Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Desktop Search Tools Will Help Virus Writers

Posted by CmdrTaco on Tue Dec 14, 2004 11:35 AM
from the helping-the-hurters dept.
Security
An anonymous reader writes "With desktop search tools all the rage, ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware. "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst at Frost & Sullivan. "
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Desktop Search Tools Will Help Virus Writers 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Please.. don't shoot the messenger (Score:5, Informative)

    by Ckwop (707653) * <Simon.Johnson@gmail.com> on Tuesday December 14 2004, @11:36AM (#11082170) Homepage

    Don't shoot the messenger. Desktop search is only exposing a weakness that is already there as it can only index stuff it has permission to index.

    As always, Schneier is particularly lucid on this issue, see his essay here [schneier.com]

    Simon.

    • Re:Please.. don't shoot the messenger (Score:4, Insightful)

      by luvirini (753157) on Tuesday December 14 2004, @11:48AM (#11082318)
      well the problem is that in some cases the inforamtion could be quite well protected by permissions on the PC, but a process running with system rights could access it and if it had a hole...
    • I agree. One can also say that whenever a new software technology is developed, virus writers are open to explore the new technology and find ways to exploit it. Isn't that, after all, what virus writers do? Exploit the technology? Explore?

    • Your security is only as strong as the weakest link on the system. Forget the Google Desktop, if you have all your mail sitting around unencrypted on your hard disk, it doesn't take much to write code that finds and sniffs through it, no matter which email client you're using. (Makes me wonder what kind of security an email "librarian" like Zoe [zoe.nu] offers...) Again, the key is to do the right things to keep the malware out in the first place.

      Eric
      See your browser's HTTP headers here [ericgiguere.com]

    • Re:Please.. don't shoot the messenger (Score:5, Interesting)

      by uptownguy (215934) <UptownGuyEmail@@@gmail...com> on Tuesday December 14 2004, @12:24PM (#11082623)
      Desktop search is only exposing a weakness that is already there as it can only index stuff it has permission to index.

      I understand that this is technically true -- but did you know Google Desktop Search can do some pretty nasty things -- things like indexing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops. Don't even get me started on cached copies of deleted files...

      Google Desktop Search is powerful -- and is only indexing what is already there, true, true, all true...but still -- when it gets easy enough that someone like me can quickly and easily poke around and look at things I'm not supposed to... well, that's scary.

      • Rewritten:

        I understand that this is technically true -- but did you know Microsoft's security can leave some pretty nasty things -- things like cacheing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops. Don't even get me started on cached copies of deleted files...

        Microsoft's security model is pitiful -- a
      • but did you know Google Desktop Search can do some pretty nasty things -- things like indexing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops.

        Whoops is right. Sounds like MS Word password protection royally sucks.
      • If google can get at info in encyrpted word docs w/o the password, it sounds like there is unencrypted access to teh encrypted file through some sort of API. Does anybody know anything about this? I have a file that my brute force methods failed against and I have lost the password.
        • I don't know anything about APIs or brute force attacks or whatever. I was a technical MANAGER but never an actual geek. (grins) But I can tell you that if you install GDS and let it index that file, you will be able to click on the cached copy of it and see it just fine.

          I emailed Google about this when I uninstalled GDS -- never heard back from them. Didn't expect to. Again, as other posters have pointed out -- this is a problem with MICROSOFT security, probably. I wasn't pointing fingers or laying

  • Sensationalism alert! dir/s aids malware writers! (Score:5, Insightful)

    by garcia (6573) * on Tuesday December 14 2004, @11:36AM (#11082178) Homepage
    "It sounds like great technology but don't deploy it without considering the security implications. With any new product area there is a need to consider security," said Campbell.

    How about we not worry about userland programs being "insecure" when the real issue is that the malware was installed on the machine in the first place. Just because the desktop search features can index a large amount of personal data does not mean it's a security issue... The security issue is something entirely different and needs to be treated as such.

    Are we supposed to just suffer through computer-use because Microsoft and its users are lax about security so that life is easier?

    Dimension Data's Campbell said that if companies do choose to deploy desktop search tools, they should take extra care to ensure viruses do not get a chance to execute on the desktop.

    Companies like who? Microsoft right? Oh wait, we are supposed to just live with how shitty Windows is at userlevel security right?

    This article was a bunch of trash and really was speculation more than anything else. Move along, there's nothing to see here...

    • How about we not worry about userland programs being "insecure" when the real issue is that the malware was installed on the machine in the first place.

      The problem is that these programs can be the method by which the malware gets on the machine.

      Example: Google Desktop Search contains a buffer overflow. You visit a malicious web page. Nothing happens. Later that day, when GDS is indexing your web browser cache, it processes the malicious page, and infects your system.

    • We dont need to worry about writing secure systems, becasue only bad people will attack us regardless of how secure the systems are.

      Right.

      Security is about layers. Every layer should be built with security in mind. Lets take a walk down memory lane...

      The Internet was initially a collection of sites who were all friends. Only "honourable" people had access, so security wasn't much of an issue. So things like the r* UNIX tools were created. Systems were not built with security in mind, because security was

      • Re:P2P+Desktop Search (Score:4, Interesting)

        by cassidyc (167044) on Tuesday December 14 2004, @11:55AM (#11082398)
        already happens, a misconfigured Kazaa will share your entire drive :)

        Try firing it up (or an adware light version) and looking for "inbox", then select any individual one and you can then search for all that persons shared files.

        Nosey, who me...?

        CJC

  • Sure, George (Score:5, Funny)

    by gowen (141411) <gwowen@gmail.com> on Tuesday December 14 2004, @11:37AM (#11082184) Homepage Journal
    "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst
    That's right. Who can forget the terrible slocate worm of 2002, that brought GNU/linux systems crashing to their knees.
    • > "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst

      Hmmm... I thought that antivirus software is indexing and does capture data on a computer... Silly me... I now realize that antivirus software works by magic...

      /kbn

  • Shhh! (Score:3, Funny)

    by romper (47937) * on Tuesday December 14 2004, @11:38AM (#11082190)
    Don't give them any ideas! =)
  • While also increasing the ability for anti virus software to patrol and protect the computer, surely? Allowing more sweeps of the system to be performed, most often?

  • efficient viruses? (Score:5, Insightful)

    by k4_pacific (736911) <k4_pacific.yahoo@com> on Tuesday December 14 2004, @11:41AM (#11082229) Homepage Journal
    "more efficient malware"

    Do virus writers really care that much about efficiency? It's not their PC that's gonna run the thing. They could just as easily make the thing continually grep for documents containing 16 digit Luhn-validated numbers and send them off someplace when they're found.

    • Re:efficient viruses? (Score:5, Insightful)

      by miltimj (605927) on Tuesday December 14 2004, @11:52AM (#11082361)
      Do virus writers really care that much about efficiency? It's not their PC that's gonna run the thing

      Except when the user's machine is cranking away at 100% CPU and/or hammering the hdd, they're going to wonder what's up, investigate, and terminate the process.

      (Yes, I know the average user won't, but they're more likely to inquire and report it to someone more knowledgeable).
    • in short, yes virus writers care about efficiency. An efficient thing is more likely to be better in what it is designed to do. Say you want a computer to become member of a botnet, you would not want the users to normally notice anything wrong, decreasing the likelyhood of detection.

    • Re:efficient viruses? (Score:5, Insightful)

      by jellomizer (103300) * on Tuesday December 14 2004, @11:55AM (#11082395)
      The old viruses were very efficient they could be on your system for weeks without you noticing. Until that one program just seems to run a little slower then it should or you hear your floppy disk start processing when it shouldn't The more efficient a virus is the longer it will be there before someone realizes that something is wrong. Most virus out there dont want to distroy the computer just use it for its own goals.

  • Taking Advantage (Score:5, Insightful)

    by Nom du Keyboard (633989) on Tuesday December 14 2004, @11:41AM (#11082235)
    virus writers could take advantage of the technology

    So tell me, is there any technology that virus writers can't take advantage of?

    And don't say Fire Walls. It wasn't so long ago that a well-known fire wall itself proved to be the vulnerable chink in the system.

      • Re:Taking Advantage (Score:4, Interesting)

        by jellomizer (103300) * on Tuesday December 14 2004, @11:52AM (#11082368)
        Sure the best time is durring a power failure. With the UPSs just powering the needed equiptment. Most of the monitors are off just the Computer And the network gear running on Solo. Cross Link your virus with the APC software when the power goes out you know no one will be looking so start up your virus take 100% of the CPU and do your thing.
  • ...and prove the quoted analyst at Frost & Sullivan correct.

  • This just in! (Score:5, Insightful)

    by guido1 (108876) on Tuesday December 14 2004, @11:43AM (#11082261)
    Technology can be applied for either good or evil.

    Who'd have thunk?

  • Virus Source Code (Score:5, Informative)

    by totallygeek (263191) on Tuesday December 14 2004, @11:44AM (#11082267) Homepage
    For those interested, check out the Virus Source Code Database [totallygeek.com]. As for the article, I don't think that making virus authoring easier is any concern. Why not make the software impervious to virus attack in the first place? I mean, the design of DOS, Windows, and now Windows XP does little to stop malware, viruses, trojans, spyware, etc.

  • Hmm... (Score:4, Funny)

    by which way is up (835908) on Tuesday December 14 2004, @11:46AM (#11082294)
    or maybe it will be easier to track down the malware since it will be indexed along with everything else?
  • No matter if people use the various desktop services or not, there's always going to be attacks from viruses and related stuff. I don't think people need to spread the virus scare any further than it is. What do you think virus senders want? Personal information, perhaps, but even more the attention. Why give it? Skipping out on helpful applications isn't the way to avoid these things. Nothing can replace an increased safety from people
  • Yes, slashdotters should remember that Microsoft is committed to security in all its fields of operation including the newly announced desktop search tools.

    Computer users should rest assured that when using products from M$, they have a huge, strong and committed company to their well being.

    On the other hand, M$ takes no responsibility whatsoever should problems arrise when using thier products, and informs all users that NO guarantee is made to the suitability of their products.

    • Re:Remember (Score:4, Informative)

      by CrankyFool (680025) on Tuesday December 14 2004, @11:59AM (#11082424)
      So lets all agree for the moment that in the area of security (well, in most areas, really) Microsoft sucks.

      On the other hand, the fact they make no guarantees about suitability of their products is a red herring. I believe the OpenBSD people _do_ actually care about security. Have you seen the BSD license (under which OpenBSD is licensed)? It uses exactly the same verbiage.
  • "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits."

    Really? They haven't done so yet. I guess many people remove the Indexing Service from Windows (if it gets installed in the first place) as it's been so problematic over the years. Office was installing that fastfind thing years before that. And UNIX doesn't seem to get hit by so many viruses and trojans anyway.
  • is seeing how it works and using THAT information to create better malware. all the exploits are there apparently if the tools work, they just need to find out what they are and where they are. google has done the research for them.

  • The #1 exploitation vector for virus writers... (Score:5, Funny)

    by Anonymous Coward on Tuesday December 14 2004, @11:50AM (#11082339)
    Filesystems!

    We must eliminate these horrors from operating systems or we will never be rid of all this nonsense. And after we get rid of filesystems, executables should be the next thing to go.
  • Sounds like a call to action to me -- Hay virus writers, please write an exploit for these search toolbars!

  • The terrorists have won. Any new power of people over our environment now spawns fear that another person will hijack it, and use it against us. "We have too much freedom, too much openness - we can't handle it".

    The hell with that. While that fear is multiplying across the world, the politicians charged with protecting us are exploiting and expanding it, while we give them more power without accountability: WHERE'S OSAMA? The corporations smell the money, and are switching their propaganda machines over to
  • As opposed to Gilbert and Sullivan, who simply sang a catchy ditty about the subject...

  • Technology is E V I L!!!!! (Score:3, Interesting)

    by debian4life (701155) on Tuesday December 14 2004, @12:04PM (#11082470)
    Please stop innovating new software products. Don't you know they can be exploited.

    Always keep in mind that for everything you think it good, it is always twice as bad.

    If you don't believe me, just ask Internet tech writers and bloggers.

  • Tools used for good and evil (Score:5, Insightful)

    by TheEnigma (520116) on Tuesday December 14 2004, @12:14PM (#11082565) Homepage Journal

    Let me know when they invent the knife you can't cut a person with.

    Imagine having a job where you're paid big money to state the obvious. The dream of all useless people is to become an analyst.

    Undoubtedly someone will point out that one tool is more useful for nefarious deeds than another, but then how many people get killed by staplers? This is not news!

  • it is so true. Windows just sucks. Its not good for productivity at all. The code is a pure mess. If they want to be a worthwhile platform they might as well just rewrite the entire OS from the ground up.
  • Quick, everyone switch to slocate!

  • Open Source means they can do it anyway (Score:3, Informative)

    by tezza (539307) on Tuesday December 14 2004, @12:33PM (#11082711)
    What's to stop them using something like Lucene [apache.org] in their payload anyway? This is a close match to what these desktop searches do.

    This is a completely useless article. Why blame the Desktop searches??? Once they're in, they have control. If a Sys Admin let the user have enough permissions to index the file with the vital data, surely that is the Sys Admin's fault.

    On UNIX the old adage was that once an intruder had a shell access to the box, you had to assume they could escalate their priveleges. This may not be possible in reality, but makes you focus on shoring up the ways in instead.

  • ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware.

    It's about bloody time that someone devoted some effort to writting better viruses. Just because we have faster processes, doesn't mean that I want a virus infecting my comuter to be wasting valueable clock cycles becuase the author didn't know how to optimize the inner loop. I mean, really. Virus writers have gotten lazy in recent years. Everyone knows that a well optimized assembly virus will

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.