A Cure for Kazaa
Or How To Avoid Digital Content Piracy At Your Company
By Michael Materie, MSCE, CCNA, A+, I-Net+
Remember Napster? These days the #1 file sharing software that has replaced Napster in the hearts of users who download MP3s, movie files, etc. is called KaZaA and if some of your users have installed KaZaA on their desktops to share files using your network, it opens your organization up to several potential liabilities:
Copyright Infringement - In April 2002 the recording industry entered into a $1 million settlement with an Arizona company whose employees accessed and distributed thousands of songs using company equipment. Last October, four entertainment industry groups sent a letter to 2,300 university presidents and CEOs of Fortune 1000 companies urging a tough stand on copyright infringement. In late November, authorities at the United States Naval Academy seized more than 90 computers in an investigation into illegal downloading. The entertainment industry has cited estimates that up to 2.6 billion copyrighted files are illegally swapped each month. There will likely be legal battles raging over this issue for years to come and the last thing you need is for your organization to show up on some lawyer's radar screen because a few of your employees used your network to downloaded thousands of gigabytes of copyrighted files. You can read a current CNN story about this at http://www.cnn.com/2003/TECH/industry/02/1...g.ap/index.html
Security - There are computer viruses deliberately disguised as media files (MS Security Bulletin MS02-072) to entice KaZaA users to download and run them. Plus the KaZaA program itself is loaded with fairly aggressive spyware.
System Resources - Did you really intend your network to be used as a high speed download and storage facility for your employee's illegal movie and music files?
Regardless of how you may personally feel about the subject of sharing MP3's or movies on the Internet, it's unlikely that you want users or employees using company equipment and considerable system resources (and during business hours no less!.
Until now, KaZaA was not easy to detect and get rid of.
(NOTE: You can click on the screen-shots to view a larger image)
How can you easily check for and get rid of KaZaA? It was not designed to be installed or uninstalled over a network. The uninstall for KaZaA 2.1 is not "silent" (it has some pop-ups that must be addressed). It would seem eliminating KaZaA and illegal content is a laborious, machine-by-machine manual process. Another of an ever-expanding list of site management duties a system administrator is compelled to do manually.
Sitekeeper Systems Management Software changes all that. Use it to easily scan and detect KaZaA and other similar software programs across your organization in a matter of minutes (as well as MP3 files). Sitekeeper doesn't require dedicated servers or expensive databases. It installs and runs on the same machine you use to administer your network.
Here's the step by step procedure on how to use Sitekeeper's PushInstall Module to remotely uninstall KaZaA 2.1 from your network. This procedure and the provided files are for v2.1 of KaZaA only.
Our goal is to remove the product from our network, with no intervention required from end-users (especially considering they installed this in the first place) or the need to hike to each machine and remove KaZaA manually, one machine at a time. While it is the case with most software that only a parameter need be added to make the installation silent, KaZaA 2.1 will require a bit of extra work.
We need to solve three problems in order to uninstall KaZaA v2.1 over the network; KaZaA uses Installshield as the "wrapper" for the KaZaA installation and uninstall and we need an "Answer File" to "answer" questions that come up during the un-install. I've already created an Answer file for you so all you'll need to do is copy it. We also need to kill the Kazaa.exe process which remains running even when the program is closed, so we'll need to incorporate the termination of the KaZaA.exe process into our un-install procedure. Lastly the un-install of KaZaA begins (but does not complete) the un-install of a target advertising program installed with KaZaA. A short "Windows Shell" script will take to finish this product's un-install.
HOW TO UNINSTALL KAZAA 2.1 FROM YOUR NETWORK:
Important: Before you start, you will need a version of Sitekeeper installed on your system. You can download Sitekeeper trialware that will scan up to 20 machines by clicking on this link. If you need to evaluate Sitekeeper on more than 20 systems, contact Mike Gioia (firstname.lastname@example.org) or call 800-829-6468 and we'll email an electronic license to you that will enable an evaluation on the number of machines you require.
Note: To create answer files for future versions you can research the knowledgebase at www.InstallShield.com as well as check out the PushInstall tutorial built into Sitekeeper!
STEP 1-GET KaZaA:
Download KaZaA's download management executable (kmd.exe) from http://www.KaZaA.com and save it to your hard drive (you'll actually be re-directed to www.download.com).
Run this program, which will download kmd210_en.exe to your temp folder (i.e. C:\Documents and Settings\%USERNAME%\Local Settings\Temp).
Do not continue the installation once this file has been downloaded (an installation will automatically start once the download completes).
Grab the kmd210_enu.exe file from the temp folder and copy it to a file share, then cancel the local install.
Note: Once you cancel the installation process the downloaded file will be deleted from your Temp folder.
STEP 2- CREATE UNINSTALL FOLDER:
Using a Zip utility you will need to "extract" the product you have downloaded to a folder.
Create a folder called "KaZaA 2.1" and within it, a sub-folder called "Uninstall". Locate them within an existing file share on your network or share the KaZaA folder. You can "share" a folder by right-clicking on it with your mouse and selecting "Sharing and Security".
STEP 3-CREATE (or GET) AN ANSWER FILE:
Click on this link and download our self-extracting zip file for KaZaA 2.1.
Once you open it you'll find three short scripts and one ReadMe file. Place all the files into your KaZaA un-install folder.
You will need the "Setup.iss" for this step (#3) and the "Kazaa.bat" file for step #5. We won't need to make any modifications to SaveNowRemover.vbs though you can view/edit this file with any text editor.
Setup.iss is the "Answer File" I mentioned earlier, and is provided for you. Place it in your appropriate "Uninstall" folder that contains the Setup.exe for KaZaA. This setup.iss file (proprietary to the version of KaZaA) contains the information to answer all questions asked during the software's uninstall routine. By adding a parameter (-s) to the setup.exe command, we're telling InstallShield to look for and use the answers already provided in the Setup.iss file. The use of this file will eliminate you or any one else having to do this manually.
STEP 4-GET KILL.EXE:
As mentioned earlier, the KaZaA.exe process remains running even when the program is closed and this process must be killed in order to uninstall the program. To accomplish this we'll need to download a tool from the Microsoft Resource Kit called Kill.exe. This should be a part of every Administrators toolkit. Best of all its free! Kill.exe will allow us to kill the KaZaA process and continue on with the un-install (Kill.exe can kill local or remote processes).
You can download the entire Administrators Toolkit from Microsoft at: http://www.microsoft.com/ntserver/nts/down...kit/default.asp
Place the tool (Kill.exe) into the shared Uninstall folder created earlier in Step 2.
STEP 5-CREATE BATCH FILE:
To automate calling Kill.exe, running the KaZaA un-install in one action, and completing the removal of SaveNow, we'll need to create a batch file. This simple script is the "Kazaa.bat" file downloaded in Step #3. Make sure the batch file is in the same shared folder with all the other files.
This file must be edited by you before it is ready to use. Using Windows Explorer, right click on the batch file and select "Edit". Then substitute the correct UNC path to the shared KaZaA Uninstall file you created in Step 2.
When you edit the file you can note the command line parameters I've used. (-f) is used to "force" the process to terminate, and then I've listed the name of the process.
I'm using the (-s) parameter for the KaZaA un-install, so that our answer file will be used.
STEP 6-SELECT MACHINES:
Now that our setup work is complete, it's time to begin the un-installs. Let's start by selecting the machines (in Sitekeeper) from which we want to remove this product. Our Uninstall can be run safely (without error) on machines that do not have the product. So you can select a range of machines and if KaZaA is installed on any of them it will be uninstalled by this procedure.
STEP 7-CREATE A PROGRAM LISTING:
Next run the Sitekeeper Add/Remove Programs wizard. We'll need to create a new Program Listing for our un-install batch file. I've named mine "Remove KaZaA" as this will make sense to me if I look at it again a few months from now. We don't need to set any command line parameters in this dialog box as they are already included within our batch file.
STEP 8-SPECIFY SHARE:
We identify the share path and batch file where our uninstall folder is located and put in our administrator user name and password.
STEP 9-RUN/SCHEDULE KAZAA UNINSTALL:
At this point you can choose to run the KaZaA uninstall procedure immediately or schedule it to happen at a later time. We're done!
You've now created a KaZaA 2.1 uninstall script that you can run anytime a Sitekeeper scan discovers KaZaA 2.1 installed on your network.