Finns tout new anti-P2P tool

By John Borland
Staff Writer, CNET News

Print
E-mail
Share

Related Stories: Cleaning spam from swapping networks
March 18, 2005; Loudeye snags antipiracy start-up
March 2, 2004; Start-ups try to dupe file-swappers
July 15, 2002

A Finnish company called Viralg is emerging with claims to have a high-powered new way of stopping unauthorized file trading on peer-to-peer networks.

The company, which took the top prize at a recent Finnish emerging-technology competition, says it has been working with BMG Finland to protect local music releases on file-swapping networks for more than a year.

The company's method involves piggybacking on modern file-swapping networks' ability to download from several sources at once. It mimics the digital signature of a desired song, movie or game, and then adds junk data into the download stream, corrupting the file.

The technology "mixes together files in P2P networks in a way that the illegal downloader will end up downloading useless garbage instead of real music, movie or game content," the company said in a press release outlining its technique. "Our...technology is capable of destroying already-shared functional files from peer-to-peer networks."

The company is entering an anti-P2P market that has already contributed much to clogging the biggest networks, such as Kazaa, with numerous "spoofed" files and decoys, making them much more difficult for the average person to use.

Companies such as the Loudeye-owned Overpeer have worked with record companies, movie studios and game companies for several years to protect files on the network. Loudeye claims that it can offer a 99 percent level of effectiveness in protecting its clients' files.

Viralg makes the same assertions, saying its technique is more effective than past versions. It has not divulged details about its service but says that it can artificially mimic the digital signature, or "hash," of valid files on a network so that the peer-to-peer client can't distinguish between the junk and good data.

The company is keeping a low profile for now, though it is seeking international clients and investors. Viralg's marketing director declined to give the names of the founders or executives, or to reveal the size of the company.

Finnish business reports have said the company is led by managing director Jaakko Happonen and founder Juha Natunen, and that its current clients include a "global game console producer," as well as local music and movie producers.

See more CNET content tagged:
anti-P2P, Loudeye Corp., digital signature, P2P, file-swapping network

Add a Comment (Log in or register) 8 comments

They are keeping low profile for a good reason!
by hadaso April 19, 2005 12:58 PM PDT: They are keeping low profile for a good reason! Their "technology" will not last long when released, so they need to use whatever time they have. If they make too much noise the file-sharing world would be ready with better hash functions before they are out.

But the real way to circumvent their technique and any other technique that spreads garbage into the P2P networks is to build reputaion services into the networks that can recognize that certain searches produce faulty files (e.g., by users reporting that) and alerting users making these searches of the low probability of getting a good file. If just this is done then the downloader knows not to download (because the download would probably be useless) and the party trying to discourage downloading succeds in discouraging downloading with less frustration for the user (who is probably a "fan"). But there's a better way that can actually discourage the use of "poisoning techniques": if in the case downloads have high probability of failure the software would suggest to the user "similar content", then the use of poisoning techniques would amount to sending your fans to the competition, and there would be much lower incentive to use those techniques. Another advantage of this is that it can work to promote less well known artists, and would also encourage users to prefer downloading legal content by refering them to available legal content (or at least content whose "owner" hasn't bothered to "poison") that is likely to interest them!; Reply to this comment

Hash codes are created locally
by bobby_brady April 19, 2005 12:58 PM PDT: I hate to break the news to this dumb a$$ company, but the hash codes are created locally.; Reply to this comment

Hey Jaakko Happonen,
by bobby_brady April 19, 2005 1:00 PM PDT: Go get a real job, loser!; Reply to this comment

Short lived
by April 19, 2005 1:38 PM PDT: It might be a problem for a short while. On eDonkey network a hash is generated for a file, file is split and downloaded in parts. If a hash is also generated for a part of the file that say you are downloading from someone then after downloading that part you can check if the hash of the known good part matches with the real hash of the part that you got. If it doesn?t then your p2p program would need to ban that source as sharing invalid contents and ignore it in future downloads. The time to detect a client which shares garbage is equal to the time it takes to download one part.
It doesn?t really matter if the Finish company keeps low profile or not, it has revealed the method and if say eMule developers re-evaluate their usage of hash strings and improve the program, if needed, then this new method of stopping p2p will go by unnoticed.; Reply to this comment

Questionable at best

by unknown unknown April 19, 2005 3:06 PM PDT

Even with the recently discovered collision flaws in the MD5 and SHA1 hashing alogrithms it still takes quite a bit of work to generate a file with same hash value much less the same hash value and same size. Baring a serious flaw in SHA256, a switch to said algorithm would make their job very hard. Using two different hash alogrithms would make their job next to impossible because it would take a very long time to generate file with the same hash values and size.

Reply to this comment

Not really
by April 21, 2005 1:58 AM PDT: I agree with you. But as far as I understand they will not try to generate actual contents that has a valid hash value. At the moment the best p2p works like this: say you download a file - Britney.mp3 it has a hash value H1. Program is looking for sources (clients) that share a file with hash H1. You can place any number of machines in the particular p2p network which announce that they do share a file whose hash value is H1. Your client then connects to the fake source and starts downloading the file, but the client sends your garbage. As I wrote above - the time needed to detect the garbage is equal to the time it takes to download a part of a file and verify the hash value of that part.
And getting the hash values of legitimate files can be almost completely automated, just search for, say, Britney on eMule, get the hashes of result files and put them on your black list, ... when people ask for them you send them back garbage. Annoying at best, but not a p2p killer. One way to combat this, would be to make a public blacklist of fake source IPs and ignore them, this could also be automated, as clients discover machines that consistently send garbage then could add those ips to the global blacklist which is shared by say all 2 million active eMule clients.

bogus sell
by April 19, 2005 6:01 PM PDT: Hey.. it doesn't even need to be a real product.
It's not the first time someone sells a product that doesn't exist.
For example... i can sell vacum fueled warp engines... i just need a **** load of money to work out some minor problems :); Reply to this comment

Sure hope they can isolate copy protected software
by lvirden April 20, 2005 6:34 AM PDT: I would think that if this company starts corrupting firefox downloads, as well as other freely distributable software, which also are distributed via P2P, that lawsuits would soon
follow.; Reply to this comment

Latest tech news headlines

Q&A: What's ahead for Visual Studio and .Net
Posted in News - Business Tech by Adrian Bridgwater

November 22, 2008 6:10 AM PST
Lifestreaming in Obamaland
Posted in Outside the Lines by Dan Farber

November 21, 2008 11:59 PM PST
Judge orders Ballmer to testify in Vista suit
Posted in Beyond Binary by Ina Fried

November 21, 2008 7:35 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Dow Jones Industrials (6.54%) 494.13 8,046.42; S&P 500 (6.32%) 47.59 800.03; NASDAQ (5.18%) 68.23 1,384.35; CNET TECH (5.95%) 56.25 1,002.00

Inside CNET News

Scroll Left Scroll Right

Business Tech
Q&A: What's ahead for Visual Studio and .Net
Microsoft's Jason Zander and Matt Carter talk tools and set out the company's manifesto for data democracy.
Gallery
Photos: Gadgets we're thankful for, Part 1
Military Tech
Army backs Hydrogen Highway
US Army has awarded a $1.8 million contract to develop hydrogen filling stations.
Outside the Lines
Lifestreaming in Obamaland
The technologies that helped Obama reach the White House are going to make the president-elect's life more transparent and scrutinized than any previous White House occupant.
Video
The BlackBerry Storm touches down
Digital Media
MySpace Music to name Courtney Holt chief next week
The lengthy CEO search at MySpace Music is finally coming to an end. Now let's see what the new guy can do against Apple.
Video
SF Bay Area plugs in
Politics and Law
The key to innovation: Privately owned fiber?
A paper released by the New America Foundation proposes encouraging consumers to purchase their own fiber lines.
Cutting Edge
Water ice glaciers spotted on Mars
NASA scientists find what they believe are huge water ice glaciers sitting just beneath the Martian surface.
Gallery
Photos: Top-rated reviews of the week
Crave
This week in Crave
Didn't have time to follow Crave this week? Here's what you need to know to be the belle of the gadget ball.
Green Tech
Google crunches numbers on clean-energy policy
Search giant pressures policy makers with an analysis arguing that government and business can clean the U.S. energy supply while stimulating the economy.