Peer-to-peer file-sharing networks have come a long way since the dawn (and demise) of Napster, with LimeWire, Kazaa, Morpheus, Grokster, and others offering everything from MP3 files to movies, software, and anything that can be exchanged across a digital network. If youre using or plan to use such networks, you should know that copyright infringement isnt the only issue to consider. You also open up your system to a host of security and privacy threats, including viruses, worms, Trojan horses, snooping, data theft, spyware, and more.
The first thing to understand about file sharing is that every users system acts as a server for everyone elses, so there is almost no way to control the content that is available on a network. This makes it easy for anyone to distribute a virus, worm, or Trojan horse in a file you thought contained your favorite song. Once that file is in your file-sharing directory, its usually available to everyone, whether youve tried to play it or not, so malware can spread very quickly. Some of the software itself has been known to have Trojan horses and other security problems. And a number of file-sharing applications contain invasive adware that monitors your online behavior and sends data back to a server (as discussed in our spyware cover story, April 22). Although providers are backing away from this lately, millions of users have unwittingly downloaded tons of spyware along with file-sharing apps.
Even if you arent using your file-sharing application, its usually up and running in the background, providing other users with access to your system—and often to your IP address. Studies such as “Usability and Privacy: A Study of Kazaa P2P File-Sharing” suggest that the majority of users dont know what files theyre sharing and may inadvertently end up sharing private files such as e-mail and financial information.
There are a number of steps you can take to protect yourself. The most obvious step is to turn off your file-sharing app when youre not actively searching or downloading. This is not as straightforward as it sounds, however, as many such applications continue running in the background after you think youve closed them. You may be able to right-click on an icon in the taskbar and try to shut your app down again, but this may not do the trick either. For example, unless you change some defaults in LimeWires Options dialog box, it will not shut down until a current transfer has been completed. If your file-sharing app offers the option to disable sharing altogether, take advantage of this.
The next step is to make sure you control which directories you are sharing. Unless you really know what youre doing, choose the default directory the program offers and copy all the files you want to share into it. Dont enable sharing for any of your other directories; you may forget that you did, or that their subdirectories have also become available.
Most popular antivirus programs, such as those from McAfee and Symantec, are effective against file-sharing viruses and worms, so make sure you run yours, and take advantage of automatic signature updating so youre protected from the latest threats. Even if youre on a network that has a firewall, you should run a personal firewall, and if your firewall tells you that a program you dont recognize is trying to make a connection from your system, dont allow it access. If you encounter any problems running your legitimate software after that, you can always change your mind.
Run a spyware removal tool periodically to see whether youve downloaded anything unwittingly. PepiMK Softwares free utility SpyBot Search & Destroy (described in the spyware story mentioned above) was a recent Editors Choice. And make sure you keep your file-sharing application itself up to date with the latest patches and fixes. Finally, dont forget to perform regular backups in case an attack cripples your system. You can also run a system rollback utility, such as Windows XPs System Restore or Symantecs GoBack, to ensure that you can return your entire system to a previous state. As with e-mail, youll never be completely safe from file-sharing security threats, but if you take the right steps you can greatly reduce the odds of becoming a victim.