Differences between available WinMX Connection Methods

MXPie Solution

Features:

• No bundled software
• No hidden blocks
• Non-intrusive
• No spyware or ad-ware
• Appends WinMX related entries to hosts file, doesn't overwrite existing custom entries
• Uses no resources after installation
• Available in several languages
• Doesn't modify WinMX or third party applications
• Allows user a choice of third-party blocking solutions, compatible with all known programs at this time.
• Works on 98/ME/2K/XP/NT/2K3/Vista/Linux/FreeBSD
• Online help available on dedicated MXPie website and forums (www.mxpie.info)
• Live help available in dedicated MXPie Help Channels on WinMX.

WinMX World Patch

Features:

• Bundled with blocking software (lists controlled by WinMXWorld)
• Block list auto updates itself
• Filtered search results
• DLL-based (DLL is used to provide additional functions to WinMX)
• Consumes additional resources by examining all packets in and out of WinMX
• Available in English Only
• Works on 98/ME/XP/2K
• Help and support through (winmxworld.com)

WinMX Group Patch - Website Closed - No Longer Available

Features:

• Bundled with blocking software (lists controlled by KM - WinMXGroup.com)
• Block list auto updates itself
• Filtered search results
• DLL-based (DLL is used to provide additional functions to WinMX)
• Consumes additional resources by examining all packets in and out of WinMX
• Overwrites hosts file entries
• Available in English Only
• Works on 98/ME/XP/2K
• UPnP for automatic router and firewall configuration (Implemented in v3.1 Beta)
• Help and support through third-party (winmxworld.com)

Vladd44 Auto Update Patch

Features:

• Bundled with blocking software (lists controlled by Vladd44)
• Bundled with Auto Update feature (Block list and hosts file entries controlled by Vladd44)
• Available in English Only
• Not compatible with PeerGuardian2
• Consumes resources by automatically starting two processes on Windows Boot Up (pglite.exe and pieautoupdater.exe)
• Only works on 2K/XP/2K3
• Overwrites existing host file entries
• Help and support available from www.vladd44.com
• Please note this patch is being advertised as Pie Patch; however this is not a release by the official MXPie team.

Auto Updates to Windows System Files (Included in Vladd44 Auto Updating Patch, WinMX World, and WinMX Group Patch):

Unless you explicitly trust the source, it is highly advised against installing any program that has the ability to automatically edit your system files at will. By default upon installing the Vladd44 Auto Update patch, you will allow this patch to access your system's hosts file and make modifications daily. This patch will overwrite all of your existing hosts file entries and although you may manually add them back they will be overwritten again on the next automatic update. This feature can also be exploited by adding hosts file entries for non-WinMX related IP addresses. You could find you have been deceived into thinking that you are visiting a legitimate site, such as online banking, however in actuality you may be at an identical looking site where you input your sign in details and your personal information is then harvested and used in fraudulent practices. Note that when this patch is uninstalled the original hosts file is not returned. Your hosts file will still contain the entries that this patch created.

WinMX World and WinMX Group Patches alter your hosts file without your permission. These patches check your hosts file each time WinMX is started and any existing WinMX entries are overwritten with the WinMX Group preferred entry. This hosts file entry can cause your WinMX to give the message “Patch Operational” or "Patch Online" even when the patch is not properly installed. Upon exiting WinMX the added hosts entry is erased, however any prior existing WinMX entries are not replaced. It may be possible that WinMX Group could use this feature to add non-WinMX related entries to your hosts file in the same manner as the Vladd44 Auto Updating Patch.


Bundled Blocking (Included in Vladd44 Auto Update Patch, WinMX World, and WinMX Group Patch):

Bundled blocking raises several concerns. First is the maintenance of the block list. Who maintains the block list? It is one individual or a group of people? Are they well known as professionals or only amateurs? What types of IP addresses will be blocked by the list? Is there a system of checks or could they be added based on one individuals dislike for another? How often is the list updated? Is it current? Will the user have control over the list and be able to modify it if they choose to?

The WinMX World and WinMX Group patches offer the user no control over the block list. If you use their patch, you are forced to use their block list. This list blocks IP addresses that they have determined to be flooding the network with fake data. It is updated automatically while WinMX is running.

The Vladd44 Auto Updating Patch is bundled with PGlite and preconfigured to use a list set forth by Vladd44. The installation of PGLite also blocks HTTP (website browsing) by default. This can be disabled. Vladd's blocktards list blocks the IP addresses that he determines to be flooding the network with fake data. PGLite uses only one list. There is no Allow list option. The user may look at the list and manually add or remove IP addresses from it. However, if the PGLite Auto Update option is selected any changes made will be overwritten on the next update (currently every 2 hours). If the auto update option is not selected the user will have to manually add block list entries to ensure the list stays up-to-date. Since this can be a very tedious and time-consuming task, PGlite is a rather impractical option for those who wish to have control over their own block list, while ensuring it also stays current.

MXPie Team recommends the use of a third-party application such as PeerGuardian2 or Protowall used in conjunction with the p2p or BlueTack Level 1 list as a method of not only reducing the possibility of your bandwidth being used to flood the WinMX network but also protecting your privacy by blocking known organizations that harvest personal information for their own purposes. This option allows you to add and remove IP addresses at will, and also watch which IP addresses are being blocked from accessing your computer. You can also download updates to your choosen lists straight from BlueTack, a well-known and established organization that specializes in Internet Security Solutions.


UPnP (Included in WinMX Group Patch):

Multiple vulnerabilities exist in Microsoft's Universal Plug and Play (UPnP) feature, which allows your system to automatically detect and enable new devices. The most critical of these vulnerabilities is a remotely exploitable buffer overflow. This allows an attacker to execute commands at the system level, the highest level of access within Windows XP. Once the attacker assumes complete control over the computer and possibly the entire network, they can do anything they want, from launching attacks on other networks to stealing and/or deleting all the data on computer.
It is also possible to exploit vulnerabilities in UPnP to cause DoS and DDoS attacks. By taking advantage of a weakness in the NOTIFY messaging system it is possible to create a message loop that will consume 100% of CPU and allocate all of its physical memory. This will then force the computer system to physically reboot. The DDoS exploit uses this same vulnerability; however this type of attack uses multiple devices to attack a single victim or a range of victims. This vulnerability can cause widespread devastation on a network. In the case of a DDoS attack, it is possible to force the physical reboot of every vulnerable computer on the network.

The UPnP function can also be found as a setting on many routers. In this scenario UPnP is an extension of the plug and play concept which goes beyond a single device. It is highly recommended to disable this service in any equipment that supports it.

The National Infrastructure Protection Center (NIPC) also recommends that the UPnP service be disabled. In addition, Microsoft has released a patch to help protect individual computers from UPnP vulnerabilities.


Further informational articles on the UPnP service and what you can do to protect the computers on your network:

eEye Digital Security Announces Major Vulnerabilities in Default Installations of Windows XP and Certain Installations of Windows ME and 98
http://www.eeye.com/html/company/press/PR20011220.html


The Microsoft UPnP (Universal Plug and Play) Vulnerability by Paul Schmehl.
This article examines what UPnP is, what the Microsoft UPnP vulnerability is, how it can be exploited, what the impact on a network could be and what users should do to protect themselves.
http://www.securityfocus.com/infocus/1548


Microsoft Security Bulletin MS01-059 - Unchecked Buffer in Universal Plug and Play can Lead to System Compromise
http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx