Wondering what the thread title is all about? Well, pick your random search term and run it through...LimeWire! Pick among the billions of results and enjoy your personal copy of a trojan.

Now, Limewire is in version 4.10 and its "developers" have claimed to have inclued "junk filtering". So why, for **** sake, keep those blasted 851.7 results showing up no matter your severity setting on the socalled junk filter and no matter how many of those you manually set as junk?!

This is really ridiculous...tell me, do the LimeWire developers actually use their own software? Is it so very hard to block every file with the specific size of 851.7? Let me tell you, it's not...a simple "if" statement will suffice, one of the most basic aspects of any programming language, and, yes, that includes Java.

Open up a donation program to allow all LimeWire developers to attend a course like "The Basics of Java" and "How to enter a search term in LimeWire" - I swear, I'd give twice as high the purchase price of LimeWire to enlighten those ****.

See Arrange search results by size (click on link) As that's one simple way to see what's what. I can't answer your question directly because I am not a Java programmer or a LW programmer. I can only point out ways to avoid the muck. WARNING: Viruses on network you should be aware of! (click on link)

The Junk filter is a dynamic learning filter. Virii is definitely the hardest type of result to allow it to learn about. But I'm sure LW will improve the filter as time goes on. These are 'very early days' for the filter. If it was a year old I'd say "fair enough comment." But the filter works well for everything else. And does still filter out a lot of virii all the same. Just not all of it for some reason. Keep in mind the virii on the network has been getting worse week by week ever since the RIAA v's Grokster court case. Google Overpeer to see what type of groups are sponsored to spam the network with dirt to try to destroy it.

Ultimately, I think that the junk filter will be better than a staight size filter. Imagine if they had done a size filter - then everyone would be upset that they couldn't get that legitamate .zip file that just happened to be 851.7 kb also.

Until the filter gets better or they implement a size option, what i have started doing is picking some of the REALLY common ones that i encounter and make files of the same type (.mp3, .jpg, .zip, etc.) but named something like - "[filename] 851.7 is a virus, please delete" and sharing it. It should show up in the same search, and once the unwitting accomplices see the word "VIRUS" they will probably react pretty quickly. Note: make the file at least 0.1 kb so that it isn't filtered out as 0.0 kb "junk"

I think the OP should attend the courses "The Basics of Logic" and "The Basics of Common Sense". Anyway...

MiscJames, what you are trying to do is not gonna work. The filenames of viruses and other bad files are completely useless. The same file has usually thousands of names - it will simply match whatever you or someone else was searching for. There are two simple but important rules regarding spam:

- If spam filtering was simple, there would be no spam.
- Whatever cheap trick works today, won't work next week anymore.

From my understanding of virii, which admittedly is limited , if the virus is deleted then it can't spread. If people delete any files that are 851.6 KB, run a virus/malware scan, and don't DL them anymore - then the virus will die off or at least slow the proliferation down to perhaps tolerable levels.

It's like an active virus detection - we know the signature (for this one virus at least) is 851.7 KB, no matter what the name is. If it is deleted then it can't spread under anyname. When people see "VIRUS" they will, hopefully, snap to, and work for us, i.e. deleting the file and running AV. The majority of users don't read the forums, but they do see the search results - often at that. Let's use that as our forum for disseminating the info, that's what this network is really about anyway, isn't it?

Pehaps it is just wishfully thinking, but i will fall back on the time honored argument "it can't hurt"

P.S. I've been wondering this for sometime and i just now looked it up, the plural of virus is viruses, not viri or virii. My mistake - live and learn.

First of all, you don't need any of that. As a rule of thumb, just ignore anything below 1-2 megabytes (unless you're looking for pictures or the like). Apparently some people really don't know how much a kilobyte, megabyte etc. is and download incredibly small files assuming it's gonna be the video or software they were looking for. Or maybe they just don't look at the size at all.

The spammers can and do modify their little nasty files regularly. It's unlikely that you could keep a database of those up-to-date with reasonable effort. Also whether these are viruses or not is really not important. The existence of these search results themselves is a far worse problem especially because it harms also those users which are rather smart. The amount of search results you get is limited and the more spam there is, the less good results are you going to get.

This gets us to the next point: Yes, it can hurt. If you share "crap" with the names of files people are looking for this means the results delivered by your peer will reduce the number of useful resuls these people may get. One person doing this is hardly a problem but it's really no help either.

What you could do, is creating a bitzi ticket for any bad file so that people get a warning when they bother to lookup
a file before downloading it. However, there's so much spam and there'll probably be a lot more in the future that Bitzi
cannot be expected to scale for this purpose. The amount of good files is virtually limited, the amount of useless or bad data is infinite. One should also keep in mind that anyone can submit whatever he wants to Bitzi so you could claim spam is good content and vice-versa.

If you actually create a bitzi ticket for some spam file, make sure you clear the filename because - as explained - the filename is useless and would be misleading. Certain spam can be recognized by filename patterns but that's really something else.

I don't know which dictionary you use, but here's one http://encyclopedia.thefreedictionary.com/virii lol

But then both can be used Plural of virus or http://en.wikipedia.org/wiki/Plural_of_virus

Hmmm. Interesting thread.

Actually i do look for files under 1 MB sometimes ('bout 1 in 4 times if i had to guess), so for me, ignoring files is not a good option, not if i can find a better one.

Right, i'm aware that they modify there files regually, but so can we. Start with the biggest virus (851.7 i'm assuming) and go from there. To be clear, i'm not suggesting a database, per se, be kept, but rather use the network itself as the 'database'.
For example, if i deal a lot with [filename X plus some-other-stuff] and [filename Y plus-some-other-stuff] which is cluttered with [filename X] 851.7 and [filename Y] 851.7 then i would share just two files - [filename X (851.7) is a virus - DELETE] and [filename Y (851.7) is a virus - DELETE]. Then the idea is people would delete them and they would show up less on the peers and therfor the searches.
I could obviosly do more than just two files, but the point is i wouldn't have to get ALL of them. I would do a few, somebody else would do a few files, and somebody else a few other files, etc. etc. I realize it would have to be a group effort, but if it gained steam i think it could work, it's the inherent strength of the system to share a few files with many.

Granted, if "crap" is defind as anything that is not relavent to what your search is indending, then yes even those files would clutter other peoples searches, but MUCH less so than the virus files themselves. One '[filename] is a virus' file would replace countless 'virus' files.

I didn't know about bitzi, until just now. It sounds like a good idea but i think your right - that approach would be overwelmed because it is too centralized. Plus,it relies, just like forums, on the user knowing before hand what to do and doing it, which if most did, this wouldn't be as much of a problem.

Going back to the first point, if it is effective agianst the worst virus then people will naturally start doing it for others, and in the best case scenario (i'm dreaming i know ) people would "get the hang of things" and actully begin to spot the viruses as they appear and avoid DL them in the first place, halting the spread effectively.

What do you think? respond to me.

I think you ignored or missed part of what I wrote. Search results are definitely the wrong way to exchange such information. If you do that in a large scale - otherwise it would be ineffective anyway - Gnutella will be horribly crippled by the traffic overhead. And again: Forget the filename, that's a red herring, it's useless and gets you nowhere. In the long run all you'd find on Gnutella is lists of viruses. You can exchange such rating of files through other means which are more efficient. However, such a database whether distributed or not will sooner or later become too large and it can as well be abused to declare good files as bad.

You think if there are just enough Gnutella users helping it would work. Just realize how much spam there really is. You get dozens or hundreds of spam results for each single search you start, don't you? Now figure out how much Gnutella users there are and how much spammers there are. If spammers can virtually spam every single user in realtime, you need *a lot* of users to help you. Spammers do not only have magnitudes more bandwidth on dedicated servers - actually server farms, no they also have an unknown but huge number of zombie machines that look just like any other peer on Gnutella (dynamic IP address, legit Gnutella software etc.).

There are actually not as mine dumb users who re-share viruses as one might think. If we're talking about these results which seems to have dozens of sources, well that's just a fake. That's how Gnutella works. You can't tell the difference until you actually try to download the files. If you looked closely you'd see that very few - often none - of those sources actually delivers the file. The few that do are most often the machines (either servers or zombies) used by the spammers themselves. In some cases the spammers put the the bad files into the shared directories or modify the existing software to generate such files after the victim's machine got infected with a worm or trojan horse.

So you might be one of those spamming peers without knowing it and whilst sharing good files at the same time. You also have to be careful to not shoot yourself in the foot by your counter-measures. Actually there's another reason that I don't like your idea: It proposes "what you see is what you get". That's just not true. A filename is just a hint and it can very well be wrong - either accidently or on purpose. That is one of the very core problems. You cannot, should not and must not trust anything from an untrusted source. If people believe that a file is bad because the search results say so, they will also believe that a file is "best quality" for the same reason.

Why should people delete files anyway? The intent is to prevent that they download those in the first place, isn't it?

You make some good points. Perhaps my misunderstanding is in the way the vuirus spreads.

First, though, i understand that the filename is a red herring, but you have to use them in the beginning to make people aware that there is a virus out there - that changes names - that is 851.7 KB, and not to DL any of them.

Unfortunately, i think it would take more than "if there were just enough Gnutella users helping..." I think that it would take <i>most</i> of the users making a small effort. Alas, I also realies this is definately the weak point. But i still think that the vast numbers of users actively trying to avoid getting spammed would win out of the sheer force of the spammers tacticts, which I agree is formidable.

So, now back to the mechanism of infection. I assumed that when someone DLs one of these files that it infects the user with an invisible file or process, that returns a file (of 851.7 KB) with whatever name a search asks the user for. So, if they disinfect the PC then they no longer contribute to search results having 851.7 files. So, just getting people to check for viruses should go a long way to stopping the spam (assuming again that the majority come from infected machines and not the spammers directly - I don't know about this one, further i'm not sure there is any way of knowing), and telling people about the virus goes a long way to getting people to check there system, and using the search results goes a long way to telling people about the virus.

I guess i am misunderstanding the point about crippling the network and how it would become nothing more than a list of viruses. As the process becomes more and more effective there would be less and less need to use it. it should be, now this is a complete quess , but it should be self-limiting.

I shouldn't be helping the spammers if i have done a thorough scan of my system for malware - even if i had DL one of these files previous to scanning. Even rootkits leave secondary evidence that can be scanned for, but i doubt these (851.7) are that sophisticated. Any decent AV scan should reveal and clean this virus, i would think.

You make an excellent point about untrusted sources, but the searcher need not DL my file, which is not your point, mearly not DL another. This can be somewhat trusted because of the preponderance of evidence - LOTS of files that are 851.7 and LOTS of users saying not to DL them. How can it be dangerous to NOT download a file? At the very least it will make them think twice about it, and that surely must be a good thing.

Sorry if this is long winded or doesn't get to the point, but it is getting late and i'm getting tired. I will check back tommorrow, Hyper-kun, if you wish to continue this discussion.

One last point. This could very well just be my way of dealing with the frustration - namely comeing up with some grand unworkable solution. But then again...

My apologies, can't forum tonight afterall.