If you’ve downloaded KaZaA free Media Desktop (KMD) software
without carefully reading the permission agreement, you have inadvertently
allowed its stealth software program, Altnet network, to invade
your computer.
KaZaA allows for the sharing of MP3, video and many other kinds
of digital files through a peer-to-peer (P2P) network. Estimates
of users range from 85 million to 110 million downloads worldwide.
Altnet 3D advertising technology, created by Brilliant Digital Entertainment
of Los Angeles, is buried in the KaZaA application. According to
the July Business 2.0, Brilliant plans to market the resources—including
storage space, bandwidth and processing power—of the millions
of computers linked in the network.
“KaZaA is very sophisticated,” said Pam Crawford, ITD
security analyst. “Once installed on a computer, [KaZaA] can
take control of it remotely, turning it into a server on a massive
network that is being built and controlled by Brilliant Digital.
It can reveal sensitive information that could be used by malicious
users—hackers—to remotely gain access to files.”
It’s possible for users on the network to be sharing all the
files on their hard drive—including e-mail, Web browser cache
and cookies, documents and spreadsheets—and not even know
it. And, once KaZaA is on a computer, not only the individual machine
but the whole network to which it is linked can be open to exploration
and exploitation.
The software also is host to viruses and worms, disguised on download
to look like music files, which can have potentially disastrous
consequences for systems and data. The recent significant spike
in calls at the ITD help desk, primarily from freshmen reporting
operating system issues—Trojan virus infections, boot-up problems
and poor performance—is indicative of problems associated
with KaZaA.
Questions of copyright violation are also at issue. Napster currently
is in bankruptcy after a court ruled the company violated copyright
law by providing the technology to download digital music. The downfall
of Napster, however, barely caused a ripple in the Internet file-sharing
business, as similar services such as KaZaA and Morpheus surfaced
in its wake.
“Federal legislation introduced in July may impact music downloads,”
said Associate General Counsel Jill Shipley. “The pending
legislation would amend the Copyright Act to provide copyright owners
with immunity for any actions they may take to protect the accessibility
or distribution of their works on the peer-to-peer file trading
networks.”
KaZaA is creating grave concerns for universities. After part of
its network crashed due to traffic volume, one university discovered
two PCs with several thousand connections each. At Emory, the problem
is as near as the next office or computer.
“KaZaA is the ‘top’ traffic on the network when
classes are in session,” said Paul Petersen, network engineer
for Network Communications (NetCom). “Network traffic reports
reveal that the majority of traffic is not from users at Emory downloading
files, but rather from people outside Emory using computers within
the network [as servers] to gain access to music and files.”
Some universities have engineered solutions such as setting up network
perimeter blocks or “packet shaping,” which prioritizes
bandwidth.
“KaZaA’s demand for bandwidth is insatiable,”
said Ramous Fields, assistant director of NetCom’s technical
operations. “Universities have to keep space in the pipeline
for mission-critical applications and other Internet traffic. At
Emory we use packet-shaping technology, which prioritizes bandwidth
in a way that allows P2Ps like KaZaA to coexist with other applications
and Web traffic without consuming all the resources.”
As a security vulnerability to Emory’s shared computing resources,
ITD Security recommends that users do not install KaZaA. If already
installed and users want to remove it, all components of the program
need to be deleted, including files that are hidden in the computer’s
system-level directories. It’s also recommended that computers
be configured to limit the number of connections and to restrict
file sharing.
If you suspect KaZaA is causing problems on your computer, please
contact your local support professional or ITD’s help desk
at 404-727-7777 (or send e-mail to help@emory.edu).
Technical information on computing problems associated with KaZaA
is posted at www.emory.edu/ITD/ANNOUNCE/kazaa.html
and on packet shaping at www.emory.edu/ITD/ANNOUNCE/packeteer.html.
Guidance on uninstalling the program is also offered on C/net News.com:
http://news.com.com/2100-1023-875274.html.
|