Slyck.com
Search Slyck  
Anonymous
Welcome
 
Sharing for Dummies
July 25, 2007
Thomas Mennecke
Font Bigger Font Smaller
It’s become fairly apparent there are a lot of people out there sharing files that they shouldn't. While Congress seems to point the blame squarely at P2P networks and LimeWire Chairman Mark Gorton, the failure to enforce - or establish - security protocols is to blame. No one forces the end user to share his or her entire hard drive. The end user has to make a conscious effort to physically alter the default shared directory to something different - an option that government or corporate employees shouldn't have to begin with.

Governments, police departments, corporations large and small, have all in some way fallen victim to security breaches. Because of P2P technology’s high profile status, whenever an employee violates the organization’s security policy, the file-sharing application is blamed. While the Congress of the United States has found it necessary to escalate a simple matter into a federal case, preventing such security breaches is elementary. Organizations that have fallen victim to information breaches are not enforcing or establishing adequate IT security policies. Why can a Pfizer employee install a P2P program on a company computer? Why can a Tokyo police officer do the same?

The bottom line is they shouldn’t be able to. Any organization that is serious about protecting their information should take immediate steps to prevent P2P applications from being installed on company computers. It may not be possible to prevent the end user from sharing their entire hard drive, but IT departments can prevent that step from ever becoming a possibility be simply banning any unapproved software. But it’s fairly apparent that organizations aren’t taking that step.

While governments and businesses can employ stricter security policies, the private end user has the right to install just about any software he or she wishes. The thought of engaging in file-sharing has driven millions of normally unsavvy computer users into this more complex realm. That’s not to say that file-sharing is difficult in some way. The primary target of yesterday’s Congressional hearing was LimeWire, represented by their Chairman Mark Gorton. An incredible amount of strength was demonstrated as he endured an array of accusatory questions on security leaks, which by all accounts LimeWire and most other responsible developers have taken great steps to minimize.

To examine this situation further, Slyck has developed a quick guide that shows what steps file-sharing developers like LimeWire are taking to prevent inadvertent sharing. We’ll also describe what steps the end user should take to prevent sharing sensitive files.

Our first screen shot examines the LimeWire installation wizard. As you can see below, LimeWire automatically defaults to an empty shared folder – there are no secret files, confidential bank statements, or any other sensitive files in this folder. In other words, it’s empty.



Below demonstrates where people get themselves and their organization in trouble. Perhaps there are a few files the end user wants to share. But where are they? Considering that many people don’t know the difference between a “Program Files” folder and their root directory, they go ahead and share their entire root. But as shown below, it takes two deliberate steps to get to that point.



The next step the unwitting file-sharer takes is to consciously pick their root directory. Additionally, the unwitting file-sharer may select the entire contents of their “My Documents” folder, thereby sharing all critical information that may be stored.



LimeWire has similar documentation as part of their installation guide. Yet few people read such documentation, and then wonder how their entire life’s history ends up on the Gnutella network. LimeWire, as are most P2P applications, is designed not to share your private information. It shouldn’t take an act of Congress.


This story is filed in these Slyck News categories
P2P Clients :: LimeWire

You can discuss this article here - 7 replies

© 2001-2018 Slyck.com