Bad P2P Programs - What To Avoid

December 09, 2007 by sharky

Some contain crazy spyware; some you just can’t connect to anymore; and some just want your money. Either way, steer clear.

Adware/spyware-laden P2P clients
Pay-to-use P2P services/programs
The iPod $ Music Scam
P2P programs that don’t connect
Other things to avoid

Below is a list of some outstandingly BAD P2P clients, as tested in Dec. 2007 - each with a summary. They could have fit into ALL of the categories above.

Morpheus (all versions)

The first version I installed was version v5.5.0.1096 (it’s the new one that can be found everywhere as that little 184KB pre-installer). The connection was great but there was an unavoidable feature built-in that won’t allow downloading of copyrighted material. It will find and show you these illicit files in the search, but it won’t let you download them. So I did some homework and it turns out that any version past 5.3 does this. Here’s the quote from Wikipedia.com - “The latest version that supports unlimited downloads is 5.3.0. Versions after this are effectively restricted”. So I did some more digging and found “Morpheus Ultra v5.1.1.884″, obviously lower than the v5.3 threshold. But I just couldn’t get version 5.1.1 to connect to the network(s). No matter how much fussing and tweaking I did, it still wouldn’t connect. Furthering my aggravation, I couldn’t uninstall it and had to remove all references to it in the registry. My advice is to just plain avoid Morpheus for P2P file sharing.

LPhant 3.0.2 (or any version, from anywhere)

I wanted to install this program after taking a look at their website, but my antivirus blocked it from installing, stating PUPs (Potentially Unwanted Programs). So I downloaded a different version (2.0) from somewhere else, and I had the same problem. But I did go ahead and install it much to the chagrin of my antivirus and firewall programs. Even after uninstalling it (LPhant gave me errors related to the ‘uninstall’), it was still running in the Task Manager, in which I had to kill it and manually delete the folder and registry entries. It’s obviously laden with adware and other tidbits you don’t want.

LPhant update - they’ve recently released version 3.50, and it seems to be spyware free - no complaints during installation. Users can ‘opt out’ of the advertising package during installation, however, ad pop-ups still occurred. Since LPhant is nothing more than an eMule clone (connects to the eD2K network) - use eMule/aMule instead.

KaZaA Lite K++ (and any other “KaZaA” version)

If you find a link to download KaZaA Lite K++, just simply avoid it (the program can still be found as “klite172e.exe” or other similar versions). It will install perfectly, but it will NEVER connect. I found a second program, KaZaA Gold Premium, and it was the same thing: no connection. I also tried out the ‘KaZaA Lite Resurrection’ version, it didn’t connect either. So I decided to visit the kazaa.com main website and download a different version of KaZaA from there. I received multiple ’spyware’ messages during installation and I didn’t continue. Four strikes, yer out. McAfee isn’t too keen on KaZaA, either.

FilePipe v2.7R (downloaded from their homepage)

Upon installation, my firewall software grumbled that this program was attempting to make unwanted changes to Windows registry, so I viewed these potential changes and it looked harmless enough (or harmless enough that I could be able to undo it later) and I allowed the program to continue. Then my spyware software came up saying FilePipe was a PUP (potentially-unwanted-program), but I superseded this decision and continued on. Now my spyware came up again, this time saying that it could be a Trojan and the program was trying to hijack my home page. This time I did not let FilePipe continue. Sometimes my spyware software has to hit me over the head with a brick… the setup program installs TrojanDownloader: Win32/Small.CAB as confirmed by www.virustotal.com and by McAfee SiteAdvisor.

iMesh (any version)

iMesh used to be a great (free) P2P program, but it has gone totally legal in version 7.1+ so you’ll have to pay for your music unless you want bootleg audio. Older versions of iMesh don’t connect. Also, iMesh has connections to the RIAA - so you really never know what you’re installing when you use it. Steer clear just to be on the safe side! One thing we DO know about iMesh is that it is owned by MusicLab LLC - who also owns the new pay-to-use BearShare (v6.1+), BearFlix, and the recently acquired legal Shareaza[dot]com (version 4). Avoid any and all. Want the real Shareaza? Try Shareaza.sourceforge.net.

Bearshare Pro 6.1

To quote McAfee SiteAdvisor, “Don’t be fooled by the cute bear logo. The free version of Bearshare contains WhenU in our tests”. The latest version of Bearshare v6.1 (and its affiliate BearFlix) have gone legit - search results yield prices next to the songs - you’ll swear you’re on the iTunes website (see iMesh above). Not only that, but both have tie-ins with MediaDefender, MediaForce and cyveillance.com - proud opponents to P2P file sharing. Older versions of Bearshare can be found and work well (and free!), for example version 5.2.5 Lite, and contain no adware/spyware.

And honorable mention goes to…

Miivi.com

We have to hand it to the MPAA for this innovative idea: They set up a trendy Web2.0-named site that offered “fast and easy downloads” containing illegal material (but bogus *.torrents). Unwitting users would install the Miivi (BitTorrent) client program (containing a PC-snooping Trojan) which would then search the users’ hard drives for illegal copies of movies and report them back to MediaDefender. The website has since been shut down, with kudos to the hacker who broke into their email and discovered the incriminating MPAA connection. Despite this heinous act, the P2P community is, as a whole, stronger - new P2P/BitTorrent websites are now being ogled with a sharp eye of scrutiny. Read the full story on torrentfreak.com (search for “Miivi”).