polarbearit

I'm apparently downloading Die Another Day at 50k+ per second which sounds amazingly quick - I assume this must be a duff file as thats far too fast for a 34k/bit connection!

Has anyone had a similar experience with kazaa?

BuRR

I bet its not what it says it is once you get it down

polarbearit

Yeah - didn't work - no surprise there! Just amazed by the download speed...

STi-Frenchie

That does sound a bit fast for a 34k/bit connection. I regularly get that sort of speed with my ADSL connection. One trick I found with Kazaa Lite is to use SpeedUp which is in the same installation folder as the main program - use it to start Kazaa Lite. Another thing to try when you think it's not downloading your file fast enough or finding more sources, is to try doing a Pause and then a Resume on your download. Seems to wake up the download again.

Chris L

I hate these programs. Word of advice - do a search on 'rogue protocols' and 'KaZaA' - see what comes up. Links like this

I wouldn't let KaZaA or anything similar within a five mile radius of my PC. We've done a few security audits for customers and several have reported some nasty problems that went undetected by their corporate firewalls. The cause - you've guessed it!

Chris

[Edited by Chris L - 11/23/2002 8:54:33 AM]

JackClark

Thanks for the link Chris, very interesting. I dumped Kazaa after trying to read the EULA.

Chris L

We've been doing a few detailed RFI /RFPs at work for security contracts. Rogue protocols are coming up a lot. From the network analysis work that we do, you see programs like KaZaA and eDonkey appearing all over company networks. Instant messenger programs are also at risk.

Ta for the piccies BTW JC

Cheers
Chris

Eagle7

Chris,

Most of these programs are a security nightmare, but KazaaLite has the nasty rogue stuff removed. That is why it is called 'lite'.

Chris L

OK - I'll tell our customers that.....

Personally I would be very very wary of any statement like that. When you work in IT Security you can become a little paranoid and you tend not to trust statements like this. I'm aware that KaZaA lite is not so bad as the full on KaZaA, but the problem lies in the program itself and how it sets up and maintains connections. KaZaA and similar programs maybe perfectly legit, but it is possible for them to hijacked. There are some extremely clever people out there, I wouldn't even give them the chance by having this or any similar program near my PCs.

Remember how Real Audio denied that it was installing spyware in it's programs for ages.....

Chris

STi-Frenchie

Spyware and security are of course linked, but spyware can (for the most part) be detected and removed using Ad-Aware and similar products. Having a good firewall installed, up to date anti-virus software and signatures and being aware of what you are doing with p-2-p programs and what risks you are taking is part and parcel of the net and how people choose to use it. My personal mantra is, "if in doubt, nowt gets out".

Chris L

Very true

But my point was that a perfectly reputable company denied for ages that it did install spyware. Ad-aware (which I use and is very good) was written largely because of this and similar incidents.

Don't also forget that Checkpoint had the infamous 'Mosad backdoor' in its firewall software for some considerable time - and denied it.

The other point to make is that a firewall is no defense against rogue protocols - thw whole point of these is that they are perfectly legitmate programs and the flow of traffic will look OK - even to stateful inspection based firewalls.

You are into the realms of intrusion detection systems end event correlation engines to detect whether the traffic flow is actually doing what it says it is. Have a look at www.ubizen.com to see what I mean.

Chris