Your thoughts on my network security.

The majority of children who use P2P applications (children being anybody who is not an adult) are using them to download copyrighted music. In the US, this practice is in legal limbo at the moment, with many people being successfully prosecuted, and many not.

There ARE legitimate uses, of course. But I'll wager that far more people use it for illegal purposes (downloading copyrighted music and software).

Just check out the files available via Limewire or various Bittorrent sites. Chock full of files for anybody to download that the copyright holders have explicitly said they didn't not want available.

{snip}

We agree on that.

If its coming from the vendor only, I would consider it a trusted source (to a point). But one has to configure their software to only d/l from that source. Most P2P software defaults to "find anyone on the internet that has the same file name available for sharing" which is clearly dangerous.

So far I've never heard of anyone being prosecuted for downloading. They were prosecuting for offering / uploading.

And ss I already said, in other countries there are sane copyright laws.

Downloading software illegally via P2P is downright stupid. At any rate, without being able to run it, you can't possible infringe copyright.

Yes, I know. When will someone finally sue some of these copyright holders for abuse of copyright?

In most P2P networks files are indexed by cryptographically secure checksums. Bogus data are trivially and reliably detected.

on the P2P nets, Bogus data is also indexed by cryptographically secure checksums

As was found in tests: people THINK they know a lot about things they know little or nothing about, and THINK they know little about things they know a lot about...

And because it's a cryptographic checksum, no bogus data can have the same checksum as the original. The vendor provides the checksum(s) (ed2k link, torrent file, ...), and by these the data are retrieved and verified. Sure, you can send bogus data upon requests, but the checksum won't match and the bogus data will be discarded.

Indeed. And you should really stick to your own advice.

Your information is flawed - you suggest because people don't test their backups, it's best if they don't backup "often". Serious error there pal, if they get some backups working properly, then using your logic, it would stand to reason that they backup more frequently so that there is a higher chance their backup would be a good one.

Anyone that understands backup and importance should also be told that an untested backup may be worthless. All of our clients test their backups weekly.

not THAT many VENDORs on P2P... And anyone can checksum their files.

ever heard about fake lists ?

Hm... almost any Linux distro, Blizzard uses BitTorrent for all their game patches, various game demos from many vendors... in any case, this was the premise on the discussion.

This isn't needed if the only correct identifier is known, since it was provided by the vendor.

jesus, is there any decent software out there?

what do You use to find spyware, malware etc. (I know, you're gonna say: why do you have this crap on your system in the first place) let's just say a customer needs your help and flattening is not an option (yet)- what would you use to clean the system.

Eh... no? Of course not, spyware scanning is like searching in the dark room for the black cat that isn't there. On a clean system, I've always seen such a huge load of false positives that I wonder what the reports of these programs on a unknown system are worth - after all, it will always claim a compromise but no useful explanation.

Nothing at all. Well, I do run ClamAV to prefilter incoming stuff, but just for convience.

Indeed. Scanning is intrusion detecting, not protection.

Nothing. I'd recommend flattening, and if the customer doesn't want to accept this beside all arguments, I'd leave and let him pay for the service served so far. And put him onto the ignore list. He's not worth all the trouble.

Counter point: You did try to clean the system, but you weren't successful. Then you may face legal actions for getting paid for an improper job on trying the impossible, and many other customers will avoid you as well. That's really bad!