Slashdot Mirror

← Back to Stories (view on slashdot.org)

Desktop Search Tools Will Help Virus Writers

Posted by CmdrTaco on from the helping-the-hurters dept.

An anonymous reader writes "With desktop search tools all the rage, ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware. "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst at Frost & Sullivan. "

14 of 140 comments (clear)

  1. Inevitability by Tylerious · · Score: 2, Interesting

    No matter if people use the various desktop services or not, there's always going to be attacks from viruses and related stuff. I don't think people need to spread the virus scare any further than it is. What do you think virus senders want? Personal information, perhaps, but even more the attention. Why give it? Skipping out on helpful applications isn't the way to avoid these things. Nothing can replace an increased safety from people

  2. Re:Please.. don't shoot the messenger by djeddiej · · Score: 2, Interesting

    I agree. One can also say that whenever a new software technology is developed, virus writers are open to explore the new technology and find ways to exploit it. Isn't that, after all, what virus writers do? Exploit the technology? Explore?

    --
    just a web application developer and instructor in Toronto, ON Canada
  3. Re:Taking Advantage by jellomizer · · Score: 3, Interesting

    Sure the best time is durring a power failure. With the UPSs just powering the needed equiptment. Most of the monitors are off just the Computer And the network gear running on Solo. Cross Link your virus with the APC software when the power goes out you know no one will be looking so start up your virus take 100% of the CPU and do your thing.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  4. Re:P2P+Desktop Search by cassidyc · · Score: 3, Interesting

    already happens, a misconfigured Kazaa will share your entire drive :)

    Try firing it up (or an adware light version) and looking for "inbox", then select any individual one and you can then search for all that persons shared files.

    Nosey, who me...?

    CJC

  5. Technology is E V I L!!!!! by debian4life · · Score: 2, Interesting

    Please stop innovating new software products. Don't you know they can be exploited.

    Always keep in mind that for everything you think it good, it is always twice as bad.

    If you don't believe me, just ask Internet tech writers and bloggers.

  6. so east to laugh by Lord+Floppy · · Score: 2, Interesting

    it is so true. Windows just sucks. Its not good for productivity at all. The code is a pure mess. If they want to be a worthwhile platform they might as well just rewrite the entire OS from the ground up.

    --
    Abandon all hope ye who enter here...
    1. Re:so east to laugh by eomnimedia · · Score: 2, Interesting

      Don't know why your post was marked as "Flamebait," L. Floppy.

      I totally agree with you. Windoze was a constant headache. Our office has switched to an all Mac OS X and/or Linux environment and we absolutely love it. It's cheaper, less maintenance, hardly any crashes (if any). We're not looking back. Windowz is a virus that we are more than happy to get rid of.

  7. Re:Please.. don't shoot the messenger by uptownguy · · Score: 5, Interesting

    Desktop search is only exposing a weakness that is already there as it can only index stuff it has permission to index.

    I understand that this is technically true -- but did you know Google Desktop Search can do some pretty nasty things -- things like indexing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops. Don't even get me started on cached copies of deleted files...

    Google Desktop Search is powerful -- and is only indexing what is already there, true, true, all true...but still -- when it gets easy enough that someone like me can quickly and easily poke around and look at things I'm not supposed to... well, that's scary.

    --


    I would have to say that explosives are the most abused technology in all of history.
  8. Re:Please.. don't shoot the messenger by Mr+Guy · · Score: 2, Interesting

    Rewritten:

    I understand that this is technically true -- but did you know Microsoft's security can leave some pretty nasty things -- things like cacheing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops. Don't even get me started on cached copies of deleted files...

    Microsoft's security model is pitiful -- and is only showing what is already there, true, true, all true...but still -- when it gets easy enough that someone like me can quickly and easily poke around and look at things I'm not supposed to... well, that's scary.

    --
    Never confuse volume with power.
  9. Re:Sensationalism alert! dir/s aids malware writer by JimDabell · · Score: 2, Interesting

    How about we not worry about userland programs being "insecure" when the real issue is that the malware was installed on the machine in the first place.

    The problem is that these programs can be the method by which the malware gets on the machine.

    Example: Google Desktop Search contains a buffer overflow. You visit a malicious web page. Nothing happens. Later that day, when GDS is indexing your web browser cache, it processes the malicious page, and infects your system.

  10. Re:Please.. don't shoot the messenger by MCraigW · · Score: 2, Interesting
    I use Google Desktop Search, and I tried this and I'm surprised that Google handles it that way. I have a passworded Word document that I accessed earlier today. I searched for a keyword that is in that file and Google Desktop Search found it, and I was able to view the cached file.... I wasn't able to view the "hidden text" in the document (I keep it hidden so it won't accidentally be printed).

    I haven't ever tried the MSN Toolbar Suite, which has the same purpose as the Google Desktop Search, so I don't know if it has this little feature.

  11. Re:Please.. don't shoot the messenger by cornjones · · Score: 2, Interesting

    If google can get at info in encyrpted word docs w/o the password, it sounds like there is unencrypted access to teh encrypted file through some sort of API. Does anybody know anything about this? I have a file that my brute force methods failed against and I have lost the password.

  12. Re:Please.. don't shoot the messenger by uptownguy · · Score: 2, Interesting

    I don't know anything about APIs or brute force attacks or whatever. I was a technical MANAGER but never an actual geek. (grins) But I can tell you that if you install GDS and let it index that file, you will be able to click on the cached copy of it and see it just fine.

    I emailed Google about this when I uninstalled GDS -- never heard back from them. Didn't expect to. Again, as other posters have pointed out -- this is a problem with MICROSOFT security, probably. I wasn't pointing fingers or laying blame -- I was just saying that the combination of the two is just a little too much for my laptop and my paranoia to handle. The fact is that there is now a tool out there that virus writers will be able to reverse engineer and do even more dangerous stuff. Get ready for a lot of late night phone calls!!!

    --


    I would have to say that explosives are the most abused technology in all of history.
  13. Re:My Foolproof Solution by garwain · · Score: 2, Interesting

    Same here, I have one SECURE system (linux on dialup) for my trading and other financial work. Anything that would hurt if it was hacked... Anything that makes little difference (ie. my checking account that's almost always in the negative) and day to day work I do from my workstation (which I regualarly check for viruses and spyware...) But if someone finds out any info on my day to day activities, it's not going to have a large impact on my life.