Slashdot Mirror

← Back to Stories (view on slashdot.org)

Desktop Search Tools Will Help Virus Writers

Posted by CmdrTaco on from the helping-the-hurters dept.

An anonymous reader writes "With desktop search tools all the rage, ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware. "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst at Frost & Sullivan. "

4 of 140 comments (clear)

  1. Please.. don't shoot the messenger by Ckwop · · Score: 4, Informative

    Don't shoot the messenger. Desktop search is only exposing a weakness that is already there as it can only index stuff it has permission to index.

    As always, Schneier is particularly lucid on this issue, see his essay here

    Simon.

  2. Virus Source Code by totallygeek · · Score: 4, Informative
    For those interested, check out the Virus Source Code Database. As for the article, I don't think that making virus authoring easier is any concern. Why not make the software impervious to virus attack in the first place? I mean, the design of DOS, Windows, and now Windows XP does little to stop malware, viruses, trojans, spyware, etc.

    --
    Click here or here.
  3. Re:Remember by CrankyFool · · Score: 3, Informative

    So lets all agree for the moment that in the area of security (well, in most areas, really) Microsoft sucks.

    On the other hand, the fact they make no guarantees about suitability of their products is a red herring. I believe the OpenBSD people _do_ actually care about security. Have you seen the BSD license (under which OpenBSD is licensed)? It uses exactly the same verbiage.

  4. Open Source means they can do it anyway by tezza · · Score: 2, Informative
    What's to stop them using something like Lucene in their payload anyway? This is a close match to what these desktop searches do.

    This is a completely useless article. Why blame the Desktop searches??? Once they're in, they have control. If a Sys Admin let the user have enough permissions to index the file with the vital data, surely that is the Sys Admin's fault.

    On UNIX the old adage was that once an intruder had a shell access to the box, you had to assume they could escalate their priveleges. This may not be possible in reality, but makes you focus on shoring up the ways in instead.

    --
    [% slash_sig_val.text %]