, eMule expects a limited number of password characters to be transmitted when attempting to login. By making use of a malicious form, it may be possible for an attacker to transmit excessive data to eMule and effectively trigger a denial of service.

    Emule Emule 0.27 b

    A denial of service vulnerability has been reported for Emule. The vulnerability occurs when a Emule client recieves a chat request without a nickname.
    This vulnerability was reported for Emule clients prior to 0.27c.

    EMule+ EMule+ 1.0

    eMule client has been reported prone to a heap overflow vulnerability. The issue presents itself when the client parses malicious data received from the server. This issue may allow an attacker to provide excessive data to an affected client using a malicious server. Ultimately an attacker may exploit this condition to execute arbitrary supplied instructions in the context of the vulnerable emule application.
     
  16. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus

    What password?

    WinMX does not use passwords,never has, the current ver is 3.53, so any info on ver 2.6 is about 3 years old.
     
  17. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    Check again.... I still use ZA 4.5 instead of 5.1... WinMX 2.6 is still more popular than 3.53 for possibly the same reasons. I don't use P2P. Just passing info gained from actual experience dealing with customers' systems. Re: Passwords, check again....
     
  18. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I have used WinMX, KazaLite and LimeWire Pro for a period of years.

    Not only have I not ever been infected by anything I've d/l'ed - I have never even received a warning/alert from any of my defensive programs that something even contained anything malicious that was trying to d/l!

    So I guess it just depends. Pete
     
  19. Clowny

    Clowny Registered Member

    Joined:
    Aug 11, 2004
    Posts:
    70
    Newest version is 0.44b. If someone uses an older version that is 1 year+ old with known vulnerabilities, then I guess they get what they deserve, just like users of Windows that never run Windows Update.
     
  20. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    I don't think its the version that matters in discussing eMule as a security risk. Its the concept. P2P. File Sharing... The risks are inherent in the concept!
    Those who've stayed clean thus far are lucky! It's like one making the rounds of game, warez, casinos, porn sites and staying clean. The very thought is risky even if you swear on a stack of Bibles that doing so never got you infected....

    By the way eMule ++ v.1.1 is available.
     
  21. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    The Internet....The risks are inherent in the concept!


    Hardly. The only way I know that nothing I've ever d/l'ed through any of the P2P programs I mentioned above even contained any malware is because I scan all d/l's before running them (P2P or non-P2P).

    That doesn't qualify as "luck" - merely common sense. Things would have leaped all over an attempted infection should one have occurred - it never happened.

    Stack of Bibles not necessary - the truth stands very solidly on its' own. Never an infection or even an attempted infection in years of using P2P.

    It simply amazes me that people zero in on things like P2P and even IM programs as big bad sources of infections - there's absolutley no need for them to be if you know what you're doing.

    If you don't know what you're doing then:

    Opening your browser...The risks are inherent in the concept! Pete
     
  22. Weber

    Weber Registered Member

    Joined:
    Jun 16, 2003
    Posts:
    107
    Location:
    Porto Alegre - Brazil
    some tips on using emule:

    -- never use the integrated search, always use an index site (this way you have less risk on getting a fake file, virus or whatever)
    -- use Protowall or Peerguardian or ipfilter.dat
    -- use a firewall

    i use p2p for some years and i never been hacked or got a virus, just use common sense and you're safe
     
  23. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Since I use the blocklist manager and Protowall (or exported to the BUILT IN blocked sites/ip's) the chances are smaller to get infected cause most of the bad hashes/malware IP's/malware servers are blocked by protowall/blocklist manager.

    that is one of the best tools to use when p2p
     
  24. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    You're absolutely right! My common sense tells me to stay away from P2P...
    :D
     
  25. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    Please check on ports 1214, 1981 & 8473.... To you guys in Wilder, this may be a moot & academic point, but their very existence indicates that the vulnerabilities of P2P are real.

    KaZaA, Grokster and Morpheus are file-sharing clients based on FastTrack P2P technologies. They will run on Microsoft Windows 9x/ME/NT/2000/XP systems. Ports also exist for variants of the Linux operating system.
    It is possible for a user to craft a raw fake HTTP GET header to spoof the identity of an another existing user via the messaging service offered by vulnerable clients. The host and username in the header most both by valid for this to work.
    Clients listen for messages on port 1214 by default, even when they are not actively connected to the service.
    Any versions of file-sharing clients based on FastTrack P2P technologies which include the messaging functionality should be considered prone to this issue.
    This is a security vulnerability because access control is based on client identities, supplied in the request headers.
    Attackers may spoof their identity to exploit V-4122 "FastTrack P2P Technology Message Service Denial Of Service Vulnerability".

    Exploit: The attacker must craft a raw HTTP GET request header with spoofed information to exploit this issue.

    Workaround:
    Users may opt to ignore all incoming messages, effectively disabling the vulnerable instant messaging functionality, but the threat is real.
     
Loading...
Thread Status:
Not open for further replies.