The Dangers of P2P File Sharing
What Is P2P?
The strict definition of P2P is Peer-to-Peer. In current use it means
the sharing of files between two users on the Internet.
What are Gnutella, KaZaA, Napster, BearShare, etc.?
These are some of the more popular programs that are used for P2P file
sharing. Gnutella, KaZaA, Napster, iMesh, LimeWire, Morpheus,
SwapNut, WinMX, AudioGalaxy, Blubster, eDonkey and BearShare each
allow users to specify files located on their computers that can be
freely shared with other users.
These P2P programs are most often used to share music and videos over
the Internet. Although sharing, by passing around, a CD or DVD is not
illegal, sharing by creating multiple copies of a copyrighted work is
What Are The Legal Ramifications of Sharing Copyrighted
As the music industry is fond of saying, "The vast majority of
[people] would never shoplift a CD at a record store but think nothing
of accessing the same CD for free online." The Recording Industry
Association of America (RIAA) has started lawsuits against individuals and
businesses over this "sharing" of copyrighted material.
Federal statute, titles 17 and 18 of the U.S. Code, provide criminal
penalties for infringing on copyrighted material. In the worst case
infringements can be punishable by up to five years in prison and
$250,000 in fines. Repeat offenders can be imprisoned for up to 10
years. Violators can also be held civilly liable for actual damages,
lost profits, or statutory damages up to $150,000 per infringement, as
attorney's fees and costs.
Other Risks From P2P Programs
Some P2P programs will share everything on your computer with anyone
by default. Searches that we have done have provided us with patent
applications, medical information, financial and other personal and
Viruses, Worms and Trojans are being distributed. The RIAA has even
proposed placing malware out on these P2P networks to discourage their
Much of the P2P activity is automatic, and its use is unmonitored.
Computers running this software will be busy exchanging files whenever
the machine is turned on.
Some of the P2P programs themselves contain "spyware". This allows
the author of the program, and other network users, to see what
you're doing, where you're going on the Internet, and even use your
computer's resources without your knowledge.
Once installed, these applications can be hard to remove. In some
cases a user has to know which files to remove, which registry entries
to edit, and which configuration files need modification.
Since the computers running the P2P programs are usually connected to
a network, they can be used to spread malware, share private
documents, or use your file server for store-and-forward.
Various types of illegal files can be downloaded and re-shared over these
P2P networks by mistake. This includes child pornography, which
brings the owner of the computer and network under severe criminal
What To Do About P2P
- Publish a policy forbidding the use of P2P software.
- Remove any copies that are running on any computers. This may
take some time, and require some professional assistance.
- Do not allow P2P software Internet access. This may mean:
- Disable NAT - Network Address Translation.
- Block access to/from the common P2P ports.
- Use a packet-reassembly firewall that can examine streams of data
in-context for possible P2P mis-use. Mainstream's StreamClean
service offering is one of the few that can do this.
- Purge any files on any machines which may have been obtained over
a P2P network.