Peer-To-Peer File Sharing

(Messaging clients, IRC, LimeWire, Kazaa, BitTorrent, etc.)

About this model

The peer-to-peer file sharing model shares both the best and the worst traits of the other models. Like system-native file sharing, it allows any two users to share files with each other without having to run their own server computer, with the advantage that peer-to-peer sharing can take place over the Internet rather than just the local network. This has led to both groundbreaking research potential and rampant piracy. Like client-server file sharing, the end user doesn't have to consciously set permissions on the files being shared, because the peer-to-peer software handles the security mechanisms. In addition, a flaw in the peer-to-peer software doesn't mean a vulnerability in the entire operating system for every possible user -- just a vulnerability for the users of that particular software. However, because there are hundreds of different peer-to-peer software programs, it can be difficult if not impossible to stay up to date with all the security vulnerabilities in all the software.

A list of all peer-to-peer software would take dozens of pages to maintain. However, the two best-known categories of peer-to-peer software are chat programs that include a file exchange component and pure file-exchange programs that don't include a chat component. Some chat programs include AIM, MSN Instant Messenger, Yahoo Messenger, IRC, and ICQ; some file-exchange programs include BitTorrent, Morpheus, Kazaa, and Napster.

Benefits and risks

Peer-to-peer file sharing has both unique benefits and unique risks.

Benefits of peer-to-peer file sharing

Less server dependent: Users of a peer-to-peer network don't need to maintain their own central server in order to be able to exchange files with each other. In some cases, such as BitTorrent, there is no central server at all, which means that there's no central point vulnerable to denial-of-service attacks.

Simple software: Rather than expecting you to understand all the details of your operating system's native share tools, peer-to-peer file sharing systems have you download their own software packages. Each type of peer-to-peer file sharing has its own software. This can be both a benefit (you can look for a software package that's easy for you to understand) and a drawback (you have to learn a new piece of software, and its associated risks, every time you join a new type of peer-to-peer file sharing network).

Risks of peer-to-peer file sharing

Ease of copyright violations:The most common problem with file-sharing sites is the ease with which they allow you to break copyright law. Sharing or downloading copyrighted material without permission is illegal and as such is against University policy, see: http://www.fs.uiuc.edu/cam/CAM/viii/viii-1.1.html 4.c. If you share copyrighted files without the permission of the copyright holder you are breaking the law and may face civil and/or criminal prosecution, in addition to university discipline. For more information about how the university handles copyright violation notices please see: http://www.cio.uiuc.edu/policies/copyright/act.html.

Too much implicit trust: When you're using peer-to-peer software, you're giving a lot of implicit trust to a lot of people who will be affecting your computer: the software writers, the creators of the files being distributed, and the peers sharing files are all involved with your computer's security. With system-native or client-server software, you're using tools that are already available and well scrutinized by the public (for example, your operating system and/or web browser). With peer-to-peer networks, you have to trust that the peer-to-peer software writers are responsible, keep their software well patched, haven't included code to take your passwords, and so forth. In addition, you have to trust that the people making the files you download haven't included viruses or other malicious software, and that the people sending the files to you also haven't included viruses or malicious software. With a central client-server model, the responsibility for the file's integrity is easily traced back to the server's owners; there is no central authority with security responsibility in a peer-to-peer network.

Trust has already been abused: Some peer-to-peer software writers have already failed the test of trust. One of the most notorious examples is Kazaa Lite, which installed not only itself but also a large number of spyware and malware applications that tracked users, recorded their information without their consent, and sent that information to the spyware creators. Because there are so many different peer-to-peer software packages, you need to carefully research what's known about each software program and whether there are any known vulnerabilities or unwanted behavior included with it.

More information

For more information about protecting your computer, see How to Secure Peer-to-Peer File Sharing.