--- Ed Porter <[EMAIL PROTECTED]> wrote: > Matt, > > Does a PC become more vulnerable to viruses, worms, Trojan horses, root > kits, and other web attacks if it becomes part of a P2P network? And if so > why and how much.
It does if the P2P software has vulnerabilities, just like any other server or client. Worms would be especially dangerous because they could spread quickly without user intervention, but slowly spreading viruses that are well hidden can be dangerous too. There is no foolproof defense, but it helps to keep the protocol and software as simple as possible, to run the P2P software as a nonprivileged process, use open source code, and not to depend to any large extent on a single source of software. The protocol I have in mind is that a message contain searchable natural language text, possibly some nonsearchable attached files, and a header with the reply address and timestamp of the originator and any intermediate peers through which the message was routed. The protocol is not dangerous except for the attached files, but these have to be included because it is a useful service. If you don't include it, people will figure out how to embed arbitrary data in the message text, which would make the protocol more dangerous because it wasn't planned for. In theory, you could use the P2P network to spread information about malicious peers and deliver software patches. But I think this would introduce more problems than it solves because it would also introduce a mechanism for spreading false information and patches containing trojans. Peers should have defenses that operate independently of the network, including disconnecting itself if it detects anomalies in its own behavior. Of course the network is vulnerable even if the peers behave properly. Malicious peers could forge headers, for example, to hide the true source of messages or to force replies to be directed to unintended targets. Some attacks could be very complex depending on the idiosyncratic behavior of particular peers. -- Matt Mahoney, [EMAIL PROTECTED] ----- This list is sponsored by AGIRI: http://www.agiri.org/email To unsubscribe or change your options, please go to: http://v2.listbox.com/member/?member_id=8660244&id_secret=73321137-bba914
