File Sharing

File sharing allows users to download and share files on their computer. There are several different types of file sharing including peer-to-peer networks (such as KaZaa, Morpheus, and eDonkey), and CIFS which is commonly used to share files between Microsoft Windows computers.

File sharing can be a useful tool, however there are pitfalls in the use of file sharing that all users should be aware of. If not properly configured, a computer engaged in file sharing could be opening up its entire contents to the world, including personal and private documents that were not intended for public release. Other pitfalls include bandwidth consumption, which can cause poor network performance, and the possibility that the files you download contain masked viruses or other malicious applications. If care isn't taken, file sharing can do more harm than good.

What's Being Shared?

Several peer-to-peer file sharing applications are installed with default settings which include sharing the entire contents of your computer. Other such applications will scan your computer for multimedia files and make guesses as to which folders should be shared. The result is that you may not be aware of what files are being shared from your computer. This is a dangerous situation as important and sensitive information could be shared by accident and wind up in the public.

Check your file sharing application's configuration to ensure no unexpected files or folders are being shared.

The same concept applies to folders on your computer which are configured as network shares. Sharing folders on a local network can be very useful when others need access to information on your computer. However, default permissions on network shares allow anyone to access your shared folders.

Often users will share the entire contents of their computer so that they may access any information they need remotely when away from their computer. The problem that arises is the default permissions for the network share allow anyone to access the information and, in some cases, edit and delete that information as well.

When creating a network share on your computer be sure to explicitly define who has permission to access that share and remove the permission for everyone to access the share.

Why Is The Network Slow?

Peer-to-peer file sharing networks consume large amounts of bandwidth. If you think of your internet connection as a water pipe, the amount of water than can flow through the pipe would be what is called bandwidth. The available bandwidth on a network is shared among all users on that network. If one user is consuming a large percentage of the available bandwidth, other users on the network will have much less bandwidth to use for their own purposes. The result is in slow network performance.

Accessing peer-to-peer file sharing networks consumes large amounts of bandwidth and will degrade network performance.

Users who access peer-to-peer networks from home must also concern themselves with bandwidth consumption. Accessing such networks will cause a degradation in the performance of other internet-related activities such as browsing the web, instant messaging, and e-mail.

What's Being Downloaded?

Not all files contain what their names imply.

Files downloaded off peer-to-peer networks may not contain what you think. Viruses, worms, and other malicious applications are often transmitted across peer-to-peer networks masked as a music file, video clip, or other file likely to be popular.

Anti-virus software may help in identifying some malicious applications, but chances are not all malicious applications will be found. Your anti-virus software may not be up-to-date or the malicious application could be considered not a virus and as such not detected by your anti-virus software. There are several such applications described as "network administration tools" which covertly open full control of a computer to anyone who connects to the victim's machine.

Even with anti-virus software installed, the files you download may contain a malicious application.

The Secret To Using P2P Applications

Peer-to-peer applications open users up to an array of vulnerabilities. They create poor network performance for other internet applications, present an easy means for attackers to distribute malicious applications to unsuspecting users, and can share your private information with the world.

Using peer-to-peer networks to just download music and video clips still presents several problems. Besides still potentially opening the contents of your computer up to the world, there are several known tricks that allow attackers to mask applications as music and video files. Some media players such as Windows Media Player and RealPlayer allow commands to be embedded in media files. It's possible to the name of a file to appear as if it ends with the expected media file type extension such as .mp3 or .mpg, however it is really an application which, when double-clicked, will execute the program and attack your computer. It is also possible to change the icon displayed next to the filename to further support the notion that a file which appears to be a .mp3 or .mpg is just that, when in fact it is a masked application.

The secret to using peer-to-peer applications safely is to simply not use them at all.

Last Modified: May 7, 2008