PeerGuardian 2 -- Will I regret installing it? -- Opinions please!

[jewelisheaven]

Don't use PG.

If you want to use a blocklist enable ipfilter.dat support in uT.

Why run another program when you have the ability to run it in the client?

[njyoder]

Because PeerGuardian filters for ALL programs and has various extensive, automatically updated lists available for various uses (i.e. not just piracy). It's generally better to implement features like this in one external program than to rely on every individual program to implement it, most likely in inconsistent ways that are annoying to synchronize.

[Firon]

PeerGuardian's lists are completely useless, though. They're maintained by Bluetack, a group that has no fucking idea what they're doing.

Pretty much every datacenter in the world is on their list. Yeah, that's a great blocklist. Totally worth using.

[njyoder]

You could always use non-Bluetack lists or just select a subset of them. That's an issue with Bluetack, not PeerGuardian itself. As far as P2P is concerned, it works well, in spite of Bluetack being overzealous.

The overzealous blockings are generally ones that will not affect torrents, because normally no one from those datacenters will be touching any torrents and they aren't trackers. If it is an issue, you can, of course, go into to the configuration and allow a specify IP/set for whatever IP(s) you need access to. It's really easy to do for whatever few exceptions you might need to make.

I also have it set to allow all http, so I never even needed to do anything to access any sites like this one. Hyperbole aside, they are only wrongfully blocking a few ip blocks, anyway. And if you really want to, you can just release some modified Bluetack list or recommend some other lists.

Would you rather not block any ips at all, leaving yourself completely open, or maybe have to add a few exceptions over the years? Frankly, setting up one of those desktop firewall software packages is a million times more annoying when in learning mode, and people aren't tossing it out over that.

[moogly]

Because PeerGuardian filters for ALL programs

A decent firewall do the same job and surely better.

[Rigmar Radio]

Interesting Thread for sure. I use PG2 with Vista64 having disabled the nasty Micro$oft driver verification system (it stops a lot of useful P2P stuff from working sigh) and with a powerful i7 based PC find it no bother what so ever and the abilty to put WinMX and other block lists on it and disable at will any of the 5 lists that come as standard along with its tight intigration with Azureus or Vuze make it very useful indeed. I live in Canada and have an excellent account with Ontera and Eastlink, and NO peer filtering is used by them though Bell Canada do as indeed do Rogers Wireless. That is why I don't have an internet account with those ISP's.

IF YOU THINK your ISP is filtering out P2P traffic or bit torrent streams then just move. Simple as that, it is not like most people do not have a choice of ISP's these days.

Anyway getting back on subject it would seem that a lot of people are really being quite nasty about Peer Guardian 2. I am using it now to post so this site is not blocked. I just downloaded and installed Micro Torrent so I could better understand why Micro Torrent users often have such poor download speeds (see my post in this section about good settings).

So to recap if you have a modern PC running XP or Vista 32 go for it. Vista64 and you will still have to disable the driver signature rubbish which Micro$oft is attempting to control the world with but that is all. The work around given on there site does not work as auto updates to Vista64 have got round that one and PG2 still does not run unless you disable driver sig. on boot up.

[GeneL]

Hey all,

As the originator of this thread, I just want all you posters to know I'm paying close attention to all your posts and find the varied opinions, those positive as well as those negative, absolutely fascinating and will continue to monitor this thread as the information presented here continues to help me assess the benefits or, on the other hand, the detriment or disadvantage of using PG2.

Thanks to everyone (so far) for all your invaluable input. I know it's not only helping me but many others as well who have pondered their decision as to whether or not to use PG2

[jewelisheaven]

This isn't the first thread where the ... merits of PG have been debated. Not here and certainly not online.

So what did you choose, or is this the most epic troll ever?

[alexguy2009]

I used PG2 on a Vista32 and it has been "Not Responding" 2 times out of the 4 times I used it. I also felt the speed of my computer significantly drop, even though I was using only 5 IP bockers.

[njyoder]

A decent firewall do the same job and surely better.

Why would it do it any better? The issues for block lists with PG2 affect any other software that uses block lists (i.e. these are arguments against block lists in general), so no firewall is immune to these issues. A firewall will have no way of knowing what IPs are anti-p2p without a block list. Even if software existed to detect suspicious IPs, you can only detect them after you've started downloading from them, so they are only useful if you use that information to create a block list for others, hence you are back to the block list issues.

I used PG2 on a Vista32 and it has been "Not Responding" 2 times out of the 4 times I used it.

Check out the official PG2 forums for help on this. Personally, I've run it on XP on a relatively slow computer and it ran smoothly.

[Lord Alderaan]

PG2 mostly fulfills a psychological need for addressing a feeling of being in danger. Even if it's actual results are minimal and the side-effects detrimental to the user itself and innocent bystanders these kinda programs will always be popular. Tapping onto people's fears will always work.

Luckily Phoenix Labs and Bluetack aren't directly exploiting the users for money.

P.S. I said 'mostly'.

[moogly]

As many people said previously, blocking IPs during torrenting is only an appearance of security, anonymity or what you want.

Restricted to p2p applications, PG2 do the same role than ipfilter.dat used with uTorrent. The only good point is to manage various block lists. In addition anti-privacy softwares don't need to be connected to your client to track your IP. Many reports are done by asking to the tracker.

Fot the other applications, I prefer to trust my firewall to block all connection attempts done by a program or a service. Of course I don't mention the point PG2 is completely useless to prevent a special attack coming from an IP if this one is not blocked.

And suprisingly, you didn't tell about the fact PG2 can slow p2p connections and sometimes crash/freeze.

[Firon]

Here's how you can be safe: block 0.0.0.0/0. Guaranteed.

[njyoder]

Restricted to p2p applications, PG2 do the same role than ipfilter.dat used with uTorrent.

If you don't think block listing works, why are you suggesting ipfilter.dat as an alternative? ipfilter.dat is a much cruder form of PG2 and thus there is no reason to use it.

In addition anti-privacy softwares don't need to be connected to your client to track your IP. Many reports are done by asking to the tracker.

Asking the tracker what? Simply asking if someone requested information regarding a torrent wouldn't meet the legal standards required in the U.S. You need to catch them actually downloading the data.

Fot the other applications, I prefer to trust my firewall to block all connection attempts done by a program or a service.

What does this have to do with the purpose of PG2 or block lists in general? Obviously, for many uses (e.g. torrents and web/email use--think embedded tracking media), simply blocking all incoming connections would be defeat the purpose.

That kind of functionality is only good if you're running a service for which you aren't expecting any external, incoming connections, which serves a different kind of security purpose entirely. It's apples and oranges.

And suprisingly, you didn't tell about the fact PG2 can slow p2p connections and sometimes crash/freeze.

This has never been the case with me and my laptop is about 5 years old. How old is your computer? It's always used very minimal resources on my computer and been very stable. As far as firewall type software goes, it uses the least resources of any that I've tried, from ZoneAlarm (which uses quite a bit) to Kerio/Sunbelt.

[jewelisheaven]

Extra software, Penchant for unexpected interference... if you have the option to use it in the program which you use for alleged purposes the blocklists protect you from, I was always one for minimal interference, i.e. the smallest sandbox possible.

Solutions like this boil down into two debates, the blocklists, and the program. Refer to the other threads. . .beat a dead horse lately anyone?

[Switeck]

Yet more to add to the debate:

http://neuron2neuron.blogspot.com/2009/04/berr-consultation-responses-03.html

"There has been little peer-review of antiP2P detection methods. Most companies claim 'trade secrets' over their collection methodology and technology. However, the vast majority of methods do not manage to identify anything beyond an IP address, much less a computer, and certainly NOT an individual."

[kp14]

Good how-to article with screenshots.

Enable and update the ip filter block list in uTorrent (ipfilter.dat)

http://tinyurl.com/myl3ek

[DreadWingKnight]

Second post from that thread made me laugh.

Blocklists like that don't actually protect you.

[Serbian]

OK, reading all this back and forth made me so curious that I had to download that list and I thought I'd leave a little factual note on something no one ever mentioned - the size. it's 12 MB almost 250 K items, all pairs. That info is enough to make me never get tempted to load it - well maybe after a lot of cognac :-)

Just to keep that in memory, raw, would cost 8 MB of private bytes (no paging for perpetual lookup table) and since it's ranges you can't do better than logN per lookup, meaning at least 18 hops. One lookup per each peer in each torrent times the checking frequency. Even if a dedicated lookup gets written (meaning fretting over every CPU cycle spent) it's still an awful lot of time for an app that has to sustain real-time data transfer.

How about someone keeping a small list where only certifiably bad ranges would go, and people would be subject to peer review and periodic pruning (bad guys do shift IP-s).

Note 1: Might be good to have "dual lookup" mechanism, one for individual IP-s, to reduce the burden on the range lookup (large table lookup is where hash table excels, but hash doesn't do ranges).

Note 2: Might be good to have a minimalist routine for guessing bad guys/IPs, call it guessbas :-), to just spot a few simple but predominant behavioral patterns. Yes behavioral analysis is a research area :-) but we are talking minimalist stuff here, like a peer that gives you data substantially faster then 2nd fastest is easy suspect (with come condition) and having an option to auto-filter it and/or log enough to identify if there's poisoning latter. Once you get the first one you'll get ideas for more.

Note 3: If it's not too expensive (don't have the time to do the math), new kind of logging - poison-ID logging, meaning the minimal historical record you'd need to guess poisoning IP with at least 75% accuracy in 95% of cases (meaning - you can discard minor contributors, low speeds, long-dragging downloads ...)

Note 4: Less greedy peer selection process would help. Aim for good average instead of giving huge priority to the fastest, when user lowers the speed limit remove #1 and don't ping it again if the speed is good for the new limit, always check more peers then the user's limit and pick best N out of N*1.x instead of just first N, re-evaluate peers periodically, prune #1 if it's too dominating and you see 2-5 peers that can compensate - if it doesn't work the old #1 will be back at the next re-eval anyway.

Note 5: Better error recovery would help as well - ReadFile errors and hash errors should never disable the whole transfer (discard the minimal # of pieces and keep marching on), and should be a signal for extra tracking in the 2nd round. A runaway torrent and peer should at the very least trigger keeping extra recovery data do that you never ever have to discard the whole torrent or whole files.

Note X :-)

The runaway peer spotting needs a few conditions and some have to be empirical. Speed has to be "high" and what's high has to estimated at run time, and user-correctable, probably safe to ignore everything bellow 50K/s. Transfer with a runaway peer usually also has a runaway speed among other transfers. Also a runaway peer doesn't have to be malicious (usually is :-) - it can be just going too fast for your network or too fast for his network - behavioral analysis is not looking to accuse - just to eliminate :-)) Oh and user needs a flag, per torrent to say deemed-clean i.e. is you are downloading new Ubuntu iso-s you "know" they are clean and don't want time wasted on tracking them.

Once you have the suspect you can track and analyze it more. This part can be much more expensive but it doesn't matter since it happens rarely and on a very small number of connections. For example, deliberate poisoners might have a detectable pattern of sending pieces, accidental poisoners (by stressing the network) might have some early detectable signals before the damage happens. Also, one poisonous runaway I saw was always trickle-downloading, despite having 100% data.

There's also a spotting/analysis for a runaway leach - a peer that has substantially more data than you but is still taking from you substantially more than giving back, over a longer period of time, and usually has substantially higher download speed than you. This is probably more accidental than deliberate but has adverse effect on your process and as behavioral analysis goes - not looking to accuse ... just to eliminate :-)

Oh and if you can guarantee absolute anonymity and transparency (as in every single byte documented) uTorrent users probably won't mind having an auto-sending of reports on a potentially bad IP caught - say to one of truster trackers or a trusted (meaning non US :-) site. Say, certain well known site based in Sweden will probably be delighted to provide such service :-)) Went to a library last week - isohunt was blocked, but that site wasn't - despite distinctively piraty name - discrimination suite anyone? :-)))))))

Runaway Example:

Had a torrent running at 300+ K/s steady and peeking at 1000 K/s, which I never deemed possible on a plain comcast link (encrypted of course), and it got a ReadFile error every time. Took out 2nd fastest IP (70K/s), just because IP wasn't resolving and #1 was in EU so I thought I could trust it :-) Same result. Then I took out #1 which was 300+ K/s alone (2nd was 100+), total speed went to 300-400 K/s, still bad, Took out next #1 (100+, 2nd was 45), total speed remained 300-400 K/s :-) and no errors :-)) ==> political clues are no good for behavioral analysis :-) (bad guys were in .lu and .at, unresolvable and us peers were all OK). I can also be that they were just pushing their or my network beyond their limits - it doesn't matter - not looking to accuse ... just to eliminate :-)

[Switeck]

I've already given a short list.

Also, Protocol Encryption won't prevent the problem:

http://forum.utorrent.com/viewtopic.php?pid=400044#p400044

[juan_valdez]

OK, for those reading this long debate, I urge you to go back up, and search for "VPN".

That's about it, assUme-ing you can trust the VPN provider (hopefully stationed in a decent country) to not divulge your information.

Something like https://www.ipredator.se/?lang=en might be worthy, if you are worried about this issue. Also c.f. https://blog.perfect-privacy.com/2009/06/30/perfect-privacy-remote-port-forwarding/

There is no free lunch, in terms of protecting yourself. The more security, the less usability (as noted by the Zero filter suggested by a technically competent user above : a more thorough model of course includes also filling the inside of all components with concrete, and removing all external wires . . . once any internal batteries die, you should be relatively safe!)

Is a VPN perfect? Nope. Your current ISP could still throttle the connection down (some do for -any- encrypted traffic / traffic they can't classify), and there are still records in the chain. (if someone wants you bad enough to hit up / intimidate the whole chain . . . )

Greater security precautions make more sense for those releasing / sharing new material that may not be approved by powerful entities, whether they be governments, or businesses.

Just my .01, post taxes . . .