John, John, John. John Dvorak, what were you thinking?
In his recent column, The Scheme to Discredit BitTorrent, Dvorak gets so much wrong about BitTorrent, its security problems, Microsoft and Avalanche thats it hard to know where to begin.
So, lets just walk down Mr. Dvoraks column, shall we?
First, is Microsoft really taking aim at BitTorrent, the justifiably popular peer to peer protocol? Yes, I know that Bram Cohen, BitTorrents inventor, thinks so, but is it really?
Both Cohen and Dvorak describe Microsofts Avalanche project as vaporware.
Ah, actually, its not even that. It never was.
I dont need to explain this, though. Ill let Kevin Schofield, Microsoft Researchs general manager for strategy and communications.
“Let me get this straight. In six days, a research project went from some algorithms in a paper to Microsofts competitive answer to BitTorrent, to vaporware, to an evil conspiracy,” Schofield said.
“Weve never claimed that this was anything more than a research project. We released a paper so that everyone—including Microsofts fiercest competitors—knew exactly what we were doing,” Schofield said.
Now, anyones who ever read more than two of my columns knows Im no Microsoft fan, but sometimes a research project is just a research project, even when Microsoft is paying for it.
Ive read the technical paper (available here as a PDF.) I know something about how these things work. And, you know what? Avalanche is an early-stage research project. Nothing less, nothing more, and no one who really knew anything about it claimed otherwise.
Moving on, Dvorak sets up a straw man by saying, “There is no spyware in BitTorrent.” Uh, no one ever said that there was spyware in the BitTorrent clients or in the protocol. Certainly our own Ryan Naraine didnt do so in his coverage of adware being carried over BitTorrent.
What Naraine, and others, did report was that some files being traded around over the BitTorrent protocol were carrying adware.
Specifically, two companies, Direct Revenue and Marketing Metrix Group, were deliberately sending out files loaded with programs like the Aurora adware, which has been described, rightly, to my mind, as a “Plague of the Internet.”
Adware, as you note, is old hat. But what is news here is that someone was deliberately using BitTorrent torrents as an adware delivery service for the first time.
Now, Dvorak wasnt the only one to misread those BitTorrent stories, but if he and everyone else would RTFA (read the fine article), theyd see that all it says is that Torrent files are being bundled with adware programs.
If seeing is believing, look at an actual example on Vitalsecurity.com of how the adware is delivered. Notice that youre seeing a RAR (todays hot file compression technology)—not an exe—of an episode of “Family Guy.” When you open it, youre faced with a licensing announcement, which, if you agree to it, will pack your Windows system full of spyware.
Would this fool someone who knew what they were doing? Nope. Would it fool someone who knew just enough to look for a free video? Oh yeah.
I wouldnt be fooled. Dvorak, and many others who pay attention to technology, wouldnt be fooled, but for those millions of clueless users, yes, oh yes, theyll be fooled into installing the adware.
Does this make it a real problem? I certainly think so.
As Dvorak points out, BitTorrent is the largest single protocol. The Webs HTTP barely counts compared to BitTorrent and the other P2P protocols. Thats a heck of a lot of traffic—as any network administrator knows—and having it increased with crapware is not good news.
In addition, some anti-virus and anti-spyware programs dont look at Torrents for trouble. That means even users who are bright enough to run programs like those are still in danger of having junk delivered to their computer. Thats a problem.
So, whats really happening here? A conspiracy against BitTorrent? No, not at all. All that has happened is that people got way too excited about Avalanche and way too paranoid about adware being in BitTorrent. The real problem is that now BitTorrent, like e-mail, the Web, and soon, Im sure, IM, is being used to deliver malware.
The real solution is to stop jumping up and down about Microsoft being out to get anyone, and continue to look for ways to block malware, no matter what path it takes, from getting onto our systems.
eWEEK.com Senior Editor Steven J. Vaughan-Nichols has been using and writing about operating systems since the late 80s and thinks he may just have learned something about them along the way. He can be reached at [email protected]