Slashdot Mirror
Desktop Search Tools Will Help Virus Writers
An anonymous reader writes "With desktop search tools all the rage, ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware. "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst at Frost & Sullivan. "
Don't shoot the messenger. Desktop search is only exposing a weakness that is already there as it can only index stuff it has permission to index.
As always, Schneier is particularly lucid on this issue, see his essay here
Simon.
"It sounds like great technology but don't deploy it without considering the security implications. With any new product area there is a need to consider security," said Campbell.
How about we not worry about userland programs being "insecure" when the real issue is that the malware was installed on the machine in the first place. Just because the desktop search features can index a large amount of personal data does not mean it's a security issue... The security issue is something entirely different and needs to be treated as such.
Are we supposed to just suffer through computer-use because Microsoft and its users are lax about security so that life is easier?
Dimension Data's Campbell said that if companies do choose to deploy desktop search tools, they should take extra care to ensure viruses do not get a chance to execute on the desktop.
Companies like who? Microsoft right? Oh wait, we are supposed to just live with how shitty Windows is at userlevel security right?
This article was a bunch of trash and really was speculation more than anything else. Move along, there's nothing to see here...
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Don't give them any ideas! =)
Right is wrong when left is right.
While also increasing the ability for anti virus software to patrol and protect the computer, surely? Allowing more sweeps of the system to be performed, most often?
"more efficient malware"
Do virus writers really care that much about efficiency? It's not their PC that's gonna run the thing. They could just as easily make the thing continually grep for documents containing 16 digit Luhn-validated numbers and send them off someplace when they're found.
Unknown host pong.
So tell me, is there any technology that virus writers can't take advantage of?
And don't say Fire Walls. It wasn't so long ago that a well-known fire wall itself proved to be the vulnerable chink in the system.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
grep
Good luck!
-73, de n1ywb
www.n1ywb.com
Generally, bash is superior to python in those environments where python is not installed.
Technology can be applied for either good or evil.
Who'd have thunk?
Click here or here.
Desktop Search is here to stay, no doubt about it. Google, Yahoo, MSN among others are pursuing this.
We must look at what's next: P2P+Desktop Search
Take a look at this.
Security will always be a problem. So let's put some intelligence into it to control who has acess!
or maybe it will be easier to track down the malware since it will be indexed along with everything else?
No matter if people use the various desktop services or not, there's always going to be attacks from viruses and related stuff. I don't think people need to spread the virus scare any further than it is. What do you think virus senders want? Personal information, perhaps, but even more the attention. Why give it? Skipping out on helpful applications isn't the way to avoid these things. Nothing can replace an increased safety from people
Computer users should rest assured that when using products from M$, they have a huge, strong and committed company to their well being.
On the other hand, M$ takes no responsibility whatsoever should problems arrise when using thier products, and informs all users that NO guarantee is made to the suitability of their products.
"Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits."
Really? They haven't done so yet. I guess many people remove the Indexing Service from Windows (if it gets installed in the first place) as it's been so problematic over the years. Office was installing that fastfind thing years before that. And UNIX doesn't seem to get hit by so many viruses and trojans anyway.
is seeing how it works and using THAT information to create better malware. all the exploits are there apparently if the tools work, they just need to find out what they are and where they are. google has done the research for them.
Filesystems!
We must eliminate these horrors from operating systems or we will never be rid of all this nonsense. And after we get rid of filesystems, executables should be the next thing to go.
MSN messenger that is. Does anyone expect MS to produce a search tool that isn't full of security holes?
Lock down the user's machines with real-time management and secure your enterprise from malicious or even unwanted applications with DynaComm i:scan... You see folks... in the WINDOWS world you really must protect the users from themselves... they need the help of the almight sys admin to prevent themselves from doing harm... i:scan
I know what's on your hard dr
Functionality requires data, even more specific, functionality requires exposed data.
This is like saying "if you walk out of your house, you are exposed to getting hit by a car".
Yes, thanks for the insight.
Sounds like a call to action to me -- Hay virus writers, please write an exploit for these search toolbars!
Zhrodague.net - I do projects and stuff too.
...my Linux Servers then.
Well, so much for being able to have a quickly searchable index of files and on my servers and Linux running laptop.
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
The terrorists have won. Any new power of people over our environment now spawns fear that another person will hijack it, and use it against us. "We have too much freedom, too much openness - we can't handle it".
The hell with that. While that fear is multiplying across the world, the politicians charged with protecting us are exploiting and expanding it, while we give them more power without accountability: WHERE'S OSAMA? The corporations smell the money, and are switching their propaganda machines over to fearmongering, rather than fanning the flames of greed. As long as the actual threats are left to fester profitably, we'll suffer with the poison they ooze into our lives.
We need to stop trusting these sources of FUD. When someone tosses more poison like this at you, challenge them - what are they doing about it? How are they standing up for their freedom, and yours? When they cop out with "it's not my job", "it's too hard", or "I don't know", just cut them out as a source. And get on your own way to protecting yourself and others. Not with innuendo that just makes the threat worse, but by installing firewalls on Windows, circulating anti-spam and anti-phishing warnings to your friends, and remaining calm. Our society is growing painfully through our dependence on our media. If we handle it well, we'll have qualified our traditional trust with verification. Otherwise, we won't have anything: freedom, peace, calm, or a civilization at all - just back to cowering in terror in caves.
--
make install -not war
And now you're talking nonsense. Security through obscurity doesn't exist, and Linux and Mac are safer than Windows. http://www.theregister.co.uk/2004/10/22/linux_v_wi ndows_security/
Join the anonymous, help develop the network: http://www.i2p2.de
As opposed to Gilbert and Sullivan, who simply sang a catchy ditty about the subject...
Honey, I shrunk the Cygwin
Please stop innovating new software products. Don't you know they can be exploited.
Always keep in mind that for everything you think it good, it is always twice as bad.
If you don't believe me, just ask Internet tech writers and bloggers.
Your link is broken. I think you mean http://www.theregister.co.uk/2004/10/22/linux_v_wi ndows_security/ .
And I don't trust the Register to be a good source of journalism. All the blogs I read agree with me, so I must be right.
Not everyone has a desktop search tool running on their computer, I'd expect its less than 10% of users. Unless the virus writer writes his own search tool, this sounds like an unwarranted scare.
God spoke to me.
Until the release the patches! Isn't that how software works now? I'm betting MSN's Desktop Search is the first to be hit.
It's a perfect time for being wasted.
A perfect time to watch the stars.
- Burden Brothers, "Beautiful Night"
I have been wanting something to catalogue my home directory, and what I've been leaning towards is the metadata filesystem, or the Gnome "storage" system, or the KDE system. However, getting my existing documents in there would take a lot of time.
So is there an equivalent tool that will search through your UNIX home directory and help you find documents that match a certain criteria? rgrep just doesn't cut it for me - I've been collecting stuff in there since 1988.
Let me know when they invent the knife you can't cut a person with.
Imagine having a job where you're paid big money to state the obvious. The dream of all useless people is to become an analyst.
Undoubtedly someone will point out that one tool is more useful for nefarious deeds than another, but then how many people get killed by staplers? This is not news!
Stand back. I've got a brain and I'm not afraid to use it.
Desktop Search Tools Will Help Virus Writers
Why stop there?
Why not just say "Windows Helps Virus Writers"?
I guess it's a case of, make things easy for the end-user, make things easy for the virus writer.
it is so true. Windows just sucks. Its not good for productivity at all. The code is a pure mess. If they want to be a worthwhile platform they might as well just rewrite the entire OS from the ground up.
Abandon all hope ye who enter here...
" Please stop innovating new software products. Don't you know they can be exploited."
Ease of Use has so many meanings.
Quick, everyone switch to slocate!
Spencer Ogden
Obviously malware wouldn't be possible at all without PC's and, in large part, the Internet. However, who would argue that the solution to malware is doing away with PC's and the Internet. While malware is a real threat, insecurities should be addressed rather than stopping the march of features that add real value to the user.
Here's the code so far,
.mp3 > myMP3s.txt
;)
ls -R | grep
Anyone want to help? It's GPL Licensed!
Who needs a desktop search anyway? i know where i keep all my stuff, & if not, windows (and linux too presumably) already has an excellent search utility.
Why all this sudden need for a new desktop search program?
It looks to me like another solution in search of a problem.
This is a completely useless article. Why blame the Desktop searches??? Once they're in, they have control. If a Sys Admin let the user have enough permissions to index the file with the vital data, surely that is the Sys Admin's fault.
On UNIX the old adage was that once an intruder had a shell access to the box, you had to assume they could escalate their priveleges. This may not be possible in reality, but makes you focus on shoring up the ways in instead.
[% slash_sig_val.text %]
Are all Apple users as retarded as you are?
No thanks, I wouldn't touch that poisen with a ten foot mouse.
that since Ziff Davis bought/merged with Cnet two bad sources of information have gotten worse. The hysteria, weak security articles and shoddy reviews are now in the majority and duplicated across 2 domains for good measure. Ahhh, the good old days when all Z-D really had to offer was Dvorak mocking Apple and Cnet had no pundits, only poor reviews paid for by advertisers.
ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware.
.vbs trash. I think I am speaking for all slashdotters when I say 'We demand the best viruses that can be made!'.
It's about bloody time that someone devoted some effort to writting better viruses. Just because we have faster processes, doesn't mean that I want a virus infecting my comuter to be wasting valueable clock cycles becuase the author didn't know how to optimize the inner loop. I mean, really. Virus writers have gotten lazy in recent years. Everyone knows that a well optimized assembly virus will shred a harddrive WAY faster than some 'meetoo' script kiddy
HA! I just wasted some of your bandwidth with a frivolous sig!
My solution to this problem is iron-clad. I keep all my banking accounts empty and have nothing of value on my computer, or in life.
but have you considered the following argument: shut up.
The problem is that these programs can be the method by which the malware gets on the machine.
Example: Google Desktop Search contains a buffer overflow. You visit a malicious web page. Nothing happens. Later that day, when GDS is indexing your web browser cache, it processes the malicious page, and infects your system.
The OS-included searches work just fine for me, thanks.
In other news... Another anal cyst... err, umm I mean analyst at Frost & Sullivan discovered that the centralized data stored in a PC user's address book can be exploited by virus and Trojan writers. The anal cyst... err, analyst, stated that "This data provides a list of valid email addresses that could be exploited to spread a virus or worm. It's just a matter of time."
--
It works.
Free Flat Screens
infested with jello like fishes no melotron wishes
If this is true, that any indexing type software will/can make it easier for Virus/Mall Ware writers, then is it easier for them to write viruses for IIS? Longhorn, Microquat's next encarnation of Bloat Ware, would likely include WinFS, which would completely index and catalog all aspects of the OS and Programs loaded. I wonder if it really is such a big risk? How about to people using Mozilla, etc.? Just switch to Linux it wont matter.
--E--
or maybe http://www.theregister.co.uk/2004/10/22/linux_v_wi ndows_security/
Whats next? A reccomendation to avoid having a cache in your browser? to not put mail addresses in address books? That will not solve the problem, but also will give me a lot of troubles.
Of course, if i store money in my home and leave the door open people can stole my money, but the bigger problem there is that i leave the door open. Of course, if i have something valuable i could use a safe box (or encrypt it with a pass phrase or things like that), but if the door is always wide open soon or later any protection i could put will not matter.
duh.
We dont need to worry about writing secure systems, becasue only bad people will attack us regardless of how secure the systems are.
Right.
Security is about layers. Every layer should be built with security in mind. Lets take a walk down memory lane...
The Internet was initially a collection of sites who were all friends. Only "honourable" people had access, so security wasn't much of an issue. So things like the r* UNIX tools were created. Systems were not built with security in mind, because security was not a problem. As the internet becomes larget, with more access, security becomes more problematic. The Morris worm wasent even a directed attack, but an experiement gone bad. But directed attacks started to happen. Sendmail started its bug-of-the-month club. The Internet/Unix/C communities started thinking about security, and eventually things got better. (not perfect, but better).
The Microsoft community (that is, MS reared programmers, not to mention (some of) MSFT itself) attitude is "how dare you attack our systems?! We dont need to worry about security, because the problem is with the attacker, not with us!" And things are bad. Exploits are discoverd and exploited by the bad guys as frequently as they are published on sites like bugtraq.
Notice a pattern? Good.
The problem here is blistfull ignorance. The Internet/Unix community of the 80s had a good excuse, nothing comparable came before them. The MS community does not. Security is Job #1. Unfortunatly, as you have proven, the pattern breaks down at the most important step "learn from your mistakes".
The important feature of that soldering iron isn't that it cools down fast: it's that it heats up fast. How many times have you been aggravated because you have to wait 5 minutes for your crappy rat-shack model to heat up when all you want to do is splice one wire?
of course, I'm assuming it works...
In other news, faster cars will help bank robbers escape quicker, and should be banned.
Geez, people, lay it off for just a second. Take a step back and look at all the FUD you guys are spreading for no logical reason.
how 'bout a table saw?
every program can have a buffer overflow in it,
but i seriously doubt google would deploy such a thing (things happen, but google has comptent people)
props to GNAA
1) This is another case that points out the need for application-level security.
The issue here is that only the index program should have access to the index. It should not run as another user or system account, because it should have access only to the currently logged in user's files. It shouldn't have to change identities back and forth in order to save the index. This is the root problem.
2) This is as big a problem for Linux as for Windows.
FireFox had a PNG vulnerability that allowed arbitrary code to access. The arguement is "I'm not logged in as root, so it can't do anything," but it can modify your login profile to load spyware. It could load a terminal that ran the terminal you normally use, and grab every key you type. It could do this without root access.
It could insert programs into your X startup scripts, it could hide itself fairly effectively from casual scanning.
It might not be able to get in as deep as with a root or administrator account, but it could get in far enough to do some damage before you were likely to notice it.
The issue here is a key logger or real malicious software doesn't care what it's running as. A DDOS doesn't care if its running as root or not. A spam zombie doesn't care if its running as root or not.
Do you inspect every line of code of every package you install? I didn't think so.
3) What this changes is pretty simple.
Keep in mind Windows can have multiple file systems. For a user, it's likely the only file system is mounted on C:. In a corprate environment, the home directory is usually mounted on another drive, and various corprate resources are mounted on other drives.
A virus has to be able to deal with this, however most viruses are written by college students who have never seen a corprate network. Most of them can't deal with gaps in drive letters. Most of them can't deal with network shares.
The index not only stores an index, and points towards files, but also maintains copies of old versions of the documents. In fact, this is why I like google's indexer so much, there are times I can't remember what change I made to somefile.c, and I don't necessarily check in to CVS/SVN/SourceSafe after every compile.
Anyway, the deal here is now a less sophisticated virus can open one file and find the index, so the virus no longer needs to be able to handle skipped drive letters, etc. It doesn't have to deal with the fact that I might have certain directories that are locked down to a specific user.
But again, application level security is the key here. The reason it's a problem is because any application can access any file that the currently active user can access. Put in application level security, and problem dies.
If your code is acting bloated, and is running rather slow, it's likely and predicted that some loops you will unroll.
Hmmm... I have yet to see a virus/Trojan exploiting the updatedb/locate mechanism...
See my original post saying that desktop searching would open us up to more virus attacks....
http://shit.slashdot.org/article.pl?sid=04/12/14/1 530255
Malware is obviously going to happen within any new technology introduced, but I think by focusing on strictly malware giving the capabilities of this new technology is not what people should really worry about. This is why you should look at this from my viewpoint. Your infected by a new virus you have many options like using an antivirus software or as extreme as a reformat and reinstalling your OS. Now lets look further then malware... Know you can index your whole computer and maybe make it searchable for the world to see your personal files. One example to look at is a ad agency wants your personal information to customize advertisements to you because your more likely to purchase it than if they randomly throw the ads out to x number of people. Many other companies can use this to look up personal info they can not get their hand on like medical insurance company finds out you have a backup slip of your diagnoses of HIV (Your premium now increases). Use your imagination before you think this technology is a good thing as I have learned most of the time security and ease of use does not go together.
I love the smell of fresh FUD in the morning.
In other news, the new fangled global network dubbed the "Internet" will allow worms and viruses to spread at an alarming rate!