Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy

Kazaa Lite: spyware-free version 306

Pig Hogger writes "According to this VNUNET article, KAZAA-Lite, a new hacked version of spyware-ridden KAZAA file-sharing software is being circulated, sans spyware. The new, improved version has apparently been hacked by a russian programmer, as a matter of course."
This discussion has been archived. No new comments can be posted.

Kazaa Lite: spyware-free version

Comments Filter:
  • by Anonymous Coward on Sunday April 21, 2002 @02:11AM (#3382221)
    A program used primarily for copyright infringement has been reverse-engineered and redistributed. Does this mean that the DMCA has officially cancelled itself out? :)
  • Spyware, reason #84 to use free/open source software [slashdot.org].

    - Eric
    Founder, monolinux [monolinux.com]
    • Spyware, reason #84 to use free/open source software [slashdot.org].

      Yes, and they will just change the fast track logon server if too many people use this software to lock out this version.

      If they did it to Morpheus, I can't see why they won't lock out this code either.

      Mcihae;
      • Re:Reason #84 (Score:2, Interesting)

        i guess the article forgot about this :-\

        "It would be difficult to block Kazaa Lite clients from accessing the Kazaa network simply because of the openness of the system which lets millions of users log on simultaneously."
        • Re:Reason #84 (Score:2, Informative)

          by Anonymous Coward
          Additionally, if they do it they will certainly be flushed down the toilet along with Morpheus. Basically, Morpheus was de-centralized. The moment they put in central authentication servers to block open source/free software clients pig-backing on "their" network, they got sued promptly by the record labels. Guess why? Much easier target after such a brilliantly stupid move.
    • Exactly! (Score:3, Interesting)

      by PastaAnta ( 513349 )
      Instead of Kazaa et al I have switched to Gnucleus [gnucleus.com]. This is one of the only real Open Source Gnutella network clients for Windows. For Linux there are so many great Open Source Gnutella clients.

      It works great. No spyware or addware, and since the Gnutella network is an open P2P network it can be expected to exist when all the other proprietary networks have been closed.
      • Re:Exactly! (Score:5, Interesting)

        by big_hairy_mama ( 79958 ) <slashdot AT pdavis DOT cx> on Sunday April 21, 2002 @07:02AM (#3382678) Homepage
        Hmm, can somebody post their favorite gnutella clients for Linux? Personally, none of them are nearly as nice, usable, and feature-friendly as Gnucleus and Bearshare (and Kazaa), which is precicely the only reason why I still run Windows in a VMWare VM.

        I've searched and I've searched, but

        * Limewire is the only one that cuts it in my book, but it has become too simplified (I no longer have the power to watch connection statistics or have good control over downloads, in the newer versions).

        * Qtella is nice, but missing major features like auto-selection of multiple hosts for the same download. It also has a few rough edges; for example, on my box I have to kill it manually to really shut it down after closing the window.

        * GTK-Gnutella is nice, but the interface is clunky, and seems to have stagnated.

        And most of all, none of these clients have the ability to "set it and run", downloading large files over the course of a few days and from many different hosts. Napshare (based on GTK-Gnutella and designed to run unnattended) tries, but succeeds more in downloading lots of pieces of random files overnight than the one file I want. The windows clients seem to have all implemented things like automatically re-searching for new hosts in order to get the remainder of a failed download. This, in my book, is the number one feature missing from all non-Windows clients, AFAIK.

        Also, basic niceties like auto-detecting the "forced IP address" (the IP of my router/firewall, rather than my private subnet) so that I can receive push downloads are missing, something which I love about Bearshare.

        So if anyone can correct me, please do. Otherwise, this is a call to arms to Linux Gnutella developers. Forget innovation -- until the nicest features of the Windows clients have been implemented, nothing else can happen.
  • by notsoanonymouscoward ( 102492 ) on Sunday April 21, 2002 @02:12AM (#3382223) Journal
    software thats been hacked by a friendly neighborhood russian hacker. its new kazaa light, with new and improved spyware, and a few extra trojans as an added bonus!
    • Naah, with 80,000 downloads so far, I guarantee ya the commies will be beating
      the japs [slashdot.org] in clock-cycles, and this wont be your ideal "earth simulation" research.

      I knew it man, America's next threat will not come on student visas, it will be downloaded
      by drunken college kids. Now all our dells and gateways are belong to them.

      All bigotary aside, kudos to the coder who did this, he took an entry from my todo list. Oh
      well, better go back downloading my Frank Zappa (can ya believe it, they have him on Kazaa :-)

      --
    • by glwtta ( 532858 ) on Sunday April 21, 2002 @05:26AM (#3382547) Homepage
      Yeah, we damn russian hackers just can't knock it off, I mean I even hack into my development server every time, instead of just logging in. It's a good thing I'm a lousy admin, though, so it's usually pretty easy.
  • Every time there's a Kazaa-related article, everyone posts links to the free, sans-spyware version. I think most people already have it if they want it.

    I guess now that it's got the ".com" instead of ".tk" it's official and thus gets its own Slashdot story...

    ::rolls eyes::
    • ...that I read slashdot several (dozens of) times a day, and this is the first time I was even made aware of the existence of a spyware-free Kazaa! So in summary; I am one of those people who want it but don't already have it.

      Just more evidence that just because you visit a website religiously, you can still miss something right under your nose.

      I'm gonna check it out now.
      • Not to beat a point to death, but on the last 3 or 4 Kazaa related stories, there have been at least 4 posts each that were moderated past 3, that had a direct link to the kazaalite.tk site. Don't see how you could have missed those easily...

        Regardless, my personal opin is that kazaalite is such a great piece of work that it pretty much deserves its own story :)
  • Ironic... (Score:3, Interesting)

    by SaxMaster ( 95691 ) on Sunday April 21, 2002 @02:13AM (#3382228)
    The site for the KAZAA without adware/spyware is chock full of pop-ups for "free cellphones" and the like.
    • Re:Ironic... (Score:3, Informative)

      by 19Buck ( 517176 )
      The site for the KAZAA without adware/spyware is chock full of pop-ups for "free cellphones" and the like.

      Hey the guy's gotta pay his bandwidth bill somehow right? Why should he be forced into forking out his own Rubel's just so you can get free software AND no pop up's?

      Here's a hint for you:
      Disable Javascript

      and/or Use a Popup killer [com.com][it's actually download.com]

      Don't like the example I provided? Google is your freind [google.com] Plenty of options there.

      And just so i'm not accused of being offtopic (grin), ages back when I first learned about Kazaa/Morpheus, I completely distrusted the validity of the BDE B3D projector software.

      It installed itself completely seperate from (and silently) the main program. Yet after removing it (seperately, with it's OWN Uninstaller) Kazaa/Morpheus whined that a "required" component was removed, and it refused to run.

      **COUGH** Yea ok.... where's that Uninstaller hm? Time to gut the registry again and seek out rogue DLL's.

      Required my butt... and Kazaalite proves it.

      Now someone just needs to write a plug-in for it that will automatically pingflood any one client that tries to download 10 files off you at once! =)

      (Yes, i'm fully aware that you can configure the max number of DL's, the above is meant to be funny!)

    • Re:Ironic... (Score:2, Informative)

      by Edward Teach ( 11577 )
      I wouldn't know. I use Mozilla with no pop-ups.
  • Kazaa Lite (Score:5, Informative)

    by mikers ( 137971 ) on Sunday April 21, 2002 @02:19AM (#3382233)
    Been using it for 2 weeks now.

    Boy is life good without tons of popups.

    And my firewall hasn't busted Kazaa Lite doing anything funky either.

    Low popups, low funk, all good.

    yummy.

  • "a new hacked version of spyware-ridden KAZAA file-sharing software is being circulated, sans spyware"

    soooo... you're trying to tell us that its spyware-free?

    </sarcasm>
    • by Anonymous Coward

      Actually, I've gone to the trouble and effort to packet sniff this one: Nothing. Just pure P2P

      -Guard

  • mirrors (Score:5, Informative)

    by DanThe1Man ( 46872 ) on Sunday April 21, 2002 @02:21AM (#3382237)
    There are some mirrors at http://www.kazaalite.tk/ [kazaalite.tk] when kazzalite.com crumples under the slashdot effect.

    I'm at 50, so I'm not karma whoreing.
  • wine (Score:2, Interesting)

    has anyone have any sucess running this under wine? since this is now the lite version, i doubt that it needs IE and should therefore work?
    • Re:wine (Score:2, Informative)

      by Rysc ( 136391 )
      I tried it under wine, but it died without getting very far. Of course, my wine is spectacularly old; you may have better luck with a more recent build.
    • Re:wine (Score:5, Informative)

      by Osty ( 16825 ) on Sunday April 21, 2002 @04:16AM (#3382458)

      has anyone have any sucess running this under wine? since this is now the lite version, i doubt that it needs IE and should therefore work?

      "Lite" in this case means removing all the scumware from Kazaa, not removing IE (because it uses IE for content, and while you may think IE is "bad", it's not typically considered scumware). Thus, it still requires IE, and if that keeps the normal Kazaa from working under WINE, this version will be no different.

    • using latest debian the install dies with:
      fixme:font:LFD_InitFontInfo font '-sun-open look glyph-----19-190-75-75-p-154-sunolglyph-1' has unknown registry 'sunolglyph' and character encoding '1'
      fixme:mpr:WNetGetUserA ((null), 0x412f55e8, 0x405553b0): mostly stub
      err:module:MODULE_LoadLibraryExA Loading of native DLL C:\Program Files\KaZaA Lite\kazaalit.exe.manifest failed (error 193), check this file.
      err:module:MODULE_LoadLibraryExA Loading of native DLL C:\Program Files\KaZaA Lite\shared.ico failed (error 193), check this file.
      fixme:shell:IShellLinkA_fnSetShowCmd (0x403b3f10)->(showcmd=1)
      fixme:shell:IShellLinkA _fnGetShowCmd (0x403b3f10)->(0x40554cac)
      fixme:shell:IShellLink A_fnSetShowCmd (0x403b9a74)->(showcmd=1)
      fixme:shell:IShellLinkA _fnGetShowCmd (0x403b9a74)->(0x40554cac)
      fixme:shell:IShellLink A_fnSetShowCmd (0x403b3e2c)->(showcmd=1)
      fixme:shell:IShellLinkA _fnGetShowCmd (0x403b3e2c)->(0x40554cac)
      fixme:shell:IShellLink A_fnSetShowCmd (0x403b3e2c)->(showcmd=1)
      fixme:shell:IShellLinkA _fnGetShowCmd (0x403b3e2c)->(0x40554cac)
      fixme:shell:IShellLink A_fnSetShowCmd (0x403b3e2c)->(showcmd=1)
      fixme:shell:IShellLinkA _fnGetShowCmd (0x403b3e2c)->(0x40554cac)
      Wine failed with return code 5

      but it does appear under the wine 'start' menu, and it will start to load but dies with this:

      err:menu:MENU_ParseResource not a string item 0800
      fixme:ole:CoRegisterMessageFilter stub
      fixme:shdocvw:CWebBrowserImpl_AllocObj ()
      fixme:shdocvw:WBPCI2_GetGUID stub: dwGuidKind = 1, pGUID = {00000000-0000-0000-0000-000000000000}
      fixme:shdo cvw:WBPCI2_GetClassInfo stub: LPTYPEINFO = (nil)
      fixme:shdocvw:WBQA_QuickActivate stub: QACONTAINER = 0x405560ec, QACONTROL = 0x4055612c
      fixme:shdocvw:WBPSI_InitNew stub
      fixme:shdocvw:WBOOBJ_Close stub: ()
      fixme:shdocvw:CWebBrowserImpl_Destructor (0x40386fb4)
      wine: Unhandled exception, starting debugger...
      err:seh:start_debugger Couldn't start debugger ("debugger/winedbg 134661992 84") (2)
      Read the Wine Developers Guide on how to set up winedbg or another debugger
  • by PD ( 9577 ) <slashdotlinux@pdrap.org> on Sunday April 21, 2002 @02:23AM (#3382242) Homepage Journal
    Is this some sort of CPM joke? This thing doesn't run on my computer. I tried doing chmod +x and downloading it multiple times, but it still doesn't work.

    Besides that, the files are 10 days old. That's old software. How do I know that there hasn't been any bitrot?
  • Very Short Review (Score:2, Informative)

    by GreyOrange ( 458961 )
    I have tried it and it seems to use less resources, probably because it doesn't run those wierd ads that use up extra computer resources, and popup windows.
  • by Brightest Light ( 552357 ) on Sunday April 21, 2002 @02:24AM (#3382247) Journal
    Here's the text.

    Kazaa Lite is 'spyware free' says creator
    By James Middleton [19-04-2002]

    Hacked version of file sharing software Kazaa users can now get hold of a hacked version of the peer-to-peer file sharing software which claims to be spyware free.
    Earlier this month Kazaa users discovered that the client software includes what is effectively a Trojan program which connects to another network called Altnet and taps the user's processing power and storage space.
    Brilliant Digital Media, the company behind the stealth peer-to-peer software, plans to activate the software on users' machines in the next few weeks and sell the resources to be used for distributed computing.
    But recently released Kazaa Lite software is a hacked-up version of the Kazaa client without the third party software or banner adverts.
    Created by a Russian programmer known only as 'Yuri', the illicit Kazaa Lite was developed as an alternative 'non-misleading' version of the software.
    Kazaa Lite has also caught the attention of Sharman Networks, the developer of the original Kazaa software. Sharman said that it will vigorously defend its rights but has not said that it will take legal action against Kazaa Lite.
    It would be difficult to block Kazaa Lite clients from accessing the Kazaa network simply because of the openness of the system which lets millions of users log on simultaneously.
    KazaaLite.com has reported over 80,000 downloads since the program was released and no interoperability problems with the Kazaa network.

    More info can be found at Kazaalite.com. [kazaalite.com]


    • It would be difficult to block Kazaa Lite clients from accessing the Kazaa network simply because of the openness of the system which lets millions of users log on simultaneously.


      I'm not so sure about this. BDE's license says that it can execute code on the machine. Presumably this means that some form of RPC is implemented in Kazaa-bloat / BDE. As such, they could execute code that does a check for a "legal" version of Kazaa and, after a week or so, block clients that don't have the most recent version. Further hacking to get around this would definately be "circumvention" and subject to the DMCA.

      This also breaks free, open source clients, but then, I doubt people who worship the almighty dollar really care.
    • Back when Morpheus got kicked off the network, sharman proved that they can remove clients from their non-centralized fasttrack network. They did this by changing the code in Kazaa to force-upgrade the supernodes (and thus all the clients) and changed it so that at a certain date they would all stop allowing connections to/from morpheus clients. They were able to do this because Kazaa clients were dominant on the network.

      Now, think if Kazaa LT becomes the most popular fasttrack client. If sharman tries this again they would only succeed in knocking themselves off the network. The ubersystem would then truely become free (unless the kazaa LT guys do a fasttrack force-upgrade scheme).

      The future is bright :)

      Travis
  • by martissimo ( 515886 ) on Sunday April 21, 2002 @02:34AM (#3382260)
    According to this this [wired.com] article Sharman Networks is planning on taking action against Kazaa Lite...i figure it wont be long till their network wont work properly with the program (much like Morpheous).

    Oh well im sure those fun-loving Russians will fight back when it happens, should be fun to watch
    • Sharman Networks should just save themselves the hassle/trouble/headaches and forget about taking any action. The genie's been let out of its bottle. With over 80,000 downloads so far (not to mention the thousands of /.ers), this thing is gonna spread like wildfire.
    • Hmmm... You forget something. In fact they forget it. What happens if installer exe copies itself to users shared files folder? Right, P2P :-) How they can shut down 80M servers?

      If they manage to stop it (we all know they have that power), it will be a proof for RIAA whatever that its a centralized network.

      IMHO people should use gnucleus (http://www.gnucleus.com) and WinMX (OpenNAP protocol) but anyway...
    • It's hard for Kazaa to mass change the protocls they are using as it could break too many clients... unless of course their first use of their spyware is to check for the new version and force a download!

      Here comes the the biggest spy/trojan-ware versus the stripped down version
    • The Instant Messengers constantly change their protocols to try and break their rivals that log into their network, without that much success. The more diligent clones seem to have little trouble keeping up.

      Phillip.
    • From the WIRED article:
      Kazaa Lite has caught the attention of Sharman Networks, the Australian company that purchased Kazaa earlier this year, and in a statement released Wednesday said that the company, "
      will vigorously defend our rights and take action against parties engaged in misrepresenting our software. Consumers are being deceived with ripped off and highly suspect code, and we are determined that their rights, enjoyment and machines are not prejudiced."
      Yeah, right. Look who's talking.
  • Spyware (Score:4, Informative)

    by olman ( 127310 ) on Sunday April 21, 2002 @02:35AM (#3382263)
    For the DIY-crowd, ad-aware will clean up the mess Kazaa leaves behind without too much hassle. Grab it here. [ad-aware.net] It's quite nice package, too. I have it running at every startup and it's not that rare to get a "visitor" regularly. In fact, it's so nice I've been thinking of investing the $15 for the plus-version.
    • Re:Spyware (Score:2, Informative)

      by Jagen ( 30952 )
      ad-aware is cool, and after you have finished with kazaa will help clean up. However if you use it to remove the spyware Kazaa will complain about missing components and refuse to run, hence the need for the version in this topic
  • by EggDye ( 41297 ) on Sunday April 21, 2002 @02:36AM (#3382267) Journal
    This is something I've been wondering about this Kazaa controversy. Sure, an unwanted program designed to take up your hard drive space and CPU cycles is "bad"-ware. It is certainly "undisclosed"-ware and "unwanted"-ware. I would even go so far as to say it is "Flushing Kazaa's reputation down the toilet"-ware. However, is "spy"-ware the right term? While a distributed computing program probably does report a fair amount of information back to the main server, it isn't usually designed to spy of the user.

    What I find very strange about this whole thing is why Brilliant Digital Media wasn't more upfront about their program. Would the average computer user totally reject the upfront trade of "You get to use this neato-keen file-sharing network for free, and all you have to give us is a little bit of the computer time and space you aren't using"? I guess it would have just killed them to be honest and straightforward about the deal users were making. To paraphrase a saying "The respect you give is the respect you'll receive".
    • The correct name is "malware"

      --
    • Sure, an unwanted program designed to take up your hard drive space and CPU cycles is "bad"-ware. However, is "spy"-ware the right term?

      No, it's not.

      You're right, the Brilliant Digital Media app is not technically spyware. However, the Brilliant Digital Media app is far from the only thing that comes along with kazaa's official installer.

      You also get the Gator "companion," [cexx.org] and Cydoor's "ads on software." [cexx.org] -- Both of which certainly are "spyware."
    • It has nothing to do with respect or trading functionality for CPU cycles, it has to do with this malware being a big marketing experiment. Marketing is about manipulating the desires of potential customers, and straightforwardness and honesty is antithetical to manipulation.
    • Yes it is.
      It extends Internet Explorer, where the spyware is keeping track of all of the sites you visit and sends your trail to a centralized host. There, your surfing habits are analyzed and sold to online marketers.
  • What is it lately? They are all over the web in many different areas. What has caused the russian boom?
  • I loaded Kazaa onto a computer of mine and used etherpeek to check the incoming and out going traffic. It turned out that at certain times the spyware traffic was enough to clog a standard 56K modem. If this hacked version works, I'll be more glad about the increased bandwidth that is freed up than who gets to look at the webpages I visit.
  • bittersweet irony... (Score:2, Interesting)

    by drik00 ( 526104 )
    is it ironic to anyone else that the same folks that are fighting the good fight by making powerful and useful peer-to-peer information technology are the same ones that fsck us by selling their souls to advertising schmoe's just to make a buck, causing them to give us exactly what we want, and exactly what we hate at the same time??

    Just ironic.
  • I have also come in contact with a similarly hacked version, called KaZaa Spyfree, which is basically current kazaa, with cydoor dummy files, shopping/license agreements/buddy/introduce a friend/ads(yes there is a way to cut them all out without killing the app) as well as all the other recent spyware found inside
  • "spyware-ridden"...

    "sans spyware"

    Isn't that just a little repetitively redundant?

    • "spyware-ridden"...

      "sans spyware"
      Isn't that just a little repetitively redundant?

      No, they're opposites.

      dictionary.com says:

      ridden Pronunciation Key (rdn)

      ...
      adj.
      Dominated, harassed, or obsessed by. Often used in combination: disease-ridden; grief-ridden.
      Source: The American Heritage® Dictionary of the English Language, Fourth Edition
      • from smcv:
        >No, they're opposites.
        >dictionary.com says:
        >ridden Pronunciation Key (rdn)
        >...
        >adj.
        >Dominated, harassed, or obsessed by. Often used in combination: disease-ridden; grief-ridden.
        Source: The American Heritage® Dictionary of the English Language, Fourth Edition

        from Z4rd0Z:
        >Isn't your own statement a little "repetively redundant" as well, or are you just trying to be ironic?

        Isn't that just a little repetitively redundant?
        (Taken in the original context of course...)
    • Isn't that just a little repetitively redundant?

      Isn't your own statement a little "repetively redundant" as well, or are you just trying to be ironic?

  • I can't stand the irony- an ad-busting version of Kazaa, being distributed from a site rife with popups!
  • If you want Kazaa without Spyware, why not use Gnucleus? Gnucleus is the open-source client that Kazaa and Morpheus are directly descended from. Get it here. [gnucleus.com]
    • Kazaa has nothing to do with Gnucleus, is not "decended" from it, uses no code from it, and is not related to it in any way, shape, or form.
  • by Yakman ( 22964 ) on Sunday April 21, 2002 @03:31AM (#3382380) Homepage Journal
    I've noticed two common misconceptions - that the people running Kazaa (Sharman Networks?) can block this client easily. And also that they can stop the client being hosted on websites.

    First, it's not that easy to block the client because the client is the same as the one you get from the Kazaa website, it's just had all the spyware and other crap removed. So basically the only way Kazaa could block it is by releasing a new client version and blocking all old versions.

    That'd mean all users would need to download a new client (not just the users of Kazaa Lite). Plus the guy would just remove the spyware from the new version and put that up as Kazaa Lite again.

    Secondly, if they somehow get the guy to stop allowing people to download from the website the guy can just go and stick it on Gnutella or another P2P service and magic - suddnely it's on 1000s of computers out there.

    Basically, as someone else has said, the cat's out of the bag.
    • by Skirwan ( 244615 ) <skerwin.mac@com> on Sunday April 21, 2002 @03:48AM (#3382407) Homepage
      Secondly, if they somehow get the guy to stop allowing people to download from the website the guy can just go and stick it on Gnutella or another P2P service and magic - suddnely it's on 1000s of computers out there.
      Is anyone else out there chuckling at the shear meta-hilarity of this whole thing? You're talking about using a peer-to-peer network used primarly for piracy to distribute an illegally modified binary used to connect to another peer-to-peer netowk which is also used primarily for piracy.

      We're rapidly approaching the point where the effort it takes to pirate something is less than the effort of going to a store and actually buying the damn thing.

      --
      Damn the Emperor!
      • Oh yes, I've noticed and been having a good little chuckle at this one too.

        Poor poor Kazaa... Someone has hacked their precious little client to take out the advertising...

        ...So they're not making any money...

        ...So they're thinking of lawsuits...

        ...Just like the RIAA...

        ...They're powerless to stop it!

        Money makes the world go 'round, it makes the world go 'round...
      • No actually its just the opposite. Its getting easier and easier to circumvent unduely restrictive measures. The infrastructure is now in place. People know of its existence and how to use it.
        :-) And thats a good thing :-)
      • Trying to find something in a store is a pain in the ass. And for something digital, there's no reason it should be. I drove to 4 different stores to find a copy of Grand Theft Auto 3 for Playstation 2. If I could have downloaded it, I would have. Forget the money part, it's just more convenient.

        Then there's the fact that games, movies and music should be cheaper once you cut out the plastic disc duplicators, booklet printing machines, plastic jewel cases, retail markup, and distributor markup. I really think it's those people who are opposed to digital distribution more than the actual "content producers".

    • i've been wondering how they would block access for a few minutes myself.

      First of all it would certainly have to involve a new client, i think that much is a given. Wonder if they could work out some sort of check when you request a file that would compare a MD5 of their files or something. Certainly would take a fair bit of coding to pull off, but i would guess that they could figure out something if they are willing to spend the time coding it.

      i loved this line: Consumers are being deceived with ripped off and highly suspect code, and we are determined that their rights, enjoyment and machines are not prejudiced

      sounds like they described their own code pretty well right there
      • Wonder if they could work out some sort of check when you request a file that would compare a MD5 of their files or something

        I seem to remember AOL did this briefly with their IM program to prevent/discourage another app (things like Trillian, Gaim, and Jabber, although I'm not sure which of those existed at the time) using their network; they requested the checksum of random byte ranges from the executable at random times. Shortly afterwards, the clone program's installation instructions included "Place a copy of the Windows AIM executable in this directory, so we can do checksums on it." This didn't last long.

        There's really not a lot you can do to prevent unauthorised clients connecting to a public network if the people modifying the client have sufficiently low-level access (observe the problems game developers have trying to prevent modified binaries from joining their servers) - any checksum-type solution doesn't necessarily work, because how do you make sure it's the connected executable whose checksum you're getting?

        • any checksum-type solution doesn't necessarily work, because how do you make sure it's the connected executable whose checksum you're getting?

          excellent point, however i dont suppose they really care if you are running their client... they only really care if you are running the damm crapware that comes with it which makes them money. so if the checksums were performed on the crapware to make sure it was un-altered?


          • so if the checksums were performed on the crapware to make sure it was un-altered?


            Have your trojan (in the good sense) app check the newest install file. It could locate the required file, generate a checksum on the requested offset of that file, and then return it... all without ever having to install the malware. And since it deals with the latest install file (either user-supplied or auto-downloaded?), the "authentication" is automagically updated as new install files become available.
    • Secondly, if they somehow get the guy to stop allowing people to download from the website the guy can just go and stick it on Gnutella or another P2P service and magic - suddnely it's on 1000s of computers out there.

      Or stick it on that Kazaa network. As some people say, it's very good for that sort of thing. No, really, if they would block it then they would have to block all of the warez/"pirate" traffic on their network (i.e. 99% of the traffic on their network) after demonstrating that it's possible, and just go out of business.

    • Uhhhhhhhhh (Score:3, Informative)

      by cjsnell ( 5825 )

      Be careful of saying things like "the only way Kazaa could block it is...". There is always another way. In fact, I thought of one while reading your post:

      Imagine that one of the pieces of spyware is designed to send out an "I'm alive!" message to a central server, to let it know that it has an activated client. This isn't too hard to imagine, I don't think. Suppose Kazaa blocked access to its network to any host that did not send an "I'm alive!" message. There you go, it's blocked.

      Now, the Russian folks could combat this with two different techniques: modify the Kazaa client itself to send out the "I'm alive!" message, but this will likely cause CRC/integrity checks to fail.

      The other possibility is to create a new process that sends the "I'm alive!" messages to the spyware servers. Problem with this is, it isn't much better than the spyware it replaced, in terms of system and network resources.
      • Imagine that one of the pieces of spyware is designed to send out an "I'm alive!" message to a central server, to let it know that it has an activated client. This isn't too hard to imagine, I don't think. Suppose Kazaa blocked access to its network to any host that did not send an "I'm alive!" message. There you go, it's blocked.

        Kazaa would lose the ability to say the use of its software is out of its control, as it is no longer truly peer to peer but falls back into the client server model. This could have legal ramifications for them down the road.

        Phillip.
        • As I stated in an earlier post, it would be trivial to use BDE's software which executes arbitrary code to automatically update every user's Kazaa--at least, all the ones using a legit version. Then Kazaa would be splitting their P2P into two networks: one that uses hacked and free clients, and one that uses "official" clients. They can prevent legit versions from connecting to hacked versions in said update, and the updates would propogate every time a legit user checked for an update or "allowed" the BDE software to update Kazaa.

          And they could do it all without a centralized server.

          That said, it should be easy to block specific files in the same way, meaning that the defense of "it's p2p, we can't control it" was moot the second they added any code into the client that allowed for some form of RPC.
    • Kazaa is distributed over Kazaa. The installer downloaded from them has just enough capability to get onto the fasttrack network and grab the rest of the Kazaa software. By default, everyone running Kazaa is sharing this file.

      Has anyone tried to replace the stock share with the hacked version? That would kick ass!

  • Warezdot.org??? (Score:4, Insightful)

    by WhaDaYaKnow ( 563683 ) on Sunday April 21, 2002 @03:53AM (#3382416)
    WTF? I mean, are we going to see front-page links to warez copies of AutoCAD here soon, just because we don't agree with the way Autodesk wrote their software?

    It baffles me, because the link is obviously to a piece of software that is not legal, no matter what license agreement or personal feelings.

    For a site that is supposed to be so Open Source aware this seems especially strange. Open Source does not condone piracy. Instead it allows for alternatives. So why not have an article about a good Open Source alternative, instead of linking to illegal software?

    (Yeah, I don't like spyware either, but if people are stupid enough to install it, then that's there bad. It's an other thing for the company to make it clear that the spyware exists, but these are law-technical issues. Which should be dealth with seperately.)
    • Why shouldn't /. post a link to this? If there are ass-bandits who create software with embedded spy/scumware, I see it as poetic justice that people learn about and use a non-shitty alternative. (And seriously, how much more 'illegal' is this than software that already allows you to leech mass quantities of software/music/etc that you didnt pay for?)

    • Re:Warezdot.org??? (Score:4, Interesting)

      by _Sprocket_ ( 42527 ) on Sunday April 21, 2002 @05:40AM (#3382571)


      WTF? I mean, are we going to see front-page links to warez copies of AutoCAD here soon, just because we don't agree with the way Autodesk wrote their software?


      You have a valid point tossed in with all the blame towards Slashdot. That point being the question of how legal and/or moral it is to hack and distribute freeware to remove undesired functionality (and would it make any difference if the app in question wasn't freeware). But I have to disagree with the overall tone of the post.


      First, this is a valid event. It is part of the backlash towards Kazaa for their business practices. And it is a popular action too, judging from the article and the fact that the last few times Kazaa has been the subject of a Slashdot article, Kazaa-Lite gets multiple mentions.



      For a site that is supposed to be so Open Source aware this seems especially strange. Open Source does not condone piracy. Instead it allows for alternatives. So why not have an article about a good Open Source alternative, instead of linking to illegal software?


      Let's not confuse issues here. This has NOTHING to do with Open Source. Heck - Kazaa has nothing to do with Open Source software itself. Though the suggestion to mention Open Source alternatives is a fair one.
      • The fact that it is freeware does not change the copyright that applies to it.
        So what? Just like when you buy a magazine, you're allowed to rip-off the pages and paste them into a scrapbook (or sell them on e-bay), so you oughta be allowed to excise the parts of a copyrighted program you just bought that you don't like, EULA notwithstanding (cause the EULA can clamour whatever it wants, it certainly can't remove your LEGAL RIGHTS.
  • I'm looking at the Kazaa search interface
    and hauntingly reminds of The Registers recent story about the Windows XP search companion. I am not a code head, but it appears to me that Kazaa's search functionality is based on something native to Windows. If Kazaalite propagates, and if it is in fact based on this parasitic search functionality, would MS get to see any of what is searched?

    http://www.theregister.co.uk/content/4/24815.htm l
  • This isn't so new... (Score:2, Interesting)

    by Choppa ( 88604 )
    I did this a few months ago. Instead of hacking KaZaA, I hacked the CyDoor DLL, replacing the old on with my version that simply does nothing.
    You can get the code at: http://www.bakedbeans.com/cydoor/
  • I haven't used Kazaa in months, before they started adding the spyware. But is the spyware part of the Kazaa application or a separate app loaded by the installer?

    If it's a seperate program then it should be easy to update the hack everytime they change anything on the server side.

    If it's an integral part of Kaaza then it's impossible to separate them - just like IE is part of Windows - just ask Micro$oft.

  • I wonder if Sharman Networks would have bought Kaaza if they knew their profit could be so easily hacked away.
  • by stain ain ( 151381 ) on Sunday April 21, 2002 @06:39AM (#3382648)
    It took a while to realize what kind of spyware kazaa was, even with lots of people using it for a long time.
    Now we have this 'hacked' version with the spyware apparently removed. I don't know the author, there is no company behind it, it is not open source... and nonetheless we all jump over it, trusting it does what it says...
    How do I know it doesn't contain some extra spyware?
    I have not any indication that kazaalite is not a legitimate software, but again, I have not any indication on the contrary... I think there is something very wrong in the way we accept and instantly trust new software.
    My question is WHY should I trust this more than kazaa?
  • Linux version? (Score:3, Interesting)

    by Jacek Poplawski ( 223457 ) on Sunday April 21, 2002 @07:03AM (#3382679)
    What happened with Linux version of Kazaa client? Are there plans to make it back?
    • There is a Linux fasttrack-type client, giFT [sourceforge.net]. However, it can't access the KaZaa FastTrack network, due to their encryption. ("No control over the network," my foot!) It can only trade with other people running giFT.

      As for KaZaa's own Linux client, I don't know, though I find myself a bit in doubt. After all, you can't pop up ads in a text mode client, nor can it run trojans...
  • Russian law (Score:2, Insightful)

    by k98sven ( 324383 )
    Just a thought: Given that Russia does not have a DMCA-type law,
    how motivated would they be to extradite these guys to the USA?
    (Given, of course, that they figure out whodunnit)

    It seems to me the russian police have a bit more important things to do..

    Any russians here who'd like to comment on this?
  • by Animats ( 122034 ) on Sunday April 21, 2002 @12:35PM (#3383565) Homepage
    KaZaa's contract with Brilliant is in Brilliant's latest SEC filing. [sec.gov] (See Exhibit 10-40.) KaZaa is obligated to put Brilliant's "projector" into all copies of KaZaa for three years starting October 16, 2001. However, KaZaa has the right to terminate the contract after one year. After all this furor, there's a good chance KaZaa will do just that.

    Brilliant Digital is a tiny company (18 employees) with financial problems. ("We anticipate that during remainder of 2002, we will need to raise additional capital, as our current operations do not generate positive cash flow." - Brilliant Digital SEC filing) They used to make hip-hop videos (really!). The AMEX is considering delisting their stock because the price is below $1 per share. They also have heavy debt, unusual for a dot-com.

    So the most likely outcome is that KaZaa drops Brilliant in October, after which Brilliant goes away like all the other dot-coms with stupid business concepts.

  • This explanation is available within the installer file (v1.6.0, english). All in all, this sounds very reasonable and plausible to me:

    *** Important Note ***

    Why was KaZaA Lite created?

    For the same reason as the one why CNET has recently removed KaZaA from its download listings. Alongside the original KaZaA some third party software is distributed. This normally would not be an issue for me since it is mentioned in KaZaA's legal notice. But in this case this third party software severly threatens our privacy. The software from Brilliant Digital goes even beyond that point, acting more and more like a virus. The real workings of these third party software is not sufficiently explained to the end users by KaZaA. The legal notice is very long and difficult to understand, particularly for those whose native language is not English. Fact is that most users of KaZaA don't even know that there were some third party software installed by KaZaA, or more important what that software does. When KaZaA is uninstalled, the third party software is not removed. Removing all traces of this third party software is very difficult, even the biggest computer geeks have troubles with it. Virtually impossible for an average user. KaZaA should make very clear what is installed alongside the KaZaA client itself and what that additional software does, before an end user downloads or installs the KaZaA client software. This way an end user has the choice of using the KaZaA client including all third party software, or not using the KaZaA at all.
    Until this happens I am giving the average user a choice to be able to use the KaZaA client without being mislead by KaZaA. Those who have some real knowledge about computers were already able to make their own 'clean' KaZaA client software.

    It is not my intention at all to stop KaZaA from earning advertising revenue. In fact, I am thankfull to KaZaA for creating their great software and the FastTrack network. I only want to make clear that KaZaA has to stop misleading the people who use their software. The majority of the users of KaZaA Lite abandoned KaZaA long before KaZaA Lite was created for the reasons I have outlined above. Or they previously did not wanted to use KaZaA because they were aware of its implications. KaZaA Lite users now are a part of the network. The increased number of users on the network due to KaZaA Lite is beneficial for KaZaA, since a large network attracts new users.

    "KaZaA, the way P2P should be". I hope this becomes true in the future.

  • Easy. None of the damn things scale.

    Napster was great untill too many people used Napster. Then it was Gnutella, but soon too many people used that too. Then Morpheus, then Kazaa... Each emerges, gains popularity, and is destroyed by it's own popularity.

    Here's a clue - any network where a message from a client is supposed to perpetuate to every other client is doomed to failure as the number of users increase. No amount of CPU or bandwidth that we will see in the near future can save it.

    Who is starting the next P2P sacrifical network? Might as well get on board before it becomes popular and the honeymoon ends.

Let's organize this thing and take all the fun out of it.

Working...