Leech Computing, Part 1
Where have you been leeched today?
By Phil Frisbie, Jr.
Disclaimer
This article is for personal enlightenment only. It is not a warning of any known current
practices or a proposal of future acceptable practices. However, this is a REAL technology, as
you shall see for yourself....
Part 1 of this article contains no real technical details. It is written to enlighten the average
web user. Actual working examples with source code will be included in part 2.
Background
I am defining Leech Computing as 'a program running on a client computer without user knowledge
that can process data and report back the results, but otherwise does not affect the usability
of the client computer and makes no changes to the client'. This leech program runs only in
memory, and does not access the client's hard drive at all. Real leeches typically attach
themselves to animals that spend time in the water. When the leech is hungry, it attaches itself
to an animal where it either remains until full or is knocked off. If knocked off, it simply
finds another animal to attach to. When the leech is full, it drops off leaving the animal
unharmed. The leech needs the animals, so it chooses large animals and only takes a little blood
at a time without harming them.
Leech Computing is related to distributed computing. Distributed computing projects such
as SETI at Home and distributed.net have hundreds of thousands volunteers that have downloaded
and installed client software that runs in the background or as a screen saver. Data files are
copied between the hard drive of the client and an Internet server in order to retrieve data to
process and send back the results. Work is broken up into small units that can take anywhere from
a few minutes to many days to complete before the results are sent back. These hundreds of
thousands of clients act as one huge computer, which can accomplish much work at a very low cost,
since the clients 'donate' their computing time to the project.
Another technology you may have heard about is Parasitic Computing. Parasitic Computing can use
any computer connected to the Internet to process a tiny amount of data. While the idea is
intriguing, it is not practical because the computing power needed just to send and receive the
data packet is thousands of times more than just processing it yourself. I mention this because
Leech Computing and Parasitic Computing share these basic ideas: the user does not know data is
being processed, no software is installed, and no system changes are made.
So how can Leech Computing retrieve data, process it, and return the results without the user
knowing it? How can it do this without installing any software? How can it be undetectable by
firewall software? All it needs to accomplish these seemingly impossible goals is one piece of
common software, a web browser.
The web browser is the most used piece of software today. Millions of users are logged in at any
given time of the day browsing web sites, checking email, making purchases, etc. Since the first
web site was put online about ten years ago, web pages have gone from plain text pages to the
current flashy looking sites we have today. The web browser has evolved to provide the
capabilities to support these needs.
One of the first web browser enhancements was JavaScript and Java applet support. JavaScript and
Java applets are programs that run in your browser. While Java applets can potentially cause
security problems and are disabled by some users, JavaScript has no serious security problems and
so is seldom disabled. JavaScript is also the most widely used tool to enhance web pages because
it is easy to use and very versatile. Most any time you see cascading menus, moving text, or
forms that warn you when you enter the wrong type of data, you are running JavaScript programs.
In fact, you could say that a fancy JavaScript page is leeching some of your computer resources
in order to create all those fancy effects.
But, while web pages currently use JavaScript and other types of programs to process data to
display, they generally do not send results back to a server (with the exception of forms the
user may fill out and send). From now on when I refer to a leech program, I will be referring to
a JavaScript program. Even though other types of programs such as Java applets and ActiveX
controls could also be used, they may be disabled by the user, they may need to be approved by
the user before they are run, and they do get installed to the users hard drive.