Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: How safe are P2P programs?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
BitTorrent, Inc
And, this specific program:
uTorrent for Windows 2.x

This thread has been marked as resolved.
Wynn-M How safe are P2P programs?
Member 16th Aug, 2010 16:03
Ranking: 0
Posts: 7
User Since: 26th Feb, 2010
System Score: N/A
Location: NL
Last edited on 16th Aug, 2010 16:11

I would like to try a P2P file exchange program. I installed uTorrent six months ago but haven't been brave enough to use it. I read up a lot about it and other like programs but was rather put off by reading the negative feedback from users on the internet regarding vulnerabilities.

I would welcome some feedback from users of this (or any other recent P2P program - good or bad!) to find out if vendors have improved on their security issues before I decide to make use of it.

According to the Secunia advisories reports over the last few years they do seem to be improving but there's nothing like hearing it from the horse's mouth.

--
Wynn-M

Post "RE: How safe are P2P programs?" has been selected as an answer.
Anthony Wells RE: How safe are P2P programs?
Expert Contributor 16th Aug, 2010 19:36
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A


Hello Wynn-M ,

If you weren't brave enough before , then there is no reason for being "braver" now.

File sharing is a great asset of the internet ; if you know the person you are sharing with and the provenance of the material is known - guaranteed non-pirated and malware free - then you can enjoy . Sharing and live editing of documents is possible on certain cloud based software - ether based paper conferences :)

Wandering the web with impunity and łTorrent (which is reportedly as good as any on offer - I use it) and playing P2P with an unknown and un-quantified/qualified entity is putting you , your machine and possibly your identity at risk .

There are hundreds of statements concerning the risks , if you websearch file sharing/P2P ; here is a realistic appraisal from a creditable source :-

http://www.us-cert.gov/cas/tips/ST05-007.html

My advice to my friends is that if you don't understand it , you don't know the why's and wherefore's and you don't feel comfortable/happy with what you are doing , then don't do it !! Applies to many things .

Ask if you have more questions , just be sure to take care .

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+4
-0
thedillpickl RE: How safe are P2P programs?
Contributor 16th Aug, 2010 19:51
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Last edited on 16th Aug, 2010 19:54
Hi Wynn-M;

I have no experience as to how safe P2P is, but...

I would not use P2P on my regular machine. If you wish to experiment, use of an old unused machine that will not be connected in any way to your everyday system might be in order. This machine should be isolated in every way (except maybe the power tap) and use only a new hard drive or a wiped hard drive (suggest Gutmann). P2P can give access to everything, including personal info. Remember, encryptions can & will be broken.

If you use a new, high powered machine, you are only supplying resources to other peers. If you find the network proves safe, useful and is of benefit you may reconsider this, adding more resources to be used by all.

Read about P2P here: http://en.wikipedia.org/wiki/Peer-to-peer


Regards;

Fred

p.s. @Anthony, sorry about cross post, seem to have the same general idea though! :)

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+4
-0
This user no longer exists RE: How safe are P2P programs?
Member 17th Aug, 2010 09:19
Last edited on 17th Aug, 2010 09:20 Hi,

The most important thing to consider as to the security or insecurity of P2P applications, is that while P2P applications might not have more vulnerabilities than any other piece of software (which entirely depends on the program and the developers), they are (in principle) connected to random strangers, so the potential existence of an exploit could put you in more immediate risk than other insecure applications, thought an exploit must exist before anything can happen

The same principle applies to your web browser (that normally connects to many different sites, and executes all the scripts it gets its hands on), which also, though not inherently insecure, places users at higher risk than other types of applications, due to it's exposure to the internet. This is why the Secure Browsing tab exists, for example.

In order for a cracker to be able to take over or damage your computer, there needs to be an vulnerability in the software you're running (Secunia advisories track these vulnerabilities in different software, and research finds new). Exploiting such a vulnerability can, in the more dangerous cases, let an attacker execute code on your machine. And anyone that can execute code on a machine can rapidly make it "his" machine.

If you decide to run a P2P program, sandboxing it or otherwise limiting it's access to your system makes the risk more manageable.

hope this helps.
Was this reply relevant?
+0
-0
taffy078 RE: How safe are P2P programs?
Contributor 17th Aug, 2010 09:33
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Thanks for all the good advice here, guys. Simple to read and understand.

Co-incidentally, I was asked this question last night but I have no need to/intention of file-sharing and/or P-2-P.

So now, I've simply emailed a link to this. ;0)

Thanks again.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability