Find Events Find People Find Jobs Find Sites Find Help Index

 
   

September 30, 2002

High price to pay for 'free' KaZaA downloads

Donna Price is commmunications coordinator for the Information Technology Division

If you’ve downloaded KaZaA free Media Desktop (KMD) software without carefully reading the permission agreement, you have inadvertently allowed its stealth software program, Altnet network, to invade your computer.

KaZaA allows for the sharing of MP3, video and many other kinds of digital files through a peer-to-peer (P2P) network. Estimates of users range from 85 million to 110 million downloads worldwide. Altnet 3D advertising technology, created by Brilliant Digital Entertainment of Los Angeles, is buried in the KaZaA application. According to the July Business 2.0, Brilliant plans to market the resources—including storage space, bandwidth and processing power—of the millions of computers linked in the network.

“KaZaA is very sophisticated,” said Pam Crawford, ITD security analyst. “Once installed on a computer, [KaZaA] can take control of it remotely, turning it into a server on a massive network that is being built and controlled by Brilliant Digital. It can reveal sensitive information that could be used by malicious users—hackers—to remotely gain access to files.”

It’s possible for users on the network to be sharing all the files on their hard drive—including e-mail, Web browser cache and cookies, documents and spreadsheets—and not even know it. And, once KaZaA is on a computer, not only the individual machine but the whole network to which it is linked can be open to exploration and exploitation.

The software also is host to viruses and worms, disguised on download to look like music files, which can have potentially disastrous consequences for systems and data. The recent significant spike in calls at the ITD help desk, primarily from freshmen reporting operating system issues—Trojan virus infections, boot-up problems and poor performance—is indicative of problems associated with KaZaA.

Questions of copyright violation are also at issue. Napster currently is in bankruptcy after a court ruled the company violated copyright law by providing the technology to download digital music. The downfall of Napster, however, barely caused a ripple in the Internet file-sharing business, as similar services such as KaZaA and Morpheus surfaced in its wake.

“Federal legislation introduced in July may impact music downloads,” said Associate General Counsel Jill Shipley. “The pending legislation would amend the Copyright Act to provide copyright owners with immunity for any actions they may take to protect the accessibility or distribution of their works on the peer-to-peer file trading networks.”

KaZaA is creating grave concerns for universities. After part of its network crashed due to traffic volume, one university discovered two PCs with several thousand connections each. At Emory, the problem is as near as the next office or computer.

“KaZaA is the ‘top’ traffic on the network when classes are in session,” said Paul Petersen, network engineer for Network Communications (NetCom). “Network traffic reports reveal that the majority of traffic is not from users at Emory downloading files, but rather from people outside Emory using computers within the network [as servers] to gain access to music and files.”

Some universities have engineered solutions such as setting up network perimeter blocks or “packet shaping,” which prioritizes bandwidth.

“KaZaA’s demand for bandwidth is insatiable,” said Ramous Fields, assistant director of NetCom’s technical operations. “Universities have to keep space in the pipeline for mission-critical applications and other Internet traffic. At Emory we use packet-shaping technology, which prioritizes bandwidth in a way that allows P2Ps like KaZaA to coexist with other applications and Web traffic without consuming all the resources.”

As a security vulnerability to Emory’s shared computing resources, ITD Security recommends that users do not install KaZaA. If already installed and users want to remove it, all components of the program need to be deleted, including files that are hidden in the computer’s system-level directories. It’s also recommended that computers be configured to limit the number of connections and to restrict file sharing.

If you suspect KaZaA is causing problems on your computer, please contact your local support professional or ITD’s help desk at 404-727-7777 (or send e-mail to help@emory.edu).

Technical information on computing problems associated with KaZaA is posted at www.emory.edu/ITD/ANNOUNCE/kazaa.html and on packet shaping at www.emory.edu/ITD/ANNOUNCE/packeteer.html.

Guidance on uninstalling the program is also offered on C/net News.com: http://news.com.com/2100-1023-875274.html.