“Raids close file-sharing server” says the BBC headline, on a story covering the closure of a major site in the eDonkey peer-to-peer “file sharing” network. Okay, so we know that “file sharing” is generally a pseudonym for “we want to watch movies or listen to music, but we don’t want to pay anyone for the privilege, but we’ll find ways to claim that it isn’t really theft”, and so obviously this is a “good thing” from the view of content providers.
[I’m a content provider – I develop software, I write documentation, even this blog is copyrighted text, by virtue of the fact that I wrote it.]
However, from the point of view of system administrators, I predict this may lead to an increase in the spyware load on your systems.
Seems bizarre, right, that I am suggesting that spyware goes up when a p2p site goes down? You’d think that would interrupt the flow of spyware through infected files. Here’s my reasoning:
The average user of eDonkey has been using it for some time, and has got to the point where he/she subliminally knows what is safe content, and he/she has a version of eDonkey that might not be current and up-to-date, but is ‘good enough’.
That’s a stable system – you’ve already managed any spyware that may have come with the distribution of eDonkey, and the user has essentially educated themselves to not introduce more into the system.
Now, the system is made unstable – the server that was being used for the p2p sharing is no longer accessible, and the user panics trying to find another server. Maybe they can’t find one, or maybe the server they find won’t accept their old version of eDonkey. The user may go and download a new p2p program, with new attached spyware, and new servers to download from. In addition to what comes with whatever new p2p program they download, they’ll also find that the users of this new p2p program and new server behave in different ways – requiring that the user re-learn how to intuit spyware’s presence in the files they are downloading.
This isn’t an argument for leaving p2p file-servers up, it’s an argument that you need to expect a spike in spyware, plan for it, and protect yourselves.
Coincidentally, Microsoft recently released Beta 2 of their anti-spyware product named “Windows Defender” just a few days ago. Unlike anti-virus programs, you generally need more than one anti-spyware product on your system, so I’ll also recommend Lavasoft’s Ad-Aware and Spybot Search & Destroy (be careful of programs with “Spy” in the name – many of them are spyware masquerading as spyware-removal – Spybot Search & Destroy is not such a rogue program, though).