US-CERT Tips (United States Computer
Emergency Readiness Team, National Cyber Alert System, Carnegie
Mellon University) publishes many quality articles about online
"cyber security". Here's one for your library.... Richard
Risks of File-Sharing Technology
File-sharing technology is a popular way for users to
exchange, or "share," files. However, using this technology
makes you susceptible to risks such as infection, attack, or
exposure of personal information.
What is file sharing?
File sharing involves using technology that allows internet
users to share files that are housed on their individual
computers. Peer-to-peer (P2P) applications, such as those used
to share music files, are some of the most common forms of
file-sharing technology. However, P2P applications introduce
security risks that may put your information or your computer
What risks does file-sharing technology introduce?
* Installation of malicious code - When you use P2P
applications, it is difficult, if not impossible, to verify
that the source of the files is trustworthy.
applications are often used by attackers to transmit malicious
Attackers may incorporate spyware, viruses, Trojan
horses, or worms into the files. When you download the files,
your computer becomes infected (see Recognizing and Avoiding
Spyware and Recovering from Viruses, Worms, and Trojan Horses
for more information -at
* Exposure of sensitive or personal information -
By using P2P
applications, you may be giving other users access to personal
information. Whether it's because certain directories are
accessible or because you provide personal information to what
you believe to be a trusted person or organization,
unauthorized people may be able to access your financial or
medical data, personal documents, sensitive corporate
information, or other personal information.
has been exposed to unauthorized people, it's difficult to
know how many people have accessed it. The availability of
this information may increase your risk of identity theft (see
Protecting Your Privacy and Avoiding Social Engineering and
Phishing Attacks for more information - at
* Susceptibility to attack -
Some P2P applications may ask you
to open certain ports on your firewall to transmit the files.
However, opening some of these ports may give attackers access
to your computer or enable them to attack your computer by
taking advantage of any vulnerabilities that may exist in the
* Denial of service - Downloading files causes a significant
amount of traffic over the network and relies on certain
processes on your computer. This activity may reduce the
availability of certain programs on your computer or may limit
your access to the internet.
* Prosecution - Files shared through P2P applications may
include pirated software, copyrighted material, or
pornography. If you download these, even unknowingly, you may
be faced with fines or other legal action. If your computer is
on a company network and exposes customer information, both
you and your company may be liable.
How can you minimize these risks?
The best way to eliminate these risks is to avoid using P2P
applications. However, if you choose to use this technology,
you can follow some good security practices to minimize your
* use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known
viruses. However, attackers are continually writing new
viruses, so it is important to keep your anti-virus software
current (see Understanding Anti-Virus Software for more
* install or enable a firewall - Firewalls may be able to
prevent some types of infection by blocking malicious traffic
before it can enter your computer (see Understanding Firewalls
for more information). Some operating systems actually include
a firewall, but you need to make sure it is enabled.
Author: Mindi McDowell. Some content contributed by Brent
© Copyright 2005 Carnegie Mellon University.
You are permitted to reproduce and distribute this document in
whole or in part, without changing the text you use, provided
that you include this copyright statement and use the document
for noncommercial or internal purposes. For commercial use or
translations, send your email request to firstname.lastname@example.org.
Any material furnished by Carnegie Mellon University is
furnished on an "as is" basis. Carnegie Mellon University
makes no warranties of any kind, either expressed or implied
as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability,
exclusivity or results obtained from use of the material.
Carnegie Mellon University does not make any warranty of any
kind with respect to freedom from patent, trademark, or
Return to Articles and Reports >>
Subscribe to our
for periodic updates on the latest events and
issues affecting your personal security
We Value Your Privacy
Get your FREE report
"23 Critical Security Alerts"
from the subscription
Click Button to Read a recent
issue and subscribe
Follow these links for information,
advice, and protective tools
| To Top
Avoiding Infection | Infected?
| Popups |
SPAM & Spyware
Articles & Reports
|Family Safety |
Maintaining your Computer System health is our Goal
Help Spread the word about our
'Computer Security Awareness Campaign"