A Random Rant by The Famous Brett Watson, 27-Feb-2001.
The Register (among others, no doubt) is running a story (recommended reading if you want to make much sense of this rant) on ShareSniffer, a flashy piece of proprietary software that does what so many other elite script-kiddie[?] tools do: scan IP blocks for open Windows file shares. As far as I can tell, there are three important differences between ShareSniffer and your typical script-kiddie tool.
This last point is probably the most interesting: the whole concept of using open shares as a straight Internet peer to peer tool raises all kinds of thorny and interesting issues. An obvious one is the dubious nature of using any kind of scanning tool on the Internet at large: systems administrators everywhere tend to take a fairly dim view of it, and it's a violation of acceptable use in many cases. But the apparent grey-hat nature of the software (spin control be damned) is only one of the many issues. Let me count the applecarts this program has the potential to upset.
First up, a lot of shares out there aren't intentional. That's the whole reason why share sniffing got a black-hat reputation in the first place. These unintentional shares are the result of ignorant end users and an operating system that was never designed for the Internet. The usual story, as per the anecdote in The Register, is that some poor slob has a home network and wants to have access to all his files from both computers, so he shares his whole dang hard drive in read/write mode without a password, oblivious to the fact that the entire Internet can now twiddle his files with abandon. Oops. It's hard to place blame squarely on Microsoft or the end user here: Microsoft have made it easy to shoot yourself in the foot, but the end user pulls the trigger.
So that brings us to the question of whether share sniffing is or is not a black-hat activity, or whether it's a matter of intent. Just because the most common OS/user combination results in a lot of unintentional shares, does that mean that share sniffing is bad? Would it be okay if there were no accidental shares? Is it reasonable for the ethics of the situation to be dictated by the lowest common denominator of OS and user? It doesn't seem fair to me. I suppose that one can really only judge the matter on intent. I submit that share sniffing is ethically neutral in itself, although I treat all such sniffs that poke their nose in my network as suspicious, primarily because they are mostly nefarious script-kiddies at the moment.
This means we have a field which is currently the realm of the black hats, and some company is trying to push it as a white hat frontier, ripe for colonisation. Weird. Doesn't it usually work the other way -- a new field is created and then the black hats figure out a way to exploit it? That's not to say that the whole field is black hat at the moment: there are intentional shares out there now, but they're way less popular than FTP, say. The fact that the service is already widely deployed and sometimes enabled incorrectly is what makes it ripe for exploitation; it's very odd to have an under-utilised but ubiquitous service like that. Microsoft has sort of been trying to push the protocol as the "Common Internet File System" (CIFS), but this is the first effort that actually looks like it might catch on and make it so. The whole Windows file sharing thing was intended for peer to peer file sharing in the truest sense of that phrase, but I don't think anyone quite had this in mind.
An increased interest in file sharing like this is going to have an educating effect on the masses. Whereas black-hat exploitation of open shares is relatively rare and usually subtle, people are going to start noticing when large numbers of rubberneck users start accessing their unintended public share. As The Register mentioned, one person was contacted by SecurityFocus to warn him that his computer files were world-writable. This exposure of the issue will probably result in a net decrease in the number of unintended shares in the wild. The script-kiddies will have to find more subtle ways of exploiting systems.
Let's assume for a minute that file shares become a popular way of sharing files, a la Napster. If the Napster example is anything to go by, this will attract the attention of heavily monied intellectual property owners and their lawyers. But the ShareSniffer company itself isn't a very useful target for the RIAA or any other jackbooted copyright nazis to stomp on: it's way more peer to peer than Napster will ever be, because it uses a USENET posting to share the info rather than store it centrally. Killing the ShareSniffer company would not kill the file sharing in the same way that killing Napster would. Without Napster the company, the Napster software is not useful; the ShareSniffer software, on the other hand, runs entirely independently of any websites or other network resources that ShareSniffer may own. This is a fire that would be difficult to put out once it got going.
And finally, what of the copyright issues? It looks to me like the only way for copyright to stand up to a distributed effort like this is to explicitly declare it illegal to provide access to copyrighted material without the permission of the copyright owner. The usual claim is that people who download the file without legitimate excuse under copyright are the offenders, but they'd be infeasible to trace under this system. They're hard enough to police in a centralised system like Napster. The only realistic alternative is to declare the person who makes the file available the violator. After all, copyright is a law against sharing -- why not call a spade a spade? The provider of any particular file share can't be too hard to track, legally speaking. But even if the courts were to ratify this interpretation of copyright law, and even if it were feasible to track down offenders, there would still be two potential problems.
The first problem is the matter of cost. You can track someone down and sue them, but for how much? Is this a worthwhile proposition? Not on an individual basis, surely: legal proceedings are expensive. It might be used as a deterrent, though: sue the pants off an offender to make an example of him and discourage others. That's where you run into the second problem, though: bad publicity. Make yourself look like a big bully, and you'll get consumer backlash sooner or later. So what will the overlords of IP do when there is no convenient head to cut off? Will they attempt to place the responsibility on ISPs, requesting that people have their access revoked for making copyrighted material available? If so, will there be any burden of proof, or will a threatening letter from the RIAA suffice? There are lots of ugly possibilities.
There are other aspects of this issue that I could discuss, such as the security implications of using USENET as a shared channel, but that's enough for one rant. In closing though, I would point out that none of this may actually happen: ShareSniffer have done themselves a big disservice by making their product rentware. You get a seven day trial period, and after that you can pay a yearly lease on it, or pay substantially more to get indefinite use of it. That's a really off-putting scheme, and it may prevent the system from gaining the popularity it needs in order to be self-perpetuating. On the other hand, if it becomes popular, it's not going to be hard for someone to come up with a truly free compatible program. This strikes me as a "lose either way" situation for ShareSniffer. But then again, maybe I'm a naive idealist.
ShareSniffer raises some very interesting issues. A pity they had to spoil it with their choice of money-making methods.
Author: The Famous Brett Watson