Kicking Out KaZaA: Avoiding Security, Corporate Woes

In a victory for proponents of file sharing, U.S. District Court Judge Stephen Wilson ruled this spring that two software companies — Grokster, which uses a branded version of the KaZaA Media Desktop, and Streamcast — had legitimate, legal uses and so were not liable for any copyright infringement done by their end users.

While that was good news for those particular firms, it did nothing to lessen the potential nightmare the KaZaA file-sharing program poses for IT administrators.

KaZaA, in fact, poses three main threats:

a) It opens up gaping security holes

As the Fizzer worm (w32.fizzer@mm) that hit in May demonstrated, KaZaA offers one more route for bringing harmful code into the network. This worm, which could spread either as an e-mail attachment or via KaZaA, seeks to disable any existing antivirus software and has a keystroke-logging component which can be used to steal passwords or credit card information. It also automatically sets up IRC and AOL Instant Messenger accounts to receive further instructions from the virus writer.

But KaZaA users also can inadvertently set up systems to allow others access to a corporation’s files. Dennis Peasley, Information Security Officer for Zeeland, Mich.-based furniture manufacturer Herman Miller, Inc. reports finding employees people setting up folders on the company drives that they can then access at home. However, this also means that those drives can be located by people running scripts across KaZaA to locate such files.

“People who do that believe that they are the only ones who will have access to the files, but they are really opening them up to the world,” says Peasley. “What spooks me is that it will be a large repository network drive somewhere.”

b) Resource consumption

The second problem lies in the area of consumption of resources. To begin with, there is the waste of company bandwidth to share MP3s or other files which aren’t part of company business. On top of that is all the spyware that comes loaded with it, which is both a resource hog and a security threat.

Peasley reports tracking down what appeared at first to be a port scan on the firewall, but then noticed it was the outgoing ports, not the incoming ports, that were being hit. He tracked it down to a machine running KaZaA.

“KaZaA was beating the life out of the firewall, starting another process and giving it the next higher IP address,” he says. “It was being real diligent about trying to get out.”

c) Copyright infringement penalties

But security holes and resource consumption may well be dwarfed in importance when compared to the threat posed by copyright infringement. Last year, for example, the Recording Industry Association of America (RIAA) reached a $1 million dollar settlement agreement with Integrated Information Systems, Inc. (Tempe, Ariz.) whose employees had been illegally downloading MP3s at work. That organization has ramped up its efforts to outlaw the downloading of copyrighted music files at work.

“The RIAA is looking for another ‘poster child’ of a corporation permitting illegal downloading,” Peasley says.

Shutting the Door

There are several approaches to take to keep KaZaA out of the network. Peasley has centrally managed personal firewalls from Zone Labs, Inc. (San Francisco) installed on all the company’s laptops. He has it configured to block the port KaZaA normally uses and also has the firewall set to block any outgoing traffic generated by the kazaa.exe application. In addition, he uses a packet shaper at the border to limit the amount of traffic that users are allocated, which would also shut down the regular transfer of large files.

It would seem that shutting off file sharing in Windows would work as an additional means of protection, but Peasley found this not to be the case. He installed KaZaA on a test machine and when he was done with it he disabled file sharing, but left KaZaA installed. KaZaA then checked for updates and then automatically turned file sharing back on without any intervention from the user.

But, while these actions can block KaZaA from communicating once it is installed, what about removing it from your systems? And then, once you have done that, how do you locate and remove all the files that employees may have downloaded?

The first action is to do an inventory of what software is installed on all the machines in the network and filtering it for KaZaA, MP3s or any other file types you want to remove. If you already have an asset management program such as Computer Associates Inc.’s Unicenter Asset Management or Microsoft’s Systems Management Server, you already have the ability to conduct software inventories.

If you don’t have one of these packages, and don’t want to purchase one, there are several simpler and lower-cost inventory applications out there. These include Executive Software Inc.’s Sitekeeper 2.0 and Vector Networks Inc.’s PC-Duo Enterprise 2.0.