I noticed tonight there was a bit more activity on my firewall than there should have been. A quick
netstat -o threw me up a mystery IP, which got me a bit suspicious. Checking the firewall shows a kservice.exe running, made by someone called ‘Kontiki’. Added to that, it wasn’t picked up by anti-virus or spyware detection. So let me think back – what did I recently grant permission to use my PC as a server?!?
A bit more investigation and it becomes obvious its part of the ‘package’ that came with Channel 4 (UK)’s new 4OD service that allows you to download their shows online. kservice.exe, from Kontiki, installs itself as a windows service and works as a p2p client in the background, downloading the programs from a distribution of other 4OD users. However, when you quit 4OD, kservice.exe continues to run!
As well as this, it doesnt appear to offer:
- Any sort of option to limit or control the amount of bandwith its using
- Any automatic way of uninstalling
- Any way of changing the port from 8080
I have to admit at this point I was starting to wonder if something had gone wrong with the install. Surely a reputable company wouldnt knowingly install malware on their viewers PCs?? But after a quick Google search I realised I wasn’t the only one (here and here) – it seems Sky By Broadbands customers are having the same problems.
Channel 4 do have a disclaimer on their site:
4oD uses peer to peer (“P2P”) technology. This allows content to be transferred directly from the computers of users of the Service (rather than through a website or directory). If you download Content to your computer, during the Licence Period, we may upload this from your computer (using part of your upstream bandwidth) for the purpose of transferring Content to other users of the Service. Please contact your Internet Service Provider (“ISP”) if you have any queries on this.
But I dont see anything here about it continuing to run after the application has been shut down.
The annoying thing is that Ive actually have a fair bit of use out of 4OD so far. Watching Peep Show and Derren Brown on a weekend when I’ve got some spare time is definitely a bonus, but the fact that I discovered all this out by accident leads me to agree with Geoff – its a little worrying that thousands of people are now running a P2P server on their PC without even knowing it. And how many of these people use ISPs that limit their monthly bandwith?
My solution? My firewall is now blocking internet access to kservice.exe. A little ropey I know, but it’ll allow me to reactivate it again in a few days when theres something on I want to watch! Its not that I have a problem with the whole P2P sharing culture, I just like to be given a choice.
If you’re using Zonealarm and you’re having the same problem, try this:
- Double click the ZoneAlarm logo in the taskbar at the bottom-right of the screen
- In the window that opens, click “Program Control” (left hand side)
- Ensure the “Programs” tab is highlighted (between main and components)
- Scroll down till you see kservice.exe
- To stop the bandwith thievery, scroll right and click whatever’s showing in the “Access – Trusted” column and set it to “Block”. This should put a red cross next to all 4
- To reactivate, click in the “Server – Internet” column and set to “Allow”. This should put change the red crosses to green ticks
Good luck 😉
— Update 2 – 19/2/2008 —
Murad has come up with an application to stop kservice running completely, which could prove to be useful if you want to keep using iPlayer/4OD. Click here for more details.