Possible Back Doors?
 

What is the likelihood that any of the Gnutella P2P applications (or any other P2P) have backdoors written into them? Is there any way to protect my computer and data from this risk once I tell my firewall to allow the P2P to act as a server?

Re: Possible Back Doors?
 

It's extremely unlikely.

Its possible for just about any application to have back doors in them, but the likely hood varies based upon who developed the application and where you downloaded it from. If you dont download it from the original authors distribution, you could be downloading an altered version of the program that could have a virus or trojan in it. An author could easily decide to add some feature that opens a back door intentially or unintentially (whether those intentions are for good or not) to their system.

There is no point in worrying over it though, if someone does create a back door, with so many eyes watching, someone will spot it, but if you still feel a little paranoid (not a bad thing), then you could always use open source clients like gnucleus or phex, and compile your own binaries just for some added security, the eyeballs watching an open source project are a lot more and its a lot easier then a closed source program. (this is I believe one of the reasons the LSB had decided that a total open source solution is the only way to go, because closed source software makes security audits from difficult to impossible to do).

Open source is the way to go, with all this spyware you have no idea what might be installed by the spyware companies, all in the name of marketing.

The spyware programs are completely independent from the P2P applications, so in that respect, it's irrelevant whether they're open-source or not.

There is nothing inheritly wrong with spyware doing market research (such as monitoring your activities for the sake of improving the targeted advertisement), but its the uncertainty of what exactly they are doing. The over all flaw of closed source is that the user has no idea or an easy way to find out, what is being place in their computer. Like for example no one can say for sure if Bearshare or Limewire themselves are free of back doors, the only ones who would know are of course the developers for Freepeers (Bearshare) and Limewire. From that point on its a matter of do you trust these companies and more specificly their programmers, do they seem like responsible people, or do they seem like the kind of people who will put back doors in their software (for what ever reason). It may help others to know, but there has not been a known gnutella client to have a back door in it (that does not take into account the unknown), so its less likely that there is one. Bearshare is the closest one to come to that point, when they forced people to install spy/ad-ware, but they changed that policy.

Just remember this is about trust and responsibility.

[original poster again]

Thanks for the responses. I've always wondered about any program that must act as server or even be a firewall. Like ZoneAlarm. I really like it, but it is free and that seems like a great way for a programmer to put a trojan horse into lots of peoples' computers. So it seems trust is the main ingredient, mixed with buying from trustworthy companies. Thanks, again.
Reno, NV