File & music sharing (Family Safety)
In recent years file & music sharing technology has become quite popular. The technical name for these applications is peer-to-peer or P2P. Their popularity has mainly been driven by the soaring popularity of digital music and video players. The concept behind a P2P application is that it allows users to easily share files via the Internet, making it very easy to obtain content for digital players. Rather than having to convert a file from your CD to the digital format that your player supports, you can simply use a P2P application to find a digital copy, then download it. There are several P2P applications on the market today and most of them are free of charge.
Peer-to-Peer Technology and Copyright laws
From a security and safety standpoint, there are several areas of concern surrounding P2P applications. Of course, there are also the legal issues, since copyright laws can be easily ignored and bypassed using these applications. One of the first P2P applications, Napster, was forced to close down operations due to copyright infringement allegations. However, Napster is operating again, now within the bounds of the current copyright laws. This does not mean, however, that copyrighted material is no longer being shared illegally; it simply means that these companies are not liable for possible infringements by the users of those applications because of the way that the application operates. There are some subtle legal issues regarding copyright liability which can be easily addressed by the developers and operators of these applications to allow them to operate within the legal boundaries.
P2P software is also used to share files that are licensed for free distribution. P2P software may well be the fastest way to obtain these files. The license requirements of files on P2P networks is not always clear. You may be held responsible for knowing the licensing requirements of any files you download or share. If you are not sure of the license implications, the best route may be to avoid P2P software completely.
Peer-to-Peer Technology and Security
Apart from the legal issues surrounding P2P applications, there may be significant security concerns. Peer-to-peer applications may be able to bypass the security measures that are put in place to protect your computer and family.
These applications are designed to provide a direct pathway into your computer from other computers on the Internet. The protocols that are used might not be monitored by your security or filter applications. By using a P2P application, you are downloading files provided by strangers with no guarantee of their validity or authenticity. Many times files which appear legitimate on peer-to-peer networks are, in fact, malicious software which can compromise your computer and cause it to give away your sensitive information.
If you do decide to use P2P software for any executable files (programs, scripts, add-ons, etc.), make sure you use a md5, sha1, or similar hash (basically a digital fingerprint) from a reputable source for the file. This will allow you to verify that the file is probably not tampered with, reducing the risk of executing malware on your computer.
Tips & Suggestions
- Unless you have a valid need for these applications, remove these applications from your computer.
- Set your filter to block P2P applications and do so at the protocol level if your filter supports it. With the P2P applications blocked, you can always override the block if someone in your home has a valid need to use one, and it can be done with your supervision.
- If you really want to ensure that these applications cannot ever work, even with an override password, check with your ISP to see if they can close down any P2P ports. Usually, you can close down everything but the ports needed to run web browsers. Your ISP should be able to answer any questions you have about this.
- You may also be able to close down the protocols within your own home by configuring your router to disallow traffic from those ports. This also is something that your ISP’s technical support should be able to help you with.
- You could also close down the ports on the local firewall (most have the ability to be configured at the port level). Unless you are familiar with this technology, it is not suggested to attempt this yourself. However, you could find a friend, neighbor, or local computer store personnel who might be able to help you get this configured.
- Be aware that the ports used to download the files can usually be changed within the software. This may mean that you need to check what ports are being used by the software, to ensure that those ports are being blocked. The way you do this will depend on what P2P software you are using.
- Finally, if you do allow P2P applications on your computer, keep an eye on the application’s download directory. P2P applications have a cache directory in which they store all of their downloaded videos and music files. The cache directory is usually configured within the P2P application, itself, so you can set it to whatever location you want on your computer. You can then check that location regularly to see what has been downloaded. While this is not the best method for keeping track of what comes onto your machine, it is better than having free, unrestricted, unmonitored access to all of the content on P2P systems.