Updated February 4, 2004. Errors or omissions please contact me.
KaZaa Update:
According to a recent article released on January 4, by Wired News over 45% of files downloaded from KaZaa contain viruses and trojans. As reported by Kim Zetter,
"According to the Wild List, a list that tracks viruses and worms that are currently in circulation, the number of types of viruses circulating through Kazaa increased 133 percent in 2003. In January, the list recorded nine different viruses passing through Kazaa; at the end of the year the number was up to 21."
Description:
KaZaa Media Desktop is a filesharing network program that has been downloaded almost three hundred million times, largely by users swapping software and music. If there are children in your home, the chances are good its on your PC. KaZaa by itself might not be so bad (ignoring the easy accessibility to copy written software, music and files) if it weren't for all of the scum that comes bundled with it. Recent additions to KaZaa including a virus scanner do little more than gloss over this fact. KaZaa offers access to all of these .mp3's, software and files in return for displaying advertisements and collecting information about your surfing habits, web pages visited and length of time at each site. Registering your version of KaZaa entitles you to all of this - just minus the advertisements. KaZaa is freely distributed by Avalon Online Networks, Sharman Networks and a number of download sites such as C/Net.
How do you get
it?
KaZaa can be downloaded from the company web site, or through other online download sites. KaZaa is installed by an end user and during installation adds in all of the other scummy programs. Although many programs associated with KaZaa have been connected with less than desirable installation methods - KaZaa itself hasn't. KaZaa and its associated programs are a mess of your own creation. (This is the point where friends and family pipe in with "not me..".) Unsuspecting users often choose to install everything KaZaa offers, subjecting your PC to a whole range of undesirable items, including Gator eWallet - covered in another article on this site.
Details:
KaZaa delivers contextual advertising to the end user. It is displayed on your PC based on a profile it builds about your surfing habits that is collected and stored on a file on your computer identifiable through your IP address. This means that it collects information from your computer while you browse the internet. This is usually accomplished by a program called CyDoor. Cydoor offers the following in their privacy policy:
What Cydoor Technologies Does
In the process of delivering this content, as well as performing online transactions, Cydoor will sometimes query you by means of a registration form for demographic data (gender, age, interests, marital status, salary, area code, country, and education). We will not collect personally identifiable information such as name, address, or telephone number. ..
Demographic information that you provide will be used within the Cydoor Network to provide you with a more personalized experience. Only aggregated demographic information across our user network may also be shared with business partners that provide the software applications on our network and other third parties related or unrelated to offerings on the Cydoor Network. ..
Some software installations will direct you to a partner site, where you may be prompted to complete a registration. The information our business partners collect pertains strictly to their privacy practices, and we do not have access to any of the information collected at these sites. In addition to demographic data, Cydoor requires that you provide your email address during the installation of Cydoor-enabled software programs. If you prefer not to provide us with your email address, then you may opt-out of the software installation. Providing Cydoor with your email address will enable us to send Cydoor-specific technology updates, as well as special offers and promotions from our business partners. ..."
A potential security risk of KaZaa is the transmission of user supplied email address and demographic information that is shared with third parties.
Another major scum component of KaZaa is the Gator eWallet program, which can detect events, create windows to display additional information on a viewed page, monitor messages and actions in addition to installing additional software through the program.
In addition to the above, Gator displays advertising on your computer through pop-up windows, pop-up slider windows (floating images on top of other windows), embedded ads within other GAIN supported software applications, desktop icons and installation files. Removal can only be accomplished through the Add/Remove software feature of Windows, any other method will not remove the program completely. Complete information is available within the Gator eWallet Overview.
Depending on the version installed and the options selected, KaZaa is known to install programs such as First Search, MyWay Speedbar, Gator, CyDoor and 1st Bar.
How does it Violate
Privacy?
To display an advertisement to a user the program(s) such as KaZaa match profiles built as you surf the internet with advertisers within the database. The sites that are visited and the keywords that are entered can be tracked with cookies and through the software programs themselves. Installed with KaZaa is Cydoor. The company indicates they do not collect any personally identifiable information but go on to state that they have no control over the third party companies they work with. Supplying things such as your email address during a 'registration' of KaZaa could be passed through to other companies. Gator does not collect any personally identifiable information, but does say that it collects items such as your first name, country, city and zip code as stated in the EULA.
Are
there any known security issues?
Both Cydoor and Gator are capable of automatically self updating, installing software and services on your computer and collecting personal information as well as aggregate information about your surfing habits. KaZaa has been known to deliver corrupted files and recently an article pointed out that 45% of files on the KaZaa network contain trojans and viruses.
Stability
problems:
There are a variety of stability programs depending on the programs that are installed along with KaZaa. CyDoor has been known to cause occasional conflicts and problems when installed in Windows XP, Gator has been reported to have occasional lock-ups and crashes particularly with the installation plugin. KaZaa itself can cause a marked decrease in PC performance due to the constant use of components such as the Peer Points network and the software itself.
Additional Notes:
In general, an average install of the KaZaa program will install a slew of potentially damaging software and scummy programs. Simple removal with the Add/Remove program feature in Windows will not remove all of the remnants of the programs such as Cydoor registry keys and Gator files. I find it strange that a program as popular as KaZaa, leaves 'extras' but mark it down to the scummy practices of the software the program is bundled with.
I strongly caution against attempting manual removal. Gator itself is known to install an average of 304 entries per machine (registry entries, files & directories), Cydoor 67 entries and KaZaa 124. (Courtesy of Pest Patrol). After installing and uninstalling KaZaa and its related components using the Add/Remove feature of Windows my PC suffered through 92 'left overs' that I found with AdAware.
Terminating KaZaa:
To fully remove KaZaa and all related components the best option is to use the Add/Remove software feature in Windows, and follow with a 'scumware/spyware' scanner such as AdAware to detect any residual files left on your PC. Manual removal is both difficult, tedious and may result in some of the components being left on your computer. For these reasons manual removal instructions are not provided here but can be found under the individual program articles on this site.
- Click on START > SETTINGS > CONTROL PANEL > ADD/REMOVE PROGRAMS. Click "OK" to start the removal process. Select KaZaa Media Desktop and click "Remove".
- Exit the Remove/Install Programs feature in Windows and restart your computer.
- Finish the uninstall by running a program such as AdAware. To detect remnant files, registry keys and cookies.
|
