Why stay away from BitTorrents & P2P sites

P2P, BitTorrent, and other file sharing services may offer a convenience for those looking to exchange large files or other collaboration uses. However, when using such sites for pirated software, audio, and other data, many users are unaware of the dangers involved in ”convenient” downloads.

Intego, a security firm, recently released an alert for a Trojan horse found in a pirated version of Apple iWork 09. Although the software works as a legitimate copy of iWork 09, an additional package also installs itself, giving remote access to a malicious user. This can allow the malicious user to install additional malware, monitor the unsuspecting user, or even start copying personal files. As of the date of their security warning, at least 20,000 people have downloaded this malicious software.

This is a prime example of the inherent dangers of BitTorrent and peer to peer websites. Users should use other means to test new software (i.e. a trial version), purchase their own “legitimate” copies, and stay away from free software from unknown sources. Even legitimate sources should be scrutinized, as they can be compromised as well. Most vendors post a MD5 hash of their software which validates that it hasn’t been changed. Free MD5 hash utilities can be used to check the integrity of the downloaded file against the hash provided by the vendor. For more information, use your favorite search engine to find free MD5 hash utilities.