P2P and security

Discussion in 'other security issues & news' started by Meltdown, Jun 16, 2005.

Thread Status:
Not open for further replies.
  1. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
    I often read that P2P applications are a security risk. Beyond the obvious pitfalls - installing P2P applications that come with spyware and adware, downloading and running executables, faulty configuration giving access to your entire hard drive - do P2P applications present any more risks than other programmes (browsers, email clients...) that access the web, with the constant possibility of new vulnerabilities and exploits?
     
  2. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I think your question is more or less academic. Be prepared for the worst and take counter measurements.

    Gerard
     
  3. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
    Thanks Gerard :). I suppose I pretty much answered the question myself, just wanted to make sure I had all the bases covered.
     
  4. lupus

    lupus Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    22
    I have a few simple rules when it comes to p2p and they haven't faulted me so far.

    -ONLY use open-source stuff from SourceForge, eMule and ABC(BitTorrent) are what i use. Stay away from commercial spyware infested crap such as Kazaa, Limewire or Ares, even so called lite versions. Usenet(Newsgroups) is a good way to go also.
    -NEVER download any executables, ONLY video and/or music.
    -USE a decent firewall (i use ZA free with auto lock feature ON and emule and ABC set to bypass lock).

    Like i said i haven't had problems in years sticking to these rules.
     
  5. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I sort of agree that if you stick to audio and video files you will be ok but you still need to keep some things in mind. For example if you don’t have windows set to show extensions you could download a file that seemed to be a video file, denoted by lets say movie.wmv, but if you enabled “show extensions for known file types” so would see that it is actually movie.wmv.exe, which makes it an .exe. Also if a video which you know is somewhat long is an unusually small file size, it’s probably not a video but something malicious labeled as such. I would also never download a video or audio file that is compressed by winzip or winrar, because you never know what might unzip with it. I agree that downloading .exe’s is always a bad idea. I think that’s about it, I used to use P2P on my main machine but after I reformatted I have no touched it. But when I used to use it I only downloaded audio/video files and I never got any malware.

    Right now the other computer in my house has Limewire on it (which is crapware free BTW) and I just use that if I really want to download something. For experiment I have downloaded a movie file that was abnormally small for what it should have been, and sure enough when I played it I got hit with a bunch of pop ups and windows asking me to accept this, accept that. So it is possible to get a video file that contains malware, but if you are smart about it the chances are pretty rare. I still think the safest way is to use P2P programs on an older, less cared about machine. That way you can download whatever, test it, and virus scan it before you put it on your main machine. Like I said above that is pretty much what I do, download a file on another computer, scan it with AVG, Bit Defender and A2, then test it to make sure it is what is advertised then I put it on my computer where it is scanned with NOD32 and Ewido. Yes it is a process but it is pretty safe and works. Also check out this, I guess Bit Torrent is being targeted by Spyware now :mad:

    http://news.com.com/2100-7349_3-5750601.html
     
Loading...
Thread Status:
Not open for further replies.