Slashdot Mirror
Desktop Search Tools Will Help Virus Writers
An anonymous reader writes "With desktop search tools all the rage, ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware. "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst at Frost & Sullivan. "
"It sounds like great technology but don't deploy it without considering the security implications. With any new product area there is a need to consider security," said Campbell.
How about we not worry about userland programs being "insecure" when the real issue is that the malware was installed on the machine in the first place. Just because the desktop search features can index a large amount of personal data does not mean it's a security issue... The security issue is something entirely different and needs to be treated as such.
Are we supposed to just suffer through computer-use because Microsoft and its users are lax about security so that life is easier?
Dimension Data's Campbell said that if companies do choose to deploy desktop search tools, they should take extra care to ensure viruses do not get a chance to execute on the desktop.
Companies like who? Microsoft right? Oh wait, we are supposed to just live with how shitty Windows is at userlevel security right?
This article was a bunch of trash and really was speculation more than anything else. Move along, there's nothing to see here...
While also increasing the ability for anti virus software to patrol and protect the computer, surely? Allowing more sweeps of the system to be performed, most often?
"more efficient malware"
Do virus writers really care that much about efficiency? It's not their PC that's gonna run the thing. They could just as easily make the thing continually grep for documents containing 16 digit Luhn-validated numbers and send them off someplace when they're found.
Unknown host pong.
So tell me, is there any technology that virus writers can't take advantage of?
And don't say Fire Walls. It wasn't so long ago that a well-known fire wall itself proved to be the vulnerable chink in the system.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Technology can be applied for either good or evil.
Who'd have thunk?
well the problem is that in some cases the inforamtion could be quite well protected by permissions on the PC, but a process running with system rights could access it and if it had a hole...
Your security is only as strong as the weakest link on the system. Forget the Google Desktop, if you have all your mail sitting around unencrypted on your hard disk, it doesn't take much to write code that finds and sniffs through it, no matter which email client you're using. (Makes me wonder what kind of security an email "librarian" like Zoe offers...) Again, the key is to do the right things to keep the malware out in the first place.
EricSee your browser's HTTP headers here
The terrorists have won. Any new power of people over our environment now spawns fear that another person will hijack it, and use it against us. "We have too much freedom, too much openness - we can't handle it".
The hell with that. While that fear is multiplying across the world, the politicians charged with protecting us are exploiting and expanding it, while we give them more power without accountability: WHERE'S OSAMA? The corporations smell the money, and are switching their propaganda machines over to fearmongering, rather than fanning the flames of greed. As long as the actual threats are left to fester profitably, we'll suffer with the poison they ooze into our lives.
We need to stop trusting these sources of FUD. When someone tosses more poison like this at you, challenge them - what are they doing about it? How are they standing up for their freedom, and yours? When they cop out with "it's not my job", "it's too hard", or "I don't know", just cut them out as a source. And get on your own way to protecting yourself and others. Not with innuendo that just makes the threat worse, but by installing firewalls on Windows, circulating anti-spam and anti-phishing warnings to your friends, and remaining calm. Our society is growing painfully through our dependence on our media. If we handle it well, we'll have qualified our traditional trust with verification. Otherwise, we won't have anything: freedom, peace, calm, or a civilization at all - just back to cowering in terror in caves.
--
make install -not war
> "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst
/kbn
Hmmm... I thought that antivirus software is indexing and does capture data on a computer... Silly me... I now realize that antivirus software works by magic...
Let me know when they invent the knife you can't cut a person with.
Imagine having a job where you're paid big money to state the obvious. The dream of all useless people is to become an analyst.
Undoubtedly someone will point out that one tool is more useful for nefarious deeds than another, but then how many people get killed by staplers? This is not news!
Stand back. I've got a brain and I'm not afraid to use it.
But it's not you running the search indexer as root, it's the over-privledged process that the virus is executing.
but did you know Google Desktop Search can do some pretty nasty things -- things like indexing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops.
Whoops is right. Sounds like MS Word password protection royally sucks.
Ironically, the word ironically is often used incorrectly.
We dont need to worry about writing secure systems, becasue only bad people will attack us regardless of how secure the systems are.
Right.
Security is about layers. Every layer should be built with security in mind. Lets take a walk down memory lane...
The Internet was initially a collection of sites who were all friends. Only "honourable" people had access, so security wasn't much of an issue. So things like the r* UNIX tools were created. Systems were not built with security in mind, because security was not a problem. As the internet becomes larget, with more access, security becomes more problematic. The Morris worm wasent even a directed attack, but an experiement gone bad. But directed attacks started to happen. Sendmail started its bug-of-the-month club. The Internet/Unix/C communities started thinking about security, and eventually things got better. (not perfect, but better).
The Microsoft community (that is, MS reared programmers, not to mention (some of) MSFT itself) attitude is "how dare you attack our systems?! We dont need to worry about security, because the problem is with the attacker, not with us!" And things are bad. Exploits are discoverd and exploited by the bad guys as frequently as they are published on sites like bugtraq.
Notice a pattern? Good.
The problem here is blistfull ignorance. The Internet/Unix community of the 80s had a good excuse, nothing comparable came before them. The MS community does not. Security is Job #1. Unfortunatly, as you have proven, the pattern breaks down at the most important step "learn from your mistakes".