Why I stay away from P2P or Be careful out there

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Why I stay away from P2P or Be careful out there

Post by Techie-Micheal » Tue May 12, 2009 9:29 pm

http://voices.washingtonpost.com/securi ... ecurityfix
Pirated Version of Windows 7 Has Malware Built-in

Security researchers are warning that Internet users who install pirated versions of Microsoft's latest Windows 7 operating system may also be installing malicious software, too.

Experts at Atlanta-based security firm Damballa say they first noticed
hacked versions of the Windows 7 release candidate available on peer-to-peer file-sharing networks and newsgroups last week, shortly after the OS was released to developers.
The discussion? While there are real, legitimate versions of operating systems on P2P networks, how does one identify them? Obviously pretty much anything Microsoft is fair game for criminals to do something like the above, but what about Linux distros? What's to stop some enterprising criminal from doing the same and why and how are users to know? Why, as in why aren't they getting them from the real source, how as in how are users to know what's legit and what's not? Hashes are one possibility, but if the users don't want to go to the real source to download in the first place, are they really going to go there to get hashes and compare them to what they just downloaded?
Proven Offensive Security Expertise. OSCP - GXPN

Kim_Possible
Registered User
Posts: 1343
Joined: Sun Sep 21, 2008 3:57 pm

Re: Why I stay away from P2P or Be careful out there

Post by Kim_Possible » Tue May 12, 2009 11:15 pm

Techie-Micheal wrote:Why, as in why aren't they getting them from the real source,
Many users on slower or unreliable connections can't get all of the 700+ MB iso (e.g. Ubuntu) from the website without great difficulty (they need a better download manager :) ), but they can get it via P2P as long as they are patient.
Techie-Micheal wrote:how as in how are users to know what's legit and what's not? Hashes are one possibility,
I always distribute with a hash file. Also, getting the torrent file itself from a reliable source (like a current user, trusted source, etc.) helps.
Techie-Micheal wrote:but if the users don't want to go to the real source to download in the first place, are they really going to go there to get hashes and compare them to what they just downloaded?
If laziness was the reason (as you imply) that people aren't getting the software from the "real source," then you'd be right, but that is not my experience.

It is a dangerous world if you're stupid. ;)

User avatar
A_O_C
Registered User
Posts: 2383
Joined: Sun Jul 01, 2007 11:26 pm
Location: phpbb_

Re: Why I stay away from P2P or Be careful out there

Post by A_O_C » Tue May 12, 2009 11:18 pm

Techie-Micheal wrote:what about Linux distros?
Seriously? Most Linux distros are free to download / install, so why would users be inclined to download it from P2P networks instead of the distros website?
Techie-Micheal wrote:Hashes are one possibility, but if the users don't want to go to the real source to download in the first place, are they really going to go there to get hashes and compare them to what they just downloaded?
I think your under-estimating the motive behind people like this. Getting a hash is free, the software isnt.

Xanta Media
Registered User
Posts: 213
Joined: Sat Dec 27, 2008 4:33 pm

Re: Why I stay away from P2P or Be careful out there

Post by Xanta Media » Tue May 12, 2009 11:26 pm

A_O_C wrote: I think your under-estimating the motive behind people like this. Getting a hash is free, the software isnt.
Normally that would be true but at the moment pretty much anybody can sign up at the MSDN website and get a free copy of Windows7 direct from Microsoft. I have it installed on my laptop now to test it.

User avatar
A_O_C
Registered User
Posts: 2383
Joined: Sun Jul 01, 2007 11:26 pm
Location: phpbb_

Re: Why I stay away from P2P or Be careful out there

Post by A_O_C » Tue May 12, 2009 11:35 pm

I dont think Micheal is talking only about Windows 7. Windows Vista, XP, Office 2003 / 2007, SQL Server, etc, etc, etc.

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Why I stay away from P2P or Be careful out there

Post by Techie-Micheal » Tue May 12, 2009 11:47 pm

Kim_Possible wrote:
Techie-Micheal wrote:Why, as in why aren't they getting them from the real source,
Many users on slower or unreliable connections can't get all of the 700+ MB iso (e.g. Ubuntu) from the website without great difficulty (they need a better download manager :) ), but they can get it via P2P as long as they are patient.
Yes, but there is also the netinstall for a lot of distros which is what I usually get even though I'm on a somewhat quicker connection. Sure, it requires that I be connected during installation and download a bunch of stuff, but 30MB versus 700MB is a big difference when getting the ISO.
Techie-Micheal wrote:how as in how are users to know what's legit and what's not? Hashes are one possibility,
I always distribute with a hash file. Also, getting the torrent file itself from a reliable source (like a current user, trusted source, etc.) helps.
That's great, but how am I to know that that is the real hash and not the hash of the software you just put a virus on? I still have to go to the real source to verify.
Techie-Micheal wrote:but if the users don't want to go to the real source to download in the first place, are they really going to go there to get hashes and compare them to what they just downloaded?
If laziness was the reason (as you imply) that people aren't getting the software from the "real source," then you'd be right, but that is not my experience.
Then what is? :)
A_O_C wrote:
Techie-Micheal wrote:Hashes are one possibility, but if the users don't want to go to the real source to download in the first place, are they really going to go there to get hashes and compare them to what they just downloaded?
I think your under-estimating the motive behind people like this. Getting a hash is free, the software isnt.
Per the above, Windows 7 right now is free from Microsoft.

And yes, Linux distros are out there on P2P networks. http://www.debian.org/CD/torrent-cd/ as one example. So why not just go there instead of pulling it off some random person? Yet from what I've seen, people simply click and start downloading.

Yes, I am talking about Vista, XP, etc., but also Windows 7. In this case, Windows 7 is free, which further confounds me as to why people would rather pull it off some untrusted person and allow what happened above to happen to them.
Proven Offensive Security Expertise. OSCP - GXPN

Kim_Possible
Registered User
Posts: 1343
Joined: Sun Sep 21, 2008 3:57 pm

Re: Why I stay away from P2P or Be careful out there

Post by Kim_Possible » Wed May 13, 2009 2:37 am

Techie-Micheal wrote:Yes, but there is also the netinstall for a lot of distros which is what I usually get even though I'm on a somewhat quicker connection. Sure, it requires that I be connected during installation and download a bunch of stuff, but 30MB versus 700MB is a big difference when getting the ISO.
True, there are other ways to get the distro. You can also send off for the CD for some distros. That doesn't mean the P2P isn't a fine way to get it as well.
Techie-Micheal wrote:That's great, but how am I to know that that is the real hash and not the hash of the software you just put a virus on? I still have to go to the real source to verify.
Going to the real source to verify a hash is a lot easier for people on slow connections than going to the source to download 700MBs.
Techie-Micheal wrote:Then what is? :)
Kim_Possible wrote:Many users on slower or unreliable connections can't get all of the 700+ MB iso (e.g. Ubuntu) from the website without great difficulty (they need a better download manager :) ), but they can get it via P2P as long as they are patient.
Techie-Micheal wrote:So why not just go there instead of pulling it off some random person? Yet from what I've seen, people simply click and start downloading.
Kim_Possible wrote:It is a dangerous world if you're stupid.
:D

User avatar
onehundredandtwo
Registered User
Posts: 1228
Joined: Fri Nov 14, 2008 8:07 am

Re: Why I stay away from P2P or Be careful out there

Post by onehundredandtwo » Wed May 13, 2009 6:08 am

This is exactly why I don't use P2P. I tried downloading a program from it once and thank goodness I had anti-virus or I would have been infected.

Plus half the P2P programs out there are terrible, tried BitTorrent and the process wouldn't end, stuck on 100% CPU. I had to start the computer in safe-mode to remove it, even that was a nightmare.

User avatar
SHS`
Former Team Member
Posts: 6615
Joined: Wed Jul 04, 2001 9:13 am
Location: Yellow Beach, Nine Dragons, Hong Kong
Name: Jonathan Stanley
Contact:

Re: Why I stay away from P2P or Be careful out there

Post by SHS` » Wed May 13, 2009 7:44 am

This is all a bit like, "if you have sex without protection, you might catch an STD". Well thanks Captain Obvious. :P

Regarding hashes and faked hashes, Microsoft actually have public SHA1sums & CRCs for all their downloads public (assuming you have a Live ID):

https://technet.microsoft.com/en-gb/sub ... fault.aspx
TechNet downloads, Windows 7 RC1 x86 & x64 SHA1sums.
TechNet downloads, Windows 7 RC1 x86 & x64 SHA1sums.
TechNet-downloads.png (228.08 KiB) Viewed 1996 times
And as for downloading, whilst I can get a decent 1~3Mbytes/sec with the download manager from Microsoft, off a well seeded torrent (say complete 6 DVD set for Debian, totalling ~20GiB); I can pull that at 20Mbyte/sec (yaay saturated connection) and get it in an hour as opposed to waiting for the next day.

As for anything non-official (say a patched termsrv.dll to enable concurrent RDP sessions in Win7 ;)), then to be fair it's a case of how much do you trust your source and/or your ability to validate whatever it is you downloaded via Digital Signatures, testing in a Virtual Machine sandbox and what not. Otherwise it's a bit like crying over spilt milk after transferring your entire bank account to Nigerian scammers. :mrgreen:
Jonathan “SHS`” Stanley • 史德信
Image

User avatar
onehundredandtwo
Registered User
Posts: 1228
Joined: Fri Nov 14, 2008 8:07 am

Re: Why I stay away from P2P or Be careful out there

Post by onehundredandtwo » Wed May 13, 2009 7:55 am

SHS` wrote:This is all a bit like, "if you have sex without protection, you might catch an STD". Well thanks Captain Obvious. :P
:lol:

I still think secure P2P is still a while away though. Too many hackers use it to circulate viruses. I'm not changing my opinion there.

User avatar
Dog Cow
Registered User
Posts: 2495
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: Why I stay away from P2P or Be careful out there

Post by Dog Cow » Thu May 14, 2009 7:53 pm

One should always be careful of cracked software. I know that if I were a software pirate, I'd be sure to put keyloggers and all sorts of goodies in my warez and make sure the n00bs got it. :lol:

It doesn't matter the source: torrent, or whatever. If it's cracked/pirated, then you have to be careful.

Gud
Former Team Member
Posts: 597
Joined: Fri Sep 07, 2001 11:02 am

Re: Why I stay away from P2P or Be careful out there

Post by Gud » Sat May 16, 2009 7:57 pm

SHS` wrote:This is all a bit like, "if you have sex without protection, you might catch an STD". Well thanks Captain Obvious. :P

Regarding hashes and faked hashes, Microsoft actually have public SHA1sums & CRCs for all their downloads public (assuming you have a Live ID):

https://technet.microsoft.com/en-gb/sub ... fault.aspx
And how do we know technet.microsoft.com isn't a spoofed DNS pointing to a web site hosted by romanian hackers?

Besides, if you cared about security you wouldn't be using Windows to begin with 8-)
(I had to)

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Re: Why I stay away from P2P or Be careful out there

Post by EXreaction » Sat May 16, 2009 9:04 pm

If someone is spoofing DNS entries on you, I don't think they'd waste their time setting up a spoof for technet just to give false SHA1 sums.

Windows is pretty secure and as long as you keep it up to date with automatic updates or check when it notifies you there are updates it's pretty unlikely you'll be hacked through an exploit for Windows.

User avatar
Tripp
Former Team Member
Posts: 1358
Joined: Sun May 20, 2007 5:14 am
Location: G'boro, North Carolina
Name: Tripp
Contact:

Re: Why I stay away from P2P or Be careful out there

Post by Tripp » Sun May 17, 2009 6:59 am

It's called 'The Scene', look it up, I trust my sources when it comes from 'them'

User avatar
froggyboy604
Registered User
Posts: 1
Joined: Sun May 31, 2009 8:57 pm
Location: Canada
Contact:

Re: Why I stay away from P2P or Be careful out there

Post by froggyboy604 » Sun May 31, 2009 9:16 pm

I don't use pirated software since it can contain Malware.

I usually look for open source alternatives on sourceforge, or shareware/freeware on download.com since they are usually malware free.

Post Reply

Return to “General Discussion”