Slashdot Mirror
Distributed Computing Program Hidden in Kazaa
The_THOMAS writes: "A federal securities filing Monday revealed that the hugely downloaded Kazaa P2P (file sharing) software contains a piggyback program which will create a second, new, network controlled by Brilliant Digital. They plan to awaken the software, already on millions of computers, within the next four weeks. The program will be used to host and distribute other companies' content and may be used for distributed computing. Read the details here."
Unfortunately, the clause to allow kazaa to use your CPU cycles has been around since the day morpheus came out..
Time to switch to giFT!
It's legit, irritatingly enough.
/system32 folders (if you're running Windoze)
The program hides itself in different locations all over your hard drive, including copies of itself in your OS root and
It's a bitch and a half to purge. There's no unistaller, and it's got dozens of registry entries to manually erase.
(Search for 'bde' and 'b3d' on your HD and your registry to make sure you get it all.)
I can only imagine the looks on people's faces when a gigantic 3D Cameron Diaz appears on people's computer screens and commandeers their system.
if he ate spinach, he'd be called spinach danson.
http://rockout.org
I'm not sure if this is an april fools joke or not
It's in their annual report and I don't think the SEC like jokes.
0xB
Gnucleus is a FAST, open-source window$ client in a relatively stable state right now. It also works in Wine, from what I hear. It has lots of features not present in slower clients like Limewire and, being open-source, doesn't lock out other clients like BearShare does. Morpheus has switched its entire network to Gnutella on a modified Gnucleus client, so there is no longer the "lack of files" excuse for using a proprietary network instead of gnutella. If you download it, be sure to "evolve" to version 1.6.3, as the version on the site is not very stable.
"I assumed blithely that there were no elves out there in the darkness"
Go to cnn.com and look up a stock quote on BDE, you'll find Brilliant Digital Entertainment. It might be a stupid name, but they are a public company.
But the Kazaa story is also on www.news.com.
It looks like cnet owns the .com.com domain, too:
Registrant:
CNET Networks, Inc (COM2994-DOM)
235 2nd Street
San Francisco, CA 94104
US
Domain Name: COM.COM
You might have tried something like this already, but if not download or buy a package that monitors programs that try to access anything through TCP/IP and warns you when a program is trying to do something you haven't authorized over the network. Tiny Personal Firewall has worked out pretty well for me and is free for home use. It works in most cases, unless the application has a legit reason to use a particular port and also uses it for something you wouldn't expect. Adobe Photo Deluxe doesn't sound like it'd fit into that category, however...
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
more to the point: I clicked on the link and read the original article, and it implies that the click-through licensing agreement will appear when they activate the software. in other words, no one has agreed to anything yet, and brilliant says they will not run the software without the end-user's permission.
First download Kazaa lite:
:)"
http://www.kazaalite.tk/
It removes all spyware and inserts a fake file which looks like syware so that kazaa can't shut itself down. Kazaa: 'Your stealing my program!" Kazaalite"Stealing is a strong word, we're copy infringing on your program
Then heres the cool thing, edit your "hosts" file. Go ahead search for it. Good you found it. Now any server you don't want to connect to say ads.kazaa.com (just an example.)
type in your hosts file
127.0.0.1 ads.kazaa.com
Everytime kazaa tries to download an add from ads.kazaa.com it'll be looped back to your own computer. No ad!
Of couse kazaa could always just use IP addresses directly bypassing hosts. But they havn't yet.
Another thing, I have no idea whether kazaa lite has this distributed trojan active in it.
Veramocor
Quoth:
If such a message came from a company with not a bad reputation (winamp comes to mind), i would install the program
I guess you didn't realize that Winamp is Nullsoft is America Online whom is also the proud owner of Time Warner, among other things.
Is there really a reason to go about trusting, implicitly, this "winamp" organization of which you speak?
Kid-proof tablet..
Uninstall Kazaa. Do it now. Then go to http://www.kazaalite.tk and get Kazaa lite. It is 100% the same - minus all of the spyware. It also removes the restriction on 128K bitrate among other things. If you currently use Kazaa, you should go to this page, follow the instructions, and get rid of the spyware crap on your system!
BDE (Brilliant Digital's Engine) is listed separately on the list of programs installed and may be deinstalled. It leaves some very suspicious crap around in the %WINDIR%\SYSTEM32 directory, so after deinstalling and rebooting it is a good idea to remove this as well before continuing (and before you connect to the network).
Regrettably the Gnucleus network still doesn't provide the accessibility to material that Fast-track does. I run both clients and can see the difference, particularly with regards to queuing.
If you're using Kazaa, you did consent. Read the EULA sometime.
4. Upgrades and Access.
(a) You acknowledge that BDE may from time to time provide future programming fixes, updates and upgrades to you ("b3d Updates"), including automatic updates to KaZaA and other software bundled with KaZaA, through automatic electronic dissemination and other means. You consent to such automatic updates and agree that the terms and conditions of this Agreement will apply to all such b3d Updates.
(b) You hereby grant BDE the right to access and use the unused computing power and storage space on your computer/s and/or internet access or bandwidth for the aggregation of content and use in distributed computing. The user acknowledges and authorizes this use without the right of compensation. Notwithstanding the above, in the event usage of your computer is initiated by a party other than you, BDE will grant you the ability to deny access.
Of course, EULAs have yet to be stress-tested in our court system, but are *you* going to have the money to win the court case?
Erik
Except (from the EULA displayed when installing the Kazaa software):
(b) You hereby grant BDE the right to access and use the unused computing power and storage space on your computer/s and/or internet access or bandwidth for the aggregation of content and use in distributed computing. The user acknowledges and authorizes this use without the right of compensation. Notwithstanding the above, in the event usage of your computer is initiated by a party other than you, BDE will grant you the ability to deny access.
You hit "I agree" on this thing in order to install the software. Thus, they are not exceeding the rights you have explicitly granted them.
Jouster
Which is better...something that reports back your habits, or something that uses spare cycle time for something constructive?
From the article, it sounds like their primary goal is to harness the bandwidth to redistribute advertisements. Would you call that "something constructive?"
Might also want to unistall the B3D updater from the startup files and take uninstall b3d projector from the add/remove programs list (it doesn't really remove brilliant anyway). This kills all ads as well as removing the spyware. After doing those and changing the bitrate quality allowed for audio files, I can download up to ten files at once, run quarter screen video, play solitaire and have notepad and Opera running without taxing my machine (Athlon XP 1500, 512M PC133, cable connection.)
Second thought, it might be easier to just download the lite version.
Reality is what won't go away when you stop believing in it. Philip K. Dick
>Sure, that's why there are so many high quality, open source alternatives available, and why everyone uses them instead of Kazaa.
That's simple. The FastTrack network appears to have done its level best to thwart open source alternatives.
Now, if the FastTrack network and the software behind it were fully open, this wouldn't be a problem and I think in no time you'd all find a GiFt on your computer.
>Sorry, but the objective evidence just doesn't support your claim.
One word: Gnutella.
There IS a uninstaller for BDE. In my machine it was under C:/WINNT/bde/ and it was called bdeclean.exe It's also available from the uninstall program. Now for the bad news: The uninstaller left all sorts of files around, including a re-installer. As has been mentioned, do a find on BDE & B3D, but be sure to look under [properties] [Company Info] to make sure it's from Brilliant, since some windows files have bde in their name. The registry was also stuffed full of BDE entries, even after the 'official' uninstall. If it created any files which did not have bde in their name, or if it modified any .ini files, I have would have no idea. Anyone have any information on where else these files may be hiding?