P2P Safety

Discussion in 'other software & services' started by screamer, Jan 20, 2007.

Thread Status:
Not open for further replies.
  1. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    I'm just getting back into P2P and want to be as secure as "reasonably" possible.
    I'm using Shareaza, all three networks.

    Using my NAS Box
    All files are DownLoaded to external USB HDD. <-- just for P2P
    Outpost FW set to "Allow" Shareaza <-- could be better, but I'm lazy
    NOD32 scans D/L folder daily
    AVG AV realtime protection + daily Scan
    SpyWare Terminator realtime, no HIPS + daily Scan
    SocketScanner Monitor
    CyberHawk
    SSM Free in learning mode: Figure if CH & SocketShield doesn't alert. It may be OK.

    Is this reasonable?


    ...screamer
     
  2. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    That's when the AS's are useful. :thumb: However, real-time, maybe you got too much, but if the machine runs well, it's just an opinion:)
    I got no AS real time, but it's my preference. Prevx1 is there for me.

    I've been using SandboxIE, and i got to say, this one rocks, and it's so small!!
    Maybe you could use it to open the files inside the sandbox, and check them out, if you feel you must on some cases.
    SSM, if you like it, ok, but i would choose between that and CH. So, CH:D
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    SocketShield/Link Scanner is useless with P2P :)

    Security in P2P:
    -Only connect to trusted servers/peers.
    -Use a IP blacklist such as Bluetack´s lists with PeerGuardian/Protowall.
    -Don´t use P2P to download apps and cracks excepting few ones (OpenOffice, Linux ISOs, etc)
    -Before downloading anything, check users opinions/ratings about the file.
    -If you download documents, PDFs, open them with third-party viewers which don´t allow scripts/macros.

    Better approach:
    -Use P2P under Linux.
    -Use P2P in virtual machines.
     
  4. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I was thinking on what to do when files are downloaded, but Lucas referred to some more important points. Before you download.
    I would add download files that have plenty of sources.
     
  5. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    I've been getting some Event 1000 errors / NTDLL.dll faulting: I disabled DEP for Shareaza. Is this going too far or should I live w/ the errors?
     
  6. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,693
    Hello,
    That's the best advice you could get. Nothing to do with AS, AT, AV. No different than using any other program.
    Mrk
     
  8. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    I additionto whats been said, you need to trust the network(s) and application you want to use.
    Shareaza is good and stable, when I last used it G1 network suffered from a LOT of fakes, G2 was not popular enough and the Ed2k implementation was never as good as emule/edonkey (not fully featured, imparied download speeds).

    Things to look out for in you P2P app:

    Block listing (can also be done with another util), useful for blocky bad sources and servers.
    Fake lists (version of emule I have pick up common fakes).
    Ability to find alternate file names of what you are downloading si useful (emule has this, I cannot remember if shareaza does), if I do a search and get a result for "cool martial art clip" I can lookup alternate names, if its things like "karate clip" and "martial art fight" it should be ok, but if the alternate names are things like "xxx hot sucky sucky" I know that people are spreading fake files.

    I run emule as a service and login with a limited user account to check the files out, this means that if my AV doesn't pick the crud up, atleast it can't spread far.

    I've uploaded 140 gigs and downloaded 200 gigs (all legal) with emule to date and only had half a dozen files with trojans/viruses and probably 1 in 100 files (after apply my common sense file name test above) is a fake OR doesn't work.
     
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    All great advice. PG2 and fake lists, and looking at the alternate names:thumb:
    By the way, "xxx hot sucky sucky" lol
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,693
    Hello,
    Nick what files do you dl / ul?
    Mrk
     
  11. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    Movies/clips, training videos for the Martial, TV programs like 24, UFC reruns, MotoGP reruns, music, the odd commercial movie, of course i am very careful about what I share (in the UK it is NOT a crime to download)... :D
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,693
    Hello,
    Well, it's curious. I was thinking you were into apps or such, the fact you encountered trojans alongside these. Must have been special files.
    Mrk
     
  13. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    I do download the odd small file pdf, word doc which can be renamed archive, which nod32 picks up... i'd say the half a dozen that I have downloaded is not bad, as i've been downloading for 4 years :)
     
  14. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    Thanks for all this info guys. I'm digesting it.

    @Tobacco, I tried BufferZone P2P free. It slowed thing down to a crawl and I had a tough time connecting to the networks. I'll be fine w/o it though.

    @MRK : "Nothing to do with AS, AT, AV. No different than using any other program."
    Why do you say this? I don't understand... I scan the files D/L'd to the external HDD w/ Spyware Terminator, AVG AS, NOD32 daily.

    ...screamer
     
  15. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    He meant that it's more important how you downloaded them. Before downloading, the measures you take here, are more important.
    IMO, it's still good to have scanners to check if the files are ok.
     
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,693
    Hello,

    What I meant:

    People say you need special AV, AT, AS and more to protect yourself if you are using P2P. I say no.

    P2P is another way of downloading files. No different than using a browser. Just as you download pigmy.exe from some website, you can download pigmy.exe through P2P.

    The dangers are equal. No reason to "upgrade" the security of your system just because you have another vector of download.

    What you download matters. But again, it's no different than downloading through browsers. If all you downloads are cracks for software, you're likely to be surprised one day. If you only download movies and music, the chances of an infection are very remote.

    Sometimes, the availability of bad stuff through P2P is higher than browser, but not much. You can download cracks through a browser too, by visiting various sites. In the end, what you use and how you use it means everything.

    Finally, you have bundled P2P apps, but this is no different than deliberately infecting your machine.

    The advice that lucas offered is 99.99% of security:

    -Only connect to trusted servers/peers.
    -Use a IP blacklist such as Bluetack´s lists with PeerGuardian/Protowall.
    -Don´t use P2P to download apps and cracks excepting few ones (OpenOffice, Linux ISOs, etc)
    -Before downloading anything, check users opinions/ratings about the file.
    -If you download documents, PDFs, open them with third-party viewers which don´t allow scripts/macros.

    Not different than wise browsing:
    -Only download stuff from sites you trust.
    -Use site whitelisting - by limiting sites (no scripting).
    -Check rating / opinion about programs / stuff you download.
    -If you download documents, use third-party viewers that don't allow / support scripting.

    Mrk
     
  17. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    Got it, Thanks MrK :)
     
  18. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    raises hand
    aps is what I tended toward at one point
    (these days I know more about freeware\opensource alternative so do it less but sometimes its the only way to get ghostware)
    but any exe off P2P is a rather opaque proposition, your going to have to trust it or virtualize it, its unlikely to get flagged by a signature scan before an install, and your going to allow it at the HIPS. Studying it in a virtual environment seems prudent
     
Thread Status:
Not open for further replies.