Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Security

Desktop Search Tools Will Help Virus Writers 140

An anonymous reader writes "With desktop search tools all the rage, ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware. "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst at Frost & Sullivan. "
This discussion has been archived. No new comments can be posted.

Desktop Search Tools Will Help Virus Writers

Comments Filter:
  • by Ckwop ( 707653 ) * <Simon.Johnson@gmail.com> on Tuesday December 14, 2004 @12:36PM (#11082170) Homepage

    Don't shoot the messenger. Desktop search is only exposing a weakness that is already there as it can only index stuff it has permission to index.

    As always, Schneier is particularly lucid on this issue, see his essay here [schneier.com]

    Simon.

    • by luvirini ( 753157 ) on Tuesday December 14, 2004 @12:48PM (#11082318)
      well the problem is that in some cases the inforamtion could be quite well protected by permissions on the PC, but a process running with system rights could access it and if it had a hole...
    • MSN messenger that is. Does anyone expect MS to produce a search tool that isn't full of security holes?
    • I agree. One can also say that whenever a new software technology is developed, virus writers are open to explore the new technology and find ways to exploit it. Isn't that, after all, what virus writers do? Exploit the technology? Explore?
    • Viruses, trojans and malware, oh my! Help me Mr.Wizard.
    • Your security is only as strong as the weakest link on the system. Forget the Google Desktop, if you have all your mail sitting around unencrypted on your hard disk, it doesn't take much to write code that finds and sniffs through it, no matter which email client you're using. (Makes me wonder what kind of security an email "librarian" like Zoe [zoe.nu] offers...) Again, the key is to do the right things to keep the malware out in the first place.

      Eric
      See your browser's HTTP headers here [ericgiguere.com]

    • by uptownguy ( 215934 ) <UptownGuyEmail@gmail.com> on Tuesday December 14, 2004 @01:24PM (#11082623)
      Desktop search is only exposing a weakness that is already there as it can only index stuff it has permission to index.

      I understand that this is technically true -- but did you know Google Desktop Search can do some pretty nasty things -- things like indexing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops. Don't even get me started on cached copies of deleted files...

      Google Desktop Search is powerful -- and is only indexing what is already there, true, true, all true...but still -- when it gets easy enough that someone like me can quickly and easily poke around and look at things I'm not supposed to... well, that's scary.

      • Rewritten:

        I understand that this is technically true -- but did you know Microsoft's security can leave some pretty nasty things -- things like cacheing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops. Don't even get me started on cached copies of deleted files...

        Microsoft's security model is pitiful -- a
      • I use Google Desktop Search, and I tried this and I'm surprised that Google handles it that way. I have a passworded Word document that I accessed earlier today. I searched for a keyword that is in that file and Google Desktop Search found it, and I was able to view the cached file.... I wasn't able to view the "hidden text" in the document (I keep it hidden so it won't accidentally be printed).

        I haven't ever tried the MSN Toolbar Suite, which has the same purpose as the Google Desktop Search, so I d

      • but did you know Google Desktop Search can do some pretty nasty things -- things like indexing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops.

        Whoops is right. Sounds like MS Word password protection royally sucks.
      • If google can get at info in encyrpted word docs w/o the password, it sounds like there is unencrypted access to teh encrypted file through some sort of API. Does anybody know anything about this? I have a file that my brute force methods failed against and I have lost the password.
        • I don't know anything about APIs or brute force attacks or whatever. I was a technical MANAGER but never an actual geek. (grins) But I can tell you that if you install GDS and let it index that file, you will be able to click on the cached copy of it and see it just fine.

          I emailed Google about this when I uninstalled GDS -- never heard back from them. Didn't expect to. Again, as other posters have pointed out -- this is a problem with MICROSOFT security, probably. I wasn't pointing fingers or laying
        • I would very much like to know if the instructions in the first response worked for you. A friend of mine gave me one of her locked files once because I said I'd try to crack it for her. No luck yet.
      • This isn't a new "exploit". You can get round Word's password protection by opening a document in any program that understands the .doc format, including Microsoft's own WordPad (bundled with Windows).
    • In other news... Another anal cyst... err, umm I mean analyst at Frost & Sullivan discovered that the centralized data stored in a PC user's address book can be exploited by virus and Trojan writers. The anal cyst... err, analyst, stated that "This data provides a list of valid email addresses that could be exploited to spread a virus or worm. It's just a matter of time."

      --
      It works. [wired.com]
      Free Flat Screens [freeflatscreens.com]
  • by garcia ( 6573 ) * on Tuesday December 14, 2004 @12:36PM (#11082178)
    "It sounds like great technology but don't deploy it without considering the security implications. With any new product area there is a need to consider security," said Campbell.

    How about we not worry about userland programs being "insecure" when the real issue is that the malware was installed on the machine in the first place. Just because the desktop search features can index a large amount of personal data does not mean it's a security issue... The security issue is something entirely different and needs to be treated as such.

    Are we supposed to just suffer through computer-use because Microsoft and its users are lax about security so that life is easier?

    Dimension Data's Campbell said that if companies do choose to deploy desktop search tools, they should take extra care to ensure viruses do not get a chance to execute on the desktop.

    Companies like who? Microsoft right? Oh wait, we are supposed to just live with how shitty Windows is at userlevel security right?

    This article was a bunch of trash and really was speculation more than anything else. Move along, there's nothing to see here...
    • How about we not worry about userland programs being "insecure" when the real issue is that the malware was installed on the machine in the first place.

      The problem is that these programs can be the method by which the malware gets on the machine.

      Example: Google Desktop Search contains a buffer overflow. You visit a malicious web page. Nothing happens. Later that day, when GDS is indexing your web browser cache, it processes the malicious page, and infects your system.

    • We dont need to worry about writing secure systems, becasue only bad people will attack us regardless of how secure the systems are.

      Right.

      Security is about layers. Every layer should be built with security in mind. Lets take a walk down memory lane...

      The Internet was initially a collection of sites who were all friends. Only "honourable" people had access, so security wasn't much of an issue. So things like the r* UNIX tools were created. Systems were not built with security in mind, because security was

  • by gowen ( 141411 ) <gwowen@gmail.com> on Tuesday December 14, 2004 @12:37PM (#11082184) Homepage Journal
    "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst
    That's right. Who can forget the terrible slocate worm of 2002, that brought GNU/linux systems crashing to their knees.
    • Re:Sure, George (Score:2, Insightful)

      by kbnielsen ( 835429 )
      > "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst

      Hmmm... I thought that antivirus software is indexing and does capture data on a computer... Silly me... I now realize that antivirus software works by magic...

      /kbn
    • Well it probably will make it easier to write viruses for windows, it isn't like its the shining knight for the virus writers. Windows is an easy target with or without those and has a new exploit in something every week it would seem. There is never a shortage of viruses for the windows OS. Lets just hope that this doesn't make it any worse.
  • Shhh! (Score:3, Funny)

    by romper ( 47937 ) * on Tuesday December 14, 2004 @12:38PM (#11082190)
    Don't give them any ideas! =)
  • While also increasing the ability for anti virus software to patrol and protect the computer, surely? Allowing more sweeps of the system to be performed, most often?
  • efficient viruses? (Score:5, Insightful)

    by k4_pacific ( 736911 ) <(moc.oohay) (ta) (cificap_4k)> on Tuesday December 14, 2004 @12:41PM (#11082229) Homepage Journal
    "more efficient malware"

    Do virus writers really care that much about efficiency? It's not their PC that's gonna run the thing. They could just as easily make the thing continually grep for documents containing 16 digit Luhn-validated numbers and send them off someplace when they're found.
    • by miltimj ( 605927 ) on Tuesday December 14, 2004 @12:52PM (#11082361)
      Do virus writers really care that much about efficiency? It's not their PC that's gonna run the thing

      Except when the user's machine is cranking away at 100% CPU and/or hammering the hdd, they're going to wonder what's up, investigate, and terminate the process.

      (Yes, I know the average user won't, but they're more likely to inquire and report it to someone more knowledgeable).
    • by jokumuu ( 831894 )
      in short, yes virus writers care about efficiency. An efficient thing is more likely to be better in what it is designed to do. Say you want a computer to become member of a botnet, you would not want the users to normally notice anything wrong, decreasing the likelyhood of detection.
    • by jellomizer ( 103300 ) * on Tuesday December 14, 2004 @12:55PM (#11082395)
      The old viruses were very efficient they could be on your system for weeks without you noticing. Until that one program just seems to run a little slower then it should or you hear your floppy disk start processing when it shouldn't The more efficient a virus is the longer it will be there before someone realizes that something is wrong. Most virus out there dont want to distroy the computer just use it for its own goals.
    • I would only because there's alot of old machines out there people still run on. Pentium 1,2,3 windows 98 and such and I would like to reach as many machines as possible and have stuff run on these slow machines.

      I'm no expert in this stuff or have their mindset but it just makes sense to me :)
  • Taking Advantage (Score:5, Insightful)

    by Nom du Keyboard ( 633989 ) on Tuesday December 14, 2004 @12:41PM (#11082235)
    virus writers could take advantage of the technology

    So tell me, is there any technology that virus writers can't take advantage of?

    And don't say Fire Walls. It wasn't so long ago that a well-known fire wall itself proved to be the vulnerable chink in the system.

    • Power failures.
      • Re:Taking Advantage (Score:4, Interesting)

        by jellomizer ( 103300 ) * on Tuesday December 14, 2004 @12:52PM (#11082368)
        Sure the best time is durring a power failure. With the UPSs just powering the needed equiptment. Most of the monitors are off just the Computer And the network gear running on Solo. Cross Link your virus with the APC software when the power goes out you know no one will be looking so start up your virus take 100% of the CPU and do your thing.
        • Am I under some mistaken assumption that most power is pretty damn stable, and that's a very, very small window for your virus to run in, given the amount of work it'd take? You'd be better off writing a Linux virus, you'd get better payoff...
  • ...and prove the quoted analyst at Frost & Sullivan correct.

  • This just in! (Score:5, Insightful)

    by guido1 ( 108876 ) on Tuesday December 14, 2004 @12:43PM (#11082261)
    Technology can be applied for either good or evil.

    Who'd have thunk?
  • Virus Source Code (Score:5, Informative)

    by totallygeek ( 263191 ) <sellis@totallygeek.com> on Tuesday December 14, 2004 @12:44PM (#11082267) Homepage
    For those interested, check out the Virus Source Code Database [totallygeek.com]. As for the article, I don't think that making virus authoring easier is any concern. Why not make the software impervious to virus attack in the first place? I mean, the design of DOS, Windows, and now Windows XP does little to stop malware, viruses, trojans, spyware, etc.

    • My question is...

      How does Microsoft deal with spy/mal/ad ware internally?

      Surely they don't run spybot.

      Surely they have some windows machines?
      • my guess is that 98% of spam comes from redmond because the sys admin decided to get a serial for half life using IE on hotmail's servers, now MS is just one great big botnet.
      • How does Microsoft deal with spy/mal/ad ware internally?

        Well, I deal with many companies that run Windows, asking the same thing. Eventhough I am there just to work with their Unix stuff, I give the best answer I can. Education is the best defense against these malicious pieces of software. Companies that build policies and educate their users about the potential risks involved with computer use have the lowest occurance of problems. I know of one company with approximately 500 machines where there

        • ...but the user is the issue here....

          Oh stop blaming the user already. If software companies were held to the same liability standards as car makers or other manufacturers, we would not have these problems, or at least very few.

          The steering wheel came off when I pulled up on it and I lost control of the car and crashed! I should not have pulled it that way. Just read the average lawyerese on software packages. Manufacturers of other goods would be scorned out of court if they tried to write such stuff abo
      • How does Microsoft deal with spy/mal/ad ware internally?

        Probably they keep their users locked down properly, like we do, and hence don't _have_ problems with spy/mal/ad ware.

  • Hmm... (Score:4, Funny)

    by which way is up ( 835908 ) on Tuesday December 14, 2004 @12:46PM (#11082294)
    or maybe it will be easier to track down the malware since it will be indexed along with everything else?
  • Inevitability (Score:2, Interesting)

    by Tylerious ( 836357 )
    No matter if people use the various desktop services or not, there's always going to be attacks from viruses and related stuff. I don't think people need to spread the virus scare any further than it is. What do you think virus senders want? Personal information, perhaps, but even more the attention. Why give it? Skipping out on helpful applications isn't the way to avoid these things. Nothing can replace an increased safety from people
  • Yes, slashdotters should remember that Microsoft is committed to security in all its fields of operation including the newly announced desktop search tools.

    Computer users should rest assured that when using products from M$, they have a huge, strong and committed company to their well being.

    On the other hand, M$ takes no responsibility whatsoever should problems arrise when using thier products, and informs all users that NO guarantee is made to the suitability of their products.

    • Re:Remember (Score:4, Informative)

      by CrankyFool ( 680025 ) on Tuesday December 14, 2004 @12:59PM (#11082424)
      So lets all agree for the moment that in the area of security (well, in most areas, really) Microsoft sucks.

      On the other hand, the fact they make no guarantees about suitability of their products is a red herring. I believe the OpenBSD people _do_ actually care about security. Have you seen the BSD license (under which OpenBSD is licensed)? It uses exactly the same verbiage.
  • "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits."

    Really? They haven't done so yet. I guess many people remove the Indexing Service from Windows (if it gets installed in the first place) as it's been so problematic over the years. Office was installing that fastfind thing years before that. And UNIX doesn't seem to get hit by so many viruses and trojans anyway.
  • is seeing how it works and using THAT information to create better malware. all the exploits are there apparently if the tools work, they just need to find out what they are and where they are. google has done the research for them.
  • by Anonymous Coward on Tuesday December 14, 2004 @12:50PM (#11082339)
    Filesystems!

    We must eliminate these horrors from operating systems or we will never be rid of all this nonsense. And after we get rid of filesystems, executables should be the next thing to go.
  • Sounds like a call to action to me -- Hay virus writers, please write an exploit for these search toolbars!

  • ...my Linux Servers then.

    Well, so much for being able to have a quickly searchable index of files and on my servers and Linux running laptop.
  • TerrorWorld (Score:2, Insightful)

    by Doc Ruby ( 173196 )
    The terrorists have won. Any new power of people over our environment now spawns fear that another person will hijack it, and use it against us. "We have too much freedom, too much openness - we can't handle it".

    The hell with that. While that fear is multiplying across the world, the politicians charged with protecting us are exploiting and expanding it, while we give them more power without accountability: WHERE'S OSAMA? The corporations smell the money, and are switching their propaganda machines over to
    • What you are talking about the prevalent culture of fear, not caused by, but certainly aided by, terrorism. The culture is far more prevalent than a fear of death, and certainly has been around for far longer than 20 years.

      Good observation, however, your anger is directed at far too narrow of a target.
      • Re:TerrorWorld (Score:1, Offtopic)

        by Doc Ruby ( 173196 )
        The culture of fear is older than humanity. I target the specific roots of our current problem with terrorists/terrormongers, because there's something we can do about it. Growing past ignorance to the awareness that conquers fear is a goal best served by learning from our setbacks, like the current Terror War. If we can learn not to be caught in this trap, we have a chance to achieve the more ambitious goals.
    • We need to stop trusting these sources of FUD.

      Why do you hate freedom?

    • ...but by installing firewalls on Windows...

      Just replace Windows with something more secure. Skeleton keys were superseded by better ones years ago. Get rid of your skeleton Windows for a more secure Mac OSX or Linux.
  • As opposed to Gilbert and Sullivan, who simply sang a catchy ditty about the subject...
  • by debian4life ( 701155 ) on Tuesday December 14, 2004 @01:04PM (#11082470)
    Please stop innovating new software products. Don't you know they can be exploited.

    Always keep in mind that for everything you think it good, it is always twice as bad.

    If you don't believe me, just ask Internet tech writers and bloggers.
  • Not everyone has a desktop search tool running on their computer, I'd expect its less than 10% of users. Unless the virus writer writes his own search tool, this sounds like an unwarranted scare.
  • I have been wanting something to catalogue my home directory, and what I've been leaning towards is the metadata filesystem, or the Gnome "storage" system, or the KDE system. However, getting my existing documents in there would take a lot of time.

    So is there an equivalent tool that will search through your UNIX home directory and help you find documents that match a certain criteria? rgrep just doesn't cut it for me - I've been collecting stuff in there since 1988.
  • by TheEnigma ( 520116 ) on Tuesday December 14, 2004 @01:14PM (#11082565) Homepage Journal

    Let me know when they invent the knife you can't cut a person with.

    Imagine having a job where you're paid big money to state the obvious. The dream of all useless people is to become an analyst.

    Undoubtedly someone will point out that one tool is more useful for nefarious deeds than another, but then how many people get killed by staplers? This is not news!

    • Let me know when they invent the knife you can't cut a person with.

      When they do, I'm sure there'll be an infomercial and it'll only be $ 19.95.

      Just like that soldering iron that won't burn you when you do something stupid, like touch it directly to your eyeball...

      -bs

  • so east to laugh (Score:2, Interesting)

    by Lord Floppy ( 791875 )
    it is so true. Windows just sucks. Its not good for productivity at all. The code is a pure mess. If they want to be a worthwhile platform they might as well just rewrite the entire OS from the ground up.
    • Re:so east to laugh (Score:2, Interesting)

      by eomnimedia ( 444806 )
      Don't know why your post was marked as "Flamebait," L. Floppy.

      I totally agree with you. Windoze was a constant headache. Our office has switched to an all Mac OS X and/or Linux environment and we absolutely love it. It's cheaper, less maintenance, hardly any crashes (if any). We're not looking back. Windowz is a virus that we are more than happy to get rid of.
  • Quick, everyone switch to slocate!
  • Obviously malware wouldn't be possible at all without PC's and, in large part, the Internet. However, who would argue that the solution to malware is doing away with PC's and the Internet. While malware is a real threat, insecurities should be addressed rather than stopping the march of features that add real value to the user.
  • by tezza ( 539307 ) on Tuesday December 14, 2004 @01:33PM (#11082711)
    What's to stop them using something like Lucene [apache.org] in their payload anyway? This is a close match to what these desktop searches do.

    This is a completely useless article. Why blame the Desktop searches??? Once they're in, they have control. If a Sys Admin let the user have enough permissions to index the file with the vital data, surely that is the Sys Admin's fault.

    On UNIX the old adage was that once an intruder had a shell access to the box, you had to assume they could escalate their priveleges. This may not be possible in reality, but makes you focus on shoring up the ways in instead.

  • that since Ziff Davis bought/merged with Cnet two bad sources of information have gotten worse. The hysteria, weak security articles and shoddy reviews are now in the majority and duplicated across 2 domains for good measure. Ahhh, the good old days when all Z-D really had to offer was Dvorak mocking Apple and Cnet had no pundits, only poor reviews paid for by advertisers.
  • ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware.

    It's about bloody time that someone devoted some effort to writting better viruses. Just because we have faster processes, doesn't mean that I want a virus infecting my comuter to be wasting valueable clock cycles becuase the author didn't know how to optimize the inner loop. I mean, really. Virus writers have gotten lazy in recent years. Everyone knows that a well optimized assembly virus will
  • If this is true, that any indexing type software will/can make it easier for Virus/Mall Ware writers, then is it easier for them to write viruses for IIS? Longhorn, Microquat's next encarnation of Bloat Ware, would likely include WinFS, which would completely index and catalog all aspects of the OS and Programs loaded. I wonder if it really is such a big risk? How about to people using Mozilla, etc.? Just switch to Linux it wont matter.
  • From some years now is normal that virus scans outlook's directory and browsers cache to i.e. find new email addresses.

    Whats next? A reccomendation to avoid having a cache in your browser? to not put mail addresses in address books? That will not solve the problem, but also will give me a lot of troubles.

    Of course, if i store money in my home and leave the door open people can stole my money, but the bigger problem there is that i leave the door open. Of course, if i have something valuable i could use

  • duh.
  • 1) This is another case that points out the need for application-level security.

    The issue here is that only the index program should have access to the index. It should not run as another user or system account, because it should have access only to the currently logged in user's files. It shouldn't have to change identities back and forth in order to save the index. This is the root problem.

    2) This is as big a problem for Linux as for Windows.

    FireFox had a PNG vulnerability that allowed arbitrary cod
  • "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst at Frost & Sullivan.

    Hmmm... I have yet to see a virus/Trojan exploiting the updatedb/locate mechanism...

  • See my original post [slashdot.org] saying that desktop searching would open us up to more virus attacks....

"It might help if we ran the MBA's out of Washington." -- Admiral Grace Hopper

Working...