Craig Lant, System and Network Security
After the fall of the great Napster, many peer-to-peer file-sharing programs tried to fill the void. A little piece of software called KaZaa (http://www.kazaa.com/) seems to be winning that race. People are now chewing up huge amounts of bandwidth using KaZaa to trade everything from music files to full-length movies. There are some important legal and policy warnings for the use of programs such as KaZaa. Under Federal law, downloading copyrighted material, without permission, for personal use even when it is not for profit, is punishable by severe penalties. Also, overly extensive use of the campus network may exceed limits on "incidental personal use" of resources by staff employees, or may exceed dorm room bandwidth limits. But there are many perfectly legal uses for this kind of software in the conduct of University business and much of the data being shared is not copyrighted.
The technology has really come a long way. The network of KaZaa users (called FastTrack) typically supports over a million simultaneous users. Taking advantage of such a huge network full of data, KaZaa will search out multiple copies of what you're looking for and simultaneously download different pieces of it from different sources for efficiency. At the same time, KaZaa attempts to intelligently cluster its activity, minimizing long-haul backbone traffic and speeding up transfers. KaZaa is a very powerful tool, and the amazing thing is that it's free, sort of.
Obviously, software this powerful takes a lot of time and effort to create and maintain. So, it can't really be free. There has to be a catch. And so there is. Since last fall, whenever anyone installs KaZaa, another piece of software called "b3d projector" from Brilliant Digital Entertainment (http://www.brilliantdigital.com/) is also quietly installed. Currently, this software is only used to display advertisements on your computer. That's how KaZaa gets their money.
However, there's more to b3d projector than meets the eye. Brilliant Digital is planning to "turn on" some additional features of b3d very soon. These features will allow them to use the processor, memory, disk space, and network bandwidth of every computer that has it installed (tens of millions of them) to host and distribute advertising and other content. They may also sell the processing power of this enormous distributed computing network (called Altnet) to other companies. Now, to their credit, they do tell you this during the install. If you were to read the rather long usage agreement, it does say:
You hereby grant BDE (Brilliant Digital Entertainment) the right to access the unused computing power and storage space on your computer/s and/or internet access or bandwidth for the aggregation of content and use in distributed computing. The user acknowledges and authorizes this use without the right of compensation.
B3d isn't the only bit of software that KaZaa quietly slips onto our computers, and KaZaa isn't the only so called "freeware" that secretly installs other software on our computers. Sometimes even commercial software that we pay for does this sort of thing. This is rather an unfortunate trend.
This software is often referred to as "ad-ware" or "spyware" because it's commonly used to pop ads up on our screens while we're using our web browsers, and to monitor our activity. Ostensibly, our activity is monitored in order to tailor advertising to what we might be interested in. But, clearly there is a risk that this information could be abused. Furthermore, there is a risk that Brilliant Digital's Altnet could be hijacked and used for nefarious deeds such as distributed denial-of-service attacks.
Fortunately, there are some things that can be done. Obviously, KaZaa and Brilliant Digital don't want you to circumvent this. But, for the moment, you can. CNET's News.com has posted instructions for removing the Brilliant Digital software at http://news.com.com/2100-1023-875274.html. While these instructions do work now, KaZaa or Brilliant Digital could change the installation at any time to make these instructions fail.
The second thing I recommend is downloading the latest version of AD-Aware (http://www.lavasoft.de) and running it. AD-Aware is free software too. Though, I don't think it installs any secret software. AD-Aware will scan your computer like a virus scanner and locate "ad-ware" or "spyware". It will show you what it found and optionally remove it. Most people are quite surprised by how much stuff AD-Aware finds on their systems. Of course, you do need to be careful about removing everything AD-Aware finds. For example, AD-Aware can remove b3d. But, if you do that KaZaa will stop working until you reinstall it. Fortunately, AD-Aware gives you the option of backing up everything it finds before removing it, and it's a very good idea to do that.
The bottom line is that you really should take a look at those long, hard-to-understand usage agreements before you install anything. Some of them have some pretty sneaky little gotchas in them.
[ Contents | Search BC&C | BC&C Main Menu | IST | UC Berkeley ]
Berkeley Computing & Communications,
Volume 12, Number 3 (Summer 2002)
Copyright 2002, The Regents of the University of California