Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

For all of the witch-hunters...


  • Please log in to reply
28 replies to this topic

#1 maggot7

maggot7

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 18 December 2014 - 10:38 AM

Okay, so for all of the peer-to-peer witch hunters, I have a hypothetical:

 

Here's the scenario, let's say that a fully updated Windows 7 computer, protected by Bitdefender Antivirus (or any top ranking variety), Privatefirewall (or any highly rated firewall set to manual selection), CryptoPrevent Premium (on the highest setting), and Unchecky as well as using a VPN and client proxy (assuming Bittorrent protocol).

 

Now, assume that an infected file was downloaded (of any sort, including Cryptowall variants), how likely to you think it would be for that computer to get infected IF there was no user error in the approval or disapproval of any prompts from the security software.

 

I'm thinking, maybe a 5% chance of infection if that.



BC AdBot (Login to Remove)

 


#2 maggot7

maggot7
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 18 December 2014 - 10:47 AM

My point being that anything can be dangerous if you don't have the knowledge to prevent potential problems. Maybe morons or technologically illiterate folks shouldn't use P2P networks.

 

Commercial firework displays would be way more dangerous if I was responsible for them, but I don't write blogs about the dangers of fireworks even though most people are not capable of running a commercial fireworks display.



#3 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:11:38 PM

Posted 18 December 2014 - 11:04 AM

Rather than think in percentages, think in terms of whether it's a risk you want to take and whether it's a risk worth taking.

 

You do need to take extra care when using P2P software.  No matter what protection software you're running, Common Sense is usually the best one of all.  This in conjunction with protection software should keep you as safe as you can possibly be.  Heck, it can be hard enough to get software from sources you think you trust (such as popular download sites) so why would you have reason to trust a network where you can't know the true source of the file?

 

Take a look at Tip 14 in this article here:

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/


Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network

#4 maggot7

maggot7
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 18 December 2014 - 11:22 AM

I can get behind that and I like the language used in that Tip.

 

The often alarmist tone used when talking about P2P is why I posed this question. As a social experiment, I like poking the hive at these topics that have been shunned by IT professionals often based on a subjective moral stance. Very few things in IT are 100% cause and effect, meaning that if action A is performed, result B will occur 100% of the time. That is often how these type of issues are pitched as well as other American social issues like gun control or drug decriminalization.
 

That being said, I think that weighing it in terms of "Is it worth the risk?" is a perspective.


Edited by maggot7, 18 December 2014 - 11:24 AM.


#5 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:38 PM

Posted 18 December 2014 - 02:46 PM

Downloading a program is just about the most dangerous thing possible (after surfing online with a computer that lacks security updates to it's OS, runs java, runs all plugins as "automatic", uses internet explorer and lacks an ad-blocker) because an exe file is a program which can do anything it likes. Where a video file, audio file, pdf, office document(if we assume no macros) or image file cannot execute scripts and processes unless there is a vulnerability in a program an exe (or scr) file can do anythign it wants, if an administrator could do it so can an exe file, when you run someone's exe file you are basically giving them the chance to take full control of your computer. You should never run an exe file unless you can be absolutely sure of the source, with p2p systems you can almost never be sure of the source, someone has likely gone and modified the program and there is a good chance that one of the modifications they made was the insertion of malware.


For the average user the security settings and programs you describe (The VPN and client proxy by the way don't give security, they gave anonymity and privacy which is a whole different matter, you might call it an axis orthogonal to security.) are enough to protect them from SOME forms of attack if they are just casually browsing on very safe sites and checking email(coupled with a second opinon scanner, an ad-blocker, a script blocker, running UAC on the highest security setting and turning on "show full extensions for known file types" it should help against most forms of attack which require no user interaction) but when you run an exe file any security settings you use are more or less irrelevant, the idea of security is to stop the dangerous exe being executed at all, if you execute an exe of untrustworthy origin it has in many ways bypassed all your carefully arranged protective steps. As for downloading non-executable file types this is a little less risky, but p2p sharing is still rather dangerous (if so many reputable download sites now show fake download links and bundle cr*pware with programs how can you trust someone who doesn't even make themselves contactable), and unless you have "show full extensions for known file types" you cannot be sure that the "image", "audio file", "powerpoint slideshow", "pdf file","video" you just downloaded is not a sneakily named exe file of the form suspiciousfile.jpg.exe .

One more thing, no need to get to a moral tone of rights and wrongs, debates and counter-debates, I am just describing risks and mitigations, I don't judge people for their actions, I just advise how I would do things differently. I think alarmist tones are much to common in things people (well let's be honest the people being alramist are generally the politicians and media as far as most issues go) say and there is always sense in taking a step back from a debate just to consider the facts of a situation and put them in a plain form of what one knows and what advice one gives, not fury at another's opinions.

Edited by rp88, 18 December 2014 - 02:47 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:05:38 PM

Posted 18 December 2014 - 02:56 PM

Maybe morons or technologically illiterate folks shouldn't use P2P networks.


Instead of calling people names think about EDUCATING them.

Not knowing something does not make one a moron, stupid, dumb, whatever you want to call them.

As for "technologically illiterate" YOU were at one time in that category. No one turns on a computer for the first time and automatically knows EVERYTHING.

It takes time to learn-which varies because everyone is different.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:38 PM

Posted 18 December 2014 - 05:05 PM

Bleeping Computer is a family oriented site where we offer assistance to those who know very little about computing. As such, our forum discussion board and tutorials are targeted more for the novice user since they comprise much of our membership. We provide help based on that premise because it is impossible for us to know the extent of a member's background, knowledge level and experience level until we get to know them. We keep this in mind when writing replies since we know many novice members read various topics searching for answers without ever posting a reply. Our Malware Removal Logs Forum includes many victims of malware infection as a result of using P2P programs. Since that is the case, many of our experts ask them to remove such programs before the disinfection process to prevent further infection or reinfection.

With that said, we also have many experienced/professional members who contribute technical assistance to others and we certainly welcome those individuals who fall into that category...including their opinions and experience in various aspects of computing. All this makes Bleeping Computer the great community it is and stand apart from many other forum boards.

I hope you can appreciate and understand why we do this so please don't take some of our comments as an affront to you personally in regards to your knowledge, skill or abilities.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:08:38 AM

Posted 18 December 2014 - 06:59 PM

Almost all the Software, Movies , TV Shows on P2P are stolen,  and anybody using P2P to share this sort of stuff is an accessory to that theft.

 

 

Not knowing something does not make one a moron, stupid, dumb, whatever you want to call them.

+1


Edited by NickAu, 18 December 2014 - 08:29 PM.


#9 GB2064

GB2064

  • Members
  • 947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, Pennsylvania
  • Local time:06:38 PM

Posted 19 December 2014 - 05:19 PM

I guess this canned speech pretty much sums up what should be told to the average user.

Going over your logs I noticed that you have <p2p program> installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

 

Regards

Gary


Edited by GB2064, 19 December 2014 - 05:20 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:38 PM

Posted 19 December 2014 - 05:40 PM

Since the nature of P2P programs is counter productive to restoring a computer to a healthy state, most malware removal sites will insist such software be removed prior to offering assistance using similar canned speeches.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 jaredricha

jaredricha

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 19 December 2014 - 08:10 PM

I guess this canned speech pretty much sums up what should be told to the average user.

Going over your logs I noticed that you have <p2p program> installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

 

Regards

Gary

I completely disagree when you say "It is pretty much certain that if you continue to use P2P programs, you will get infected again."   There are safe sites to use. Yes many have malware and viruses hosted on there site,but there are safe ones as well. I've used P2P programs and have never been infected through one.   Most people that get infected download either bundled software or they download fake programs like "Paypal Hack" and other programs like that. If it seems to good to be true don't download it.  Find uploaders that you know will not bind malware to the files. For example Yify Torrents is a reputable site. If you do not know enough on how to protect yourself then yes do not use P2P.

 

 

Edit: Also if people are suspicious of a file they can run it in sandboxie or run it in a vmware.


Edited by jaredricha, 19 December 2014 - 08:16 PM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:38 PM

Posted 19 December 2014 - 10:16 PM

Yes there are some relativey safe sites but users visiting them may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. Some P2P programs are also configured to allow other P2P users on the same network open access to a shared directory on your computer by default. If your P2P program is not configured correctly, you may be sharing more files than you realize. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat by hiding a file extension or adding spaces to the existing extension as shown here (click Figure 1 to enlarge). The best way to eliminate these risks is to avoid using P2P applications and torrent web sites.

Software Cracks: A Great Way to Infect Your PC

...It is almost never safe to download executable programs from peer-to-peer file sharing networks because they are a major source of malware infections.


US-CERT: Risks of File-Sharing Technology

What risks does file-sharing technology introduce?

* Installation of malicious code - When you use P2P applications, it is difficult, if not impossible, to verify that the source of the files is trustworthy. These applications are often used by attackers to transmit malicious code. Attackers may incorporate spyware, viruses, Trojan horses, or worms into the files. When you download the files, your computer becomes infected (see Recognizing and Avoiding Spyware and Recovering from Viruses, Worms, and Trojan Horses for more information).

* Exposure of sensitive or personal information - By using P2P applications, you may be giving other users access to personal information. Whether it's because certain directories are accessible or because you provide personal information to what you believe to be a trusted person or organization, unauthorized people may be able to access your financial or medical data, personal documents, sensitive corporate information, or other personal information. Once information has been exposed to unauthorized people, it's difficult to know how many people have accessed it. The availability of this information may increase your risk of identity theft (see Protecting Your Privacy and Avoiding Social Engineering and Phishing Attacks for more information).

* Susceptibility to attack - Some P2P applications may ask you to open certain ports on your firewall to transmit the files. However, opening some of these ports may give attackers access to your computer or enable them to attack your computer by taking advantage of any vulnerabilities that may exist in the P2P application. There are some P2P applications that can modify and penetrate firewalls themselves, without your knowledge.

* Denial of service - Downloading files causes a significant amount of traffic over the network. This activity may reduce the availability of certain programs on your computer or may limit your access to the internet (see Understanding Denial-of-Service Attacks for more information).

* Prosecution - Files shared through P2P applications may include pirated software, copyrighted material, or pornography. If you download these, even unknowingly, you may be faced with fines or other legal action. If your computer is on a company network and exposes customer information, both you and your company may be liable.


SANS Institute Peer-to-Peer File-Sharing Networks: Security Risks

...P2P file-sharing...there is a potentially dark side to these services, and not just due to any moral or legal concerns about sharing files. There is a very real security risk to every user who chooses to use P2P file-sharing software...there will always be the risk of irresponsible users introducing viruses...There is no way to guarantee that the file a user downloads is what the filename implies, or even the same type of file. This makes P2P networks a ridiculously easy way for authors of viruses, worms, Trojan horses, etc. to distribute their handiwork...


A Study of Malware in Peer-to-Peer Networks

...Peer-to-Peer (P2P) networks...very little protection is in place to make sure that the files exchanged in these networks are not malicious...


File Sharing, Piracy, and Malware

Recent research shows that websites and programs related to software piracy are likely to be infected with malware due to the way they are distributed...over 50% of all pirated files are infected with malware that are constantly repacked to evade even the most up-to-date anti-virus programs. Software piracy acts as a gateway for cybercriminals to infect computers, leaving individuals and their personal data vulnerable to malware infection.


Therefore, any security forums ask members to remove P2P software before assisting them with malware disinfection. The nature of such software and the high incidence of infection or reinfection is counter productive to restoring the computer to a healthy state...see here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 20 December 2014 - 11:45 AM


Edit: Also if people are suspicious of a file they can run it in sandboxie or run it in a vmware.

 

 

There's a lot of malware out there that is VM/sandbox aware. It will not execute when it detects it's in a VM. If you test a program in a VM and it doesn't behave maliciously, then that doesn't mean it is not malicious.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:06:38 PM

Posted 22 December 2014 - 10:33 PM

I am of the thinking that if you are going to use P2P, just use Linux. More likely than not, the viruses that could potentially be contained in the package you are downloading is not going to work on a Linux machine. Windows dominates the world, and as such most viruses are written to work on Windows. Linux is fairly safe. Though of course not completely safe, and I am sure there are some viruses floating out there that will contaminate Linux as well.

 

With that being said, I don't condone downloading illegal and copyrighted content. You could be downloading a perfectly legal P2P file and still have it come loaded with a virus.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:38 PM

Posted 23 December 2014 - 07:01 AM

Just by visiting some P2P sites, you can be exposed to malicious code without downloading anything.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users