Protect Your PC From File-Sharing Dangers

Jan. 26, 2004 -- Peer-to-peer file-sharing networks have come a long way since the dawn (and demise) of Napster, with LimeWire, KaZaA, Morpheus, Grokster, and others offering everything from MP3 files to movies, software, and anything that can be exchanged across a digital network.

If you're using or plan to use such networks, you should know that copyright infringement isn't the only issue to consider. You also open up your system to a host of security and privacy threats, including viruses, worms, Trojan horses, snooping, data theft, spyware, and more.

The first thing to understand about file sharing is that every user's system acts as a server for everyone else's, so there is almost no way to control the content that is available on a network.

This makes it easy for anyone to distribute a virus, worm, or Trojan horse in a file you thought contained your favorite song. Once that file is in your file-sharing directory, it's usually available to everyone, whether you've tried to play it or not, so malware can spread very quickly.

Some of the software itself has been known to have Trojan horses and other security problems. And a number of file-sharing applications contain invasive adware that monitors your online behavior and sends data back to a server. Although providers are backing away from this lately, millions of users have unwittingly downloaded tons of spyware along with file-sharing apps.

Even if you aren't using your file-sharing application, it's usually up and running in the background, providing other users with access to your system — and often to your IP address.

Studies such as "Usability and Privacy: A Study of Kazaa P2P File-Sharing" (www.hpl.hp.com/shl/papers/kazaa/index.html) suggest that the majority of users don't know what files they're sharing and may inadvertently end up sharing private files such as e-mail and financial information.

Turn It Completely Off

There are a number of steps you can take to protect yourself. The most obvious step is to turn off your file-sharing app when you're not actively searching or downloading.

This is not as straightforward as it sounds, however, as many such applications continue running in the background after you think you've closed them. You may be able to right-click on an icon in the taskbar and try to shut your app down again, but this may not do the trick either.

For example, unless you change some defaults in LimeWire's Options dialog box, it will not shut down until a current transfer has been completed. If your file-sharing app offers the option to disable sharing altogether, take advantage of this.

Watch What You Share

The next step is to make sure you control which directories you are sharing.

Unless you really know what you're doing, choose the default directory the program offers and copy all the files you want to share into it.

Don't enable sharing for any of your other directories; you may forget that you did, or that their subdirectories have also become available.

Raise Your Shields

Most popular antivirus programs, such as those from McAfee and Symantec, are effective against file-sharing viruses and worms, so make sure you run yours, and take advantage of automatic signature updating so you're protected from the latest threats.

Even if you're on a network that has a firewall, you should run a personal firewall, and if your firewall tells you that a program you don't recognize is trying to make a connection from your system, don't allow it access. If you encounter any problems running your legitimate software after that, you can always change your mind.

Run a spyware removal tool periodically to see whether you've downloaded anything unwittingly. PepiMK Software's free utility SpyBot Search & Destroy was a recent PC Magazine Editors' Choice. And make sure you keep your file-sharing application itself up to date with the latest patches and fixes.

Finally, don't forget to perform regular backups in case an attack cripples your system. You can also run a system rollback utility, such as Windows XP's System Restore or Symantec's GoBack, to ensure that you can return your entire system to a previous state.

As with e-mail, you'll never be completely safe from file-sharing security threats, but if you take the right steps you can greatly reduce the odds of becoming a victim.