Slashdot Mirror
More on Kazaa and Brilliant Digital Spyware
Vertigo01 writes: "There is an interesting article from CNN.com on the current state of the Kazaa controversy, and Brilliant Digital's plans for the future. Interesting quotes from the article include a statement saying that 'Altnet's seeded software [will be] awakened some time in May' and that 'Brilliant is negotiating with music labels and movie studios to market their material as well. The files will be copy-protected in some way, using Microsoft's digital rights management encryption technology.'"
So maybe they did listen to everyone after all? I await to see what "warnings" are given and how easy the opt out is...
Thinking of this - I have a question
How does altnet know what is "unused" in bandwidth terms?
as far as I was aware there was no prioritising in the windows tcp/ip stack where by one application does not get any bandwidth while others wish to use it
That would imply to me that they will just use ANY bandwidth they can - not just "un-used bandwidth"...
I found this interesting, although not surprising... If companies such as Brilliant and Sharman Networks were to release 'clean' versions of their products, and they were totally upfront in an easy to read EULA (who reads those anyway right?), would you use it? Would you swap bandwidth and disk for the privilege?
Furthermore, would the 'average' person? Spyware, what's that? etc...
They won't realise that their bandwidth and disk space is eaten away slightly, they wont care when they do cos they're still getting free music. It is far too hard for the average user to install a new sharing program let alone find the name and site of one. "It's all too hard and this program works and im confortable with it."
Anyway if they are using Microsoft's digital rights management encryption technology then I look forward to having a look at what they send.
As a generic moderator-on-crack appears to believe wholeheartedly that the juxtaposition of this news article and a previous one is 'Offtopic', I feel it best to explain a potential 'Nightmare Scenario' on the horizon...
.exe itself hasn't changed, just a shared library that the exe uses.
Assumption One: Cancerware authors are amoral miscreants. Given the track record of the likes of Brilliant Digital, we can safely say that this is a given.
Assumption Two: One of the biggest advantages of a modularised Windows OS appears to be the ability to switch out the insecure MSHTML renderer as used in Internet Explorer to replace with Gecko and their ilk. Forcing Microsoft to publish the full API would enable a seamless changeover between rendering engines.
Let's follow this closely. The rendering engine runs as locally executed code, which brings with it additional security issues. I imagine, when push comes to shove, there will be plenty of Microsoft oriented warning messages along the lines of "It may be dangerous to change your rendering engine!" should a user want to make the switch.
However, fully expect the AOL / Netscape hegemony to complain loudly to the courts that this is FUD, and that it is PERFECTLY safe to switch to Gecko without notifying the user short of a generic EULA type click-through. Microsoft, having received a battering from all corners, will be forced to comply and take the warning out.
Which brings us back to Assumption One - Cancerware. Cancerware authors are forever looking for increasingly sneaky and devious ways to install their filthy code onto previously stable computers.
So, take one 'killer app', currently a P2P client, but who knows what the next one will be. Add a clause during installation that some vague 'browser enhancement' software will be installed as a requirement of the killer app. Many people will click through without reading, or just think "Enhancement - Cool!" and let it install.
What does this browser enhancement do? It acts as a fully functional replacement for the MSHTML module. Thanks to the efforts of Microsoft's competitors, it will install seamlessly, running code with local privledges.
What can it do? Anything that cancerware does already. Spying, gathering important data like CC numbers, taking control of your machine, uber DDoS, etc. etc. The possibilities rest purely with the devious malevolence of the author. It will, of course, be auto-updating, so even if it's caught out initially as being just another Purple Ape, it can download enhancements to itself to get past most security problems.
Remember that NO-ONE in the hacking community knew about Brilliant Digital's plans until they made their press releases. Sleeper cancerware, ready to awaken when the stars are right. As MSHTML is part of the Operating System now, for good or ill, it will be loaded on startup, even if the user doesn't open a browser.
But won't this be noticed by firewall software? Well, assuming consumer-grade firewalls work like Zonealarm, then no. Zonealarm checks for EXE files attempting to access parts of the net that they shouldn't be. But of course, Internet Explorer, being the most common Internet application, will be allowed through. The
And of course, the only way to uninstall this version of MSHTML would be to delete it, thus breaking anything that wants to use it. Like, err, everything!
Regardless of any non-Microsoft eliteness, the fact remains that Windows is the most popular PC Operating System for now, and shall be for a long time. This scenario outlined above is one of many potential fallabilities. I can assure you that minds far more devious than my own are concocting their own plans.
Cancerware is nothing more than barely-legitimized cracking. It seems that replacing "3133t hax0r sp33k" with the terse pseudo-legalese wording of EULAs makes this all acceptable. It isn't. And the sooner more people realise this, the better.
Of course, any company releasing something like this shall eventually become a target for the authorities. But the arrest of the author of the Melissa Virus didn't magically undo all the damage it caused, right?
"Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
I don't understand this at all. When a university student launches a program out into the net, and that program sneaks onto your machine and mucks with your registry and steals your CPU cycles, it's a "virus." The kid is labeled a hacker and is arrested. And now, thanks to 9/11, the kid has the additional dubious classification of a "terrorist."
However, if this EXACT SAME THING is done by a corporation, in the name of profit, it is viewed completely differently! Why? What's the difference? It's a VIRUS! Software forces itself onto your machine and changes things without your permission. That's a virus. That's illegal. Why are we tolerating it???
Like woodworking? Build your own picture frames.
The RIAAs claim that people are stealing music...
OR
Another company making a profit off of this supposed theft?
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
This wouldn't happen to be the DRM that has already been broken?
It's 10 PM. Do you know if you're un-American?
What is to stop Kazaa and Brilliant Digital from using their software to scan the music & movie files on your hard drive, develop a signature and transfer that back to the RIAA and MPAA? Could Kazaa be a trojan horse company set up by music companies to spy on the p2p habits of music lovers? If they now claim that using the bathroom during a commercial break is a technical violation of the copyright laws, this doesn't seem to far fetched.
Strange women lying in ponds distributing swords is no basis for a system of government.
If you find this on a corporate system, sue Brilliant Digital under the Computer Fraud and Abuse Act, for "exceeding authorized access". If they claim their access is "authorized", demand to see a document signed by an officer of the company. Some random employee clicking on a dialog box isn't enough. Only someone with authority to bind the company can authorize access. It's a straight "hacking" case.