See
http://www.dslreports.com/forum/rema...=flat;start=60
for the details! Your system is WIDE OPEN if you've installed a recent version of Limewire.

Check this out...

Clean LimeWire

The server is slow and will be easily overloaded, so check back again if you can't download it.

I ran into the same virus mentioned earlier... I didn't realize I got it from limewire though. Why or how was Limewire distributed with a virus?

That spyware thingy is totally out of controll, also for the developers. Hmm... trust isn't somthing I have to LW/BS/Kazaa/Grokster after this spyware fiasco.

Very, very out of control! (echoing Moak) As soon as one piece of spyware has been removed, they see if they can sneak another one in without anyone noticing... Who knows...

Has anyone noticed that the installer size for 2.0. is 3.78 MBs? Isn't that huge?! I remember when version 1.7c was only 1.62 MBs!!

I keep hearing that the earnings from the spyware are 'almost 'covering the cost of bandwidth. Well, let's consider this: If LimeWire made their installer smaller (closer to the size of 1.7c - which believe me, it's possible once you get rid of all the spy/ad/crap), they wouldn't have to pay nearly as much for their bandwidth costs - that's less than half of the current bandwidth used!

Couldn't there be a more innovative way to cover download costs, or even avoid them (and spyware/3d party crap)altogether? I have an idea that could work....

There would be 3 components:

1) Implement a new feature into LimeWire. Each node would share the installer it was installed from. Also, a representative UltraPeer from a chain or cluster of UltraPeers would keep a connection open with a central LimeWire server (if you're skeptical, please keep listening).

2) Set up a special "download bootstrap" server for downloads. The server sends a special ping to its representative UltraPeers, and results (pongs - but compacted and simplified just for this purpose) are returned to the server (directly or through the representative UPs). The server then compiles an updated list every few minutes (using caches so traffic to UPs is reduced). The frequency of updating depends on how many people are trying to download the prog at the current time - also, the searches should cycle through all known UP reps and not do it all at once - that is, unless, LW.com absolutely needs a Denial of Service attack)

3) Create a simple, compact downloader prog (Netscape-like concept - anyone got any better examples?) for the end-user to use (downloaded from LW.com). The installer would be extremely small and limited in function, but it's only job would be to connect to the LW.com server and download a current list of available hosts. There will be many, many results because every peer (ideally) will be a mirror. This would require a more intelligent file-naming convention (or something similar) so that all the LimeWireWin files can be sorted in the version category. So anyways, the download prog receives these results, sorts them into version categories and filters out erroneous files (corrupted or altered [virused?] files). The downloader prog could then download the correct version of LimeWire (assuming they are using the newest installer). The dp could use advanced features like resuming (a must-have) and even swarming. Swarming would evenly distribute the burden of uploading as much as possible, and these downloads should be made so that they don't take up a normal LW node's upload slots (I mean, everyone just has to chip in a tiny little bit, and all the downloaders will their file). This would be fairly transparent to the downloader. And most users would be thrilled with the speed at which they can download the program on a DSL or Cable line (as opposed to a traditional server).

But there are some issues:
What happens when a new version needs to be released? There will still need to be an initial hosting by LW.com until enough users were using the current version. Otherwise, upgrades would be an interesting ordeal. Perhaps discussions will create some new ideas....

This way, LW.com has much less traffic. Obviously, this will not eliminate it, but it could reduce the amount of it quite drastically.

Any comments? Ideas? Corrections? Let's seriously consider the possibilities...

:-)

You have made some excellent suggestions there TruStar,Xolox did something very similar in their updates,and it worked flawlessly....yet I don't think there is a cat-in-hells chance of Limewire implementing them,which is a shame.

i wouldn't like to download an executable from anyone through a decentral network. you have no idea who you are downloading from, and sooner or later there will be files infected by real dangerous viruses...if you really think about this, then i would recommend the following ideas:

- integrate an update checking mechanism in limewire (by calling home to limewire.org, this is far less bandwidth than downloading the whole installer...alternative would be proprietary messages like bearshare, but that could eventually flood the network)

- integrate a public limewire PGP key into the update tool

- integrate an "update" button which automatically starts a search for limewire and downloads the update files. make sure that these files are used if and only if the archive is digitally signed with the corresponding private key. if the archive file is not signed that way, it should be deleted at once - the update has failed.

at last, i'd like to agree with moak and tru - this adware thing must be stopped. i don't mind banner ads, but i'm sure you will find a way to use them without cydoor (i think you already do that in the non-windows versions, don't you ?) if you bundle any third party software with limewire, this MUST be optional. i don't mid if you bundle a dozen programs like BonziBuddy with your installer, as long as i can choose not to install them. this crap has really damaged your honour more than enough...you cannot install things like aureate on users' systems without explicitly telling them. even if cydoor is nothing but an ad engine, the other stuff is not. we don't have to tell you that an installer containing trojans is simply not tolerable.

Hi Abaris!
I will quote myself:
I did take this into consideration. I really like your idea of uniquely tagging installers (w/digital signatures) so that fakes cannot be made as easily. Unfortunately, any key like that can probably be reproduced, and so altered files could still be mistaken as legit ones.

The trojan (yes, it is a trojan) which is installed may be for addware purposes, but why isn't this properly disclosed in the setup. Also, the trojan is not removed with the application uninstall procedure.

Using addware is fine, but only when it's fully disclosed and removed with the application.