Important Security Issue:
Running File Sharing Software at SLAC
By Bob Cowles
On June 28, 2004, a memo entitled ‘Use of SLAC Computing Capability to
Illegally Download Material’ was addressed to all SLAC Staff and
The memo describes SLAC policy and quotes Stanford University policy on
downloading copyrighted or pornographic material from the Internet. Here
are some important quotes from that memo.
Stanford University Policy (applies to the entire SLAC
Stanford is committed to facilitating access to information through its
computer networks as part of its mission to pursue research and create
knowledge. However, the university’s research and teaching mission also
depends on respect for the rights of intellectual property and the
university will not facilitate the pirating of intellectual property
through its computer networks. ... Sharing music, videos, software, and
other copyrighted material in violation of copyright laws can expose you
and others to legal sanctions, as well as sanctions under Stanford’s
policies. Please do not put yourself, your friends, or your colleagues
in that serious and difficult position.
We want to remind you not to engage in illegal downloading of
copyrighted material such as music and films or the downloading of
pornography from the internet. We also remind you of SLAC’s obligation
to follow up, report to the DOE Inspector General, and discipline any
individual on site who does engage in such activity. Because SLAC is
government funded, SLAC has an additional prohibition on misuse of
Early Detection of Infected Computers
SLAC Computing Services (SCS) uses an analysis program that looks for
patterns of network use typical of malicious software. This provides for
early detection of computers on site that might be infected. While SCS
has detected some infected machines, the more common results have been
detection of machines running peer-to-peer file sharing software like
Gnutella, Kazaa, Limewire, eMule, eDonkey. Due to the strong association
of these programs with illegal file sharing, once the software is
detected, SLAC is obliged to ensure that no copyright or other laws are
being violated. As a result, computer security staff reports the use of
file sharing software to Lab management for follow-up investigation.
From a computer security point of view, use of any of this software can
be very dangerous—both to SLAC and to your own personal computing.
The peer-to-peer file sharing networks have been a major vector for
distributing software or files that are ’wrapped’ with adware, spyware,
viruses and trojans in addition to the program you think you’re getting.
Also, even after you close the window, the file sharing software keeps
running in the background and is exposing files on your hard drive to
the Internet—including files you may not want to be visible.
SCS is asking you not to run peer-to-peer file sharing software on the
SLAC networks (including the visitor network), or on a machine that you
use to connect to SLAC via VPN or dialup.
Thanks for your understanding and cooperation.