Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Analysis of P2P Software

Posted by CmdrTaco on from the dark-side-to-the-dark-side dept.

rhizome writes "Benjamin Edelman, a PhD candidate in Economics and a Law student at Harvard, has analyzed the hidden (or not) additions to a user's machine when they install some of the major Windows P2P clients. He analyzes the length and readabilty of their licenses, what is revealed or hidden in the software's installer and includes screenshots for illustration. Clear, concise and eye-opening."

22 of 200 comments (clear)

  1. Law AND Economics? by Onimaru · · Score: 5, Interesting

    When someone who's both a lawyer and an economist says a license is difficult to interpret, I tend to believe them. Even his assertion that these licenses are obfuscated is, itself, obfuscated.

    --
    adam b.
    1. Re:Law AND Economics? by Threni · · Score: 5, Funny

      > When someone who's both a lawyer and an economist says a license is difficult to
      > interpret, I tend to believe them

      Personally I'm not convinced until I'm told it by someone who maintains other people's Perl for a living!

  2. None of the Open Source ones checked? by cybrthng · · Score: 4, Interesting

    It would be interesting to compare against the popular Open Soure ports to see if they're any less invasive by nature.

    What about Shareaza?

    1. Re:None of the Open Source ones checked? by mlinksva · · Score: 4, Informative

      LimeWire is open source and is safe. I did a quick check of several other open source P2P apps (BitTorrent, eMule, Phex, and Shareaza). None are bundled with malware and if they have a license agreement it is only the GPL. All of the proprietary apps checked are unsafe, and it is well known that others not checked (e.g., Grokster) are also not safe.

  3. How satisfying to see... by Faust7 · · Score: 5, Funny

    ...that the only P2P client I use didn't even need to be reviewed. :)

    (It rhymes with "BitTorrent.")

    --
    The coolest voice ever.
    1. Re:How satisfying to see... by Anita+Coney · · Score: 5, Funny

      God, I'd pay for that!

      --
      If someone says he and his monkey have nothing to hide, they almost certainly do.
  4. Serves them right by nurb432 · · Score: 4, Funny

    Serves them right for installing that evil bad software that only pirates use..

    For the slower moderators out there today, this is referred to as sarcasm.

    --
    ---- Booth was a patriot ----
  5. Whoda thunk it? by J+Barnes · · Score: 5, Funny

    And here all this time I was thinking my computer is a piece of shit because it's a pentium II 333MHz PC with 64megs of ram running Windows 98...

    but NO...it's the P2P programs!

    --
    :::: the insomniac's digest
  6. Relevant section by Anonymous Coward · · Score: 4, Informative

    The relevant parts, for people who can't or don't want to RTFA:

    My testing uncovered no bundled software installed without at least some disclosure apparent in a careful and complete reading of all applicable installation license agreements. However, it is possible that programs were installed that I failed to detect, especially if bundled program installations were set to be delayed after installation of the requested P2P software.

    Although each P2P installer included at least a vague reference to each program to be installed, certain P2P programs' installation procedures nonetheless present cause for concern. For one, substantive disclosures are generally detailed only in license agreements presented in scroll boxes -- often squeezing thousands of words of text into small windows requiring dozens of page-downs to view in full.

  7. Little-Known Spyware EULA Provisions by Cr0w+T.+Trollbot · · Score: 5, Funny
    • User will be required to supply their own vaseline, and will receive neither a kiss nor a call the next morning.
    • User agrees to transmit any virus as required by the Program, including, but not limited to, SoBig, MyDoom, Gator, Realplayer, MS Windows, AIDS, and bubonic plague.
    • User agrees toi call the writer of this program "Big Daddy."
    • All your base are belong to us.
    • Do not taunt Happy Fun Ball.
    - Crow T. Trollbot
  8. List is far from complete. by robogun · · Score: 5, Interesting

    For instance, WinMX doesn't install anything but the p2p program. Where is it on this list?

    1. Re:List is far from complete. by tmleafsar · · Score: 4, Funny

      WinMX magically installed the complete Rush discography on my hard drive. ....that's my story and I'm sticking to it!

  9. Very true... by Robotron23 · · Score: 5, Interesting

    A couple of years back, I serviced a friends computer which was literally deluged with adware and spyware from KaZaA (KaZaA was at its peak then).

    Around 300 files, mostly registry entries, aswell as Gator were on his computer, combined it all took up roughly 35% of his RAM to run, on his 128mb chip it was difficult to even play civ or counter-strike without extreme slowdown...

    Is it just me, or did KaZaA seem the scourge of commercialism when it first started? Heck, since then its become a veritable beacon of it.

  10. Lawyer, economist, and paid shill? by halivar · · Score: 4, Interesting

    He says at the bottom that much of the research was paid for by LimeWire. I was wondering throughout the article why he was givng LimeWire such a clean bill of health, when my experience has not been so good.

    The disclosure does say something for his integrity, but I fear his appraisal may be somewhat biased (intentional or not) in favor of LimeWire.

    1. Re:Lawyer, economist, and paid shill? by digitalchinky · · Score: 4, Informative

      What exactly was your experience? LimeWire, to me, appears to do exactly as he said. Nothing more, nothing less. I don't think he sold out there.

      Shareaza is missing from the list, but is very similar to LimeWire - might be a good alternative (note: shareaza, not sharaza!)

      http://www.shareaza.com/

    2. Re:Lawyer, economist, and paid shill? by Vengie · · Score: 4, Informative

      I spent about an hour talking to Ben at the Yahoo! party last week. I can assure you that he is by no means shilling for anyone. His feelings on the matter are pretty strong, and he sells himself on the integrity you mention.

      --
      When in doubt, parenthesize. At the very least it will let some poor schmuck bounce on the % key in vi. (Larry Wall)
    3. Re:Lawyer, economist, and paid shill? by Audacious · · Score: 4, Interesting

      I have to say that I think there should be an Open Source set up for independent reviews of things. Sort of like Consumer Reports (versus Consumer Review which was started by the major corporations to try to thwart Consumer Reports' highly accurate ratings). If done correctly, and an unbiased basis can be maintained, it might take off just like many of the software projects have done. Further, it could be used to show the actual state of where Open Source products are versus Closed Source products. In fact, Consumer Reports would be the place to do this since they are fairly independent and back up all of their statements with lots of test data.

      So if anyone from any of the major OSS companies is listening - you might want to help fund the testing of the various OSs via Consumer Reports as well as some of the Open Source Software (OSS) itself versus the Closed Source Software (CSS) versions. Like Open Office versus MS-Office and the like.

      Just a thought.

      --
      Someone put a black hole in my pocket and now I'm broke. :-)
    4. Re:Lawyer, economist, and paid shill? by starfishsystems · · Score: 4, Interesting
      I have a lot of respect for Consumer Reports. We used to have a subscription to it when I was growing up, and I always found it objective, scientific, and informative.

      Where CR doesn't distinguish itself is in technical evaluations, software in particular. I could wish for more rigor when it takes on projects like these.

      Historically, the rolloff makes a fair amount of sense, as CR writes for a general rather than technical audience. And, as I often argue, you can't understand computing infrastructure as if it were a kind of appliance. Appliances are finite. Infrastructure exists for its potential.

      But as our daily lives become increasingly involved with technology, I often wish that CR could use its leadership and methodology to inform the technology marketplace as well.

      --
      Parity: What to do when the weekend comes.
  11. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  12. What programs were included by bedelman · · Score: 5, Informative

    Robogun,

    Preparing these detailed analyses is surprisingly time-consuming -- lots of license text to read, lots of screenshots to make, lots of measurements and other tests (registry, filesystem, etc.). So at least for this initial run, I had to limit myself to a manageable number of P2P programs. In general I tried to focus on the programs believed to have largest market share -- the programs that would infect the most PCs with unwanted software if such programs in fact contain unwanted software.

    WinMX would be a good candidate for inclusion in a follow-up piece. And there are plenty more too.

    Or perhaps someone else will be so kind as to take over where I've left off!

    Ben

  13. FYI: (was:Little-Known Spyware EULA Provisions) by Lead+Butthead · · Score: 5, Informative

    Bubonic plague is a bacterial infection, not a viral infection.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
  14. Re:just a question by MarkGriz · · Score: 4, Informative

    Not necessarily the "best", but Shareaza is very good, for a number of reasons:

    - Works well (IMHO)
    - Open source and Free (beer)
    - Connects to Gnutella, Gnutella2 and Emule networks
    - Built-in bittorrent support.

    --
    Beauty is in the eye of the beerholder.