Thread: 851.7
View Single Post
  #10 (permalink)  
Old January 30th, 2006
Hyper-kun Hyper-kun is offline
flame-retardant
  
Join Date: November 22nd, 2005
Posts: 196
Hyper-kun is a great assister to others; your light through the dark tunnel
Default
I think you ignored or missed part of what I wrote. Search results are definitely the wrong way to exchange such information. If you do that in a large scale - otherwise it would be ineffective anyway - Gnutella will be horribly crippled by the traffic overhead. And again: Forget the filename, that's a red herring, it's useless and gets you nowhere. In the long run all you'd find on Gnutella is lists of viruses. You can exchange such rating of files through other means which are more efficient. However, such a database whether distributed or not will sooner or later become too large and it can as well be abused to declare good files as bad.

You think if there are just enough Gnutella users helping it would work. Just realize how much spam there really is. You get dozens or hundreds of spam results for each single search you start, don't you? Now figure out how much Gnutella users there are and how much spammers there are. If spammers can virtually spam every single user in realtime, you need *a lot* of users to help you. Spammers do not only have magnitudes more bandwidth on dedicated servers - actually server farms, no they also have an unknown but huge number of zombie machines that look just like any other peer on Gnutella (dynamic IP address, legit Gnutella software etc.).

There are actually not as mine dumb users who re-share viruses as one might think. If we're talking about these results which seems to have dozens of sources, well that's just a fake. That's how Gnutella works. You can't tell the difference until you actually try to download the files. If you looked closely you'd see that very few - often none - of those sources actually delivers the file. The few that do are most often the machines (either servers or zombies) used by the spammers themselves. In some cases the spammers put the the bad files into the shared directories or modify the existing software to generate such files after the victim's machine got infected with a worm or trojan horse.

So you might be one of those spamming peers without knowing it and whilst sharing good files at the same time. You also have to be careful to not shoot yourself in the foot by your counter-measures. Actually there's another reason that I don't like your idea: It proposes "what you see is what you get". That's just not true. A filename is just a hint and it can very well be wrong - either accidently or on purpose. That is one of the very core problems. You cannot, should not and must not trust anything from an untrusted source. If people believe that a file is bad because the search results say so, they will also believe that a file is "best quality" for the same reason.

Why should people delete files anyway? The intent is to prevent that they download those in the first place, isn't it?
Reply With Quote