I fired up my computer this morning and wanted to some some packet analysis to try to reproduce some behavior I’d seen on my network at work. Lo and behold, my computer was generating GOBS of traffic. Constant, bandwidth-sucking traffic that was affecting other computers on my tiny little 1.5mbit broadband connection.
First suspect: Viruses. GRISoft to the rescue! Nope, machine’s clean.
Next suspect: Bittorrent still running? Nope, nope, it’s not set up to turn on automatically, and it’s only used when downloading large stuff like, for instance, ISO images of the latest Linux distribution or the IRCHA 2007 DVD (legal download, you know).
But it sure looked like BitTorrent. I mean, the traffic was all UDP, and all coming from the same port on my machine and going TO the same port on my machine: udp port 21600.
I dug into Control Panel. I modified my firewall policies. The traffic continued unabated. Finally, I found a little applet in my control panel called “DNA” which was supposed to “accelerate” content on my behalf, and, according to the laughable description, would not affect my computer or network otherwise.
Yeah. Right. I could tell it was having a profound affect, and had been wondering why my network was always saturated, my laptop fan kept running all the time, and my other network communications — like backing up my web server — were running so slow.
Sorry, BitTorrent, I understand you guys are trying to go legit through this content-delivery service, but your DNA client is evil. Why?
- It installs along with BitTorrent without explicitly being installed by the user.
- You don’t describe what DNA is or what it does. When someone downloads BitTorrent, you just get a “Download BitTorrent with DNA Acceleration” link… and no description of what DNA Acceleration is supposed to do.
- You use the full bandwidth of low-bandwidth subscribers without their consent. Sure, “consent” is buried somewhere deep within an End-User License Agreement that nobody reads.
- There are no configurable options to throttle DNA. This alone would go a long way toward helping me feel better about helping you be legitimate. If I could say, for instance, you’re allowed to use 20 kilobits a second, maximum, I might feel better about running your software.
- There are no configurable options to limit total amount of data transfer. Beyond a certain amount, I’m charged per kilobyte of data on my cell phone connection. If I connect through my mobile phone, DNA still begins sharing data with other people, saturating that little tiny pipe and costing me money.
So how can BitTorrent make DNA less evil? For starters, set some more user-configurable throttle and connection options in the control panel, like “enable DNA when I’m on this connection, and disable on this other one”. Also allow users to set the maximum allowed transfer per given interval, and the maximum total bandwidth DNA can consume. Finally, make it explicit how DNA will hobble my connection, and give the user some reason to want to install it regardless.
And put an icon into the taskbar. Really. The fact that it runs totally transparently with no sort of visual indicator sets off my “malware alert” siren.
Something that would be helpful is to give some sort of visual indicator — perhaps a taskbar icon — that DNA is working, and notify users when they are accessing accelerated content. And if a user has throttled their DNA connection, have a pop-up notification from that same icon that, if they didn’t throttle DNA, they could have experienced this content even more quickly.
Fundamentally, the lack of disclosure is troubling when it comes to this software. On the plus side, however, it’s trivial to deinstall BitTorrent DNA.
In absence of other options, that’s exactly what I did.
Now my laptop runs cool again, my other downloads are running at full speed again, and my Vonage VoIP phone connection isn’t skipping anymore. They got one thing right, but “easy uninstall” probably wasn’t on the top of their priority list.
Happened to me
We were doing some wireshark monitoring of our network and saw some continuous activity on port 6881, which alerted my bittorrent antennae that someone was kicking it, peer-to-peer style. It happened to be the manager here at the company, but he was downloading a Linux install, so we told him to make sure he killed the bittorrent after the download was complete.
He did, but again the next day we saw the same port 6881 activity. He claimed he had uninstalled bittorrent, and I verified he had, but even then the activity was still occurring. I found the DNA app under Add/Remove Programs, googled it to see what it did, and uninstalled it.
Problem gone.
So I agree that it’s evil in that it’s totally invisible during install, doesn’t uninstall WITH THE PROGRAM THAT INSTALLED IT, and has no easily apparent configurable options (like On/Off, maybe?). It’s one saving grace is that it does have an entry in Add/Remove Programs for uninstalling it, otherwise I’d have thrown it into the malware heap.
I prefer Azureus for my bittorrenting. it’s Java-based, but works fine for my occasional downloads.
My $.02 Weed
My $.02 Weed
Its really nice how we can
Its really nice how we can find BitTorrent News and information for free in the Net
EDIT by matthew: spammish link removed. Is this really the latest trend: an innocuous, content-free comment with a link to a money-generating-based-on-traffic site?
After installing a new game
After installing a new game today, I looked at my modem and it was flashing and I wasn’t doing anything on the ‘net. Pretty scary right? I had been doing quite a bit of uploading, so I never even thought about it. I was about to uninstall the game when I saw teh DNA in the control panel. I have uninstalled it and hopefully all is well. Running avg and spybot just to be sure.
port 21600
>But it sure looked like BitTorrent. I >mean, the traffic was all UDP, and all >coming from the same port on my machine >and going TO the same port on my machine: >udp port 21600
I had the same problem. Your DSL/cable IP was saved in some kind of database when you installed Bittorrent. Uninstalling the program isn’t going to stop the network from doing a discovery, it will just keep banging on your IP. What I did is change my range of assigned IPs (dhcp) on my linksys router. The router won’t forward any more packets. Eventually, your IP should come off the database Hope this help L.
Thanks! I just noticed that
Thanks! I just noticed that pesky thing when I was rooting around in the control panel for other stuff and immediately did a search. Over the past little while I couldn’t figure out why I was so freakin’ slow.
Damn you BitTorrent… damn you straight to hell!
I caught it running via
I caught it running via WireShark too. I allowed the process to run through my Firewall, not realising that it would continually use my upload bandwidth.
Yes I completely agree with all your points and it’s exactly what I’ve been telling a Company that has started use this Borderline Trojan.
BitTorrent relies on their network to be large, and they have made the program to conceal while it’s running (not many users understand much about background processes) in the background.
If I was an anti-virus company I would flag the process as being malicious, since it hi-jacks your upload stream. And especially now since ISP’s are started to include upload in their usage limits, this is downright evil of BitTorrent. If they don’t make it abundantly clear that BTDNA is running/how much bandwidth it’s using/ the share ratio etc. Legal Action should be taken.
Many thanks for this! I was
Many thanks for this! I was definitely concerned when I saw its persistent activity. This helped! Goodbye DNA.
port 80 – tcp
Hi, Iยดve discovered this evil DNA because I was monitoring http anomalous traffic to bittorrent.com site. Even when desinstalling bittorrent the dna remains installed and generating traffic.
Don’t use Bittorrent.
Don’t use Bittorrent. Seriously, there are plenty of better BT clients out there. Try uTorrent or BitComet, both of them blow the original out of the water. Also, if you’re looking for a more “next-gen” client, if you will, try Azureus (Now called Vuze, I believe). It’s different, but still solid. Just rapes your resources.
DNA start/stop
I’ve dealt with DNA before, but somebody (probably my brother) keeps installing BitTorrent and each time I get DNA again. So I was on my way to remove it this time and I noticed that in the control panel (in vista) there is an icon for DNA. I clicked on it and lo and behold there was a start/stop button! It also gives options such as show desktop icon, and there is a pathetic little “about DNA” button that consists of about two sentences.
I still plan on taking the damn thing off, but I had never noticed that in the control panel before. Does anyone know if it’s a recent addition?
-Christian
Start/Stop
Ive been usein BT for about a yr and a half, As far as I know Start Stop has been there for some time, around 7, 8 months. I just dont use it, as you guys posted up, its evil and blows.
Thanks for all this ๐ i
Thanks for all this ๐
i turned my computer on this morning and had windows firewall alert me to unblock or block a program named ‘DNA’. I had no idea what it was, or how it got onto my computer.
I have never installed BitTorrent, i only use uTorrent.
After abit of googling i found DNA’s webpage (http://www.bittorrent.com/dna/), i pretty much laughed at the quality of the writing.. “..this means that by using DNA you will get better stuff quicker from content publishers..” doesen’t seem to legit for me.
Im just annoyed cause i dont know how it got on my computer. Now im going to see how to remove it, and find how it may have gotton onto my computer.
Thanks again ๐
I’m guessing most of you
I’m guessing most of you don’t realize that Bittorrent and uTorrent are one and the same. Bittorrent bought out utorrent some time ago. I’m going to further guess that most of you do not realize that the current versions of both programs were published AFTER agreements with both record and movie companies. Something to think about …….