Slashdot Mirror

← Back to Stories (view on slashdot.org)

Desktop Search Tools Will Help Virus Writers

Posted by CmdrTaco on from the helping-the-hurters dept.

An anonymous reader writes "With desktop search tools all the rage, ZDNet is reporting that virus writers could take advantage of the technology to produce more efficient malware. "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst at Frost & Sullivan. "

44 of 140 comments (clear)

  1. Please.. don't shoot the messenger by Ckwop · · Score: 4, Informative

    Don't shoot the messenger. Desktop search is only exposing a weakness that is already there as it can only index stuff it has permission to index.

    As always, Schneier is particularly lucid on this issue, see his essay here

    Simon.

    1. Re:Please.. don't shoot the messenger by luvirini · · Score: 3, Insightful

      well the problem is that in some cases the inforamtion could be quite well protected by permissions on the PC, but a process running with system rights could access it and if it had a hole...

    2. Re:Please.. don't shoot the messenger by djeddiej · · Score: 2, Interesting

      I agree. One can also say that whenever a new software technology is developed, virus writers are open to explore the new technology and find ways to exploit it. Isn't that, after all, what virus writers do? Exploit the technology? Explore?

      --
      just a web application developer and instructor in Toronto, ON Canada
    3. Re:Please.. don't shoot the messenger by Eric+Giguere · · Score: 2, Insightful

      Your security is only as strong as the weakest link on the system. Forget the Google Desktop, if you have all your mail sitting around unencrypted on your hard disk, it doesn't take much to write code that finds and sniffs through it, no matter which email client you're using. (Makes me wonder what kind of security an email "librarian" like Zoe offers...) Again, the key is to do the right things to keep the malware out in the first place.

      Eric
      See your browser's HTTP headers here
    4. Re:Please.. don't shoot the messenger by cortana · · Score: 2

      And if you run the search indexer as root, then it's your own dumb fault if you get taken advantage of. :)

    5. Re:Please.. don't shoot the messenger by uptownguy · · Score: 5, Interesting

      Desktop search is only exposing a weakness that is already there as it can only index stuff it has permission to index.

      I understand that this is technically true -- but did you know Google Desktop Search can do some pretty nasty things -- things like indexing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops. Don't even get me started on cached copies of deleted files...

      Google Desktop Search is powerful -- and is only indexing what is already there, true, true, all true...but still -- when it gets easy enough that someone like me can quickly and easily poke around and look at things I'm not supposed to... well, that's scary.

      --


      I would have to say that explosives are the most abused technology in all of history.
    6. Re:Please.. don't shoot the messenger by Mr+Guy · · Score: 2, Interesting

      Rewritten:

      I understand that this is technically true -- but did you know Microsoft's security can leave some pretty nasty things -- things like cacheing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops. Don't even get me started on cached copies of deleted files...

      Microsoft's security model is pitiful -- and is only showing what is already there, true, true, all true...but still -- when it gets easy enough that someone like me can quickly and easily poke around and look at things I'm not supposed to... well, that's scary.

      --
      Never confuse volume with power.
    7. Re:Please.. don't shoot the messenger by BlueCodeWarrior · · Score: 3, Insightful

      But it's not you running the search indexer as root, it's the over-privledged process that the virus is executing.

    8. Re:Please.. don't shoot the messenger by MCraigW · · Score: 2, Interesting
      I use Google Desktop Search, and I tried this and I'm surprised that Google handles it that way. I have a passworded Word document that I accessed earlier today. I searched for a keyword that is in that file and Google Desktop Search found it, and I was able to view the cached file.... I wasn't able to view the "hidden text" in the document (I keep it hidden so it won't accidentally be printed).

      I haven't ever tried the MSN Toolbar Suite, which has the same purpose as the Google Desktop Search, so I don't know if it has this little feature.

    9. Re:Please.. don't shoot the messenger by That's+Unpossible! · · Score: 2, Insightful

      but did you know Google Desktop Search can do some pretty nasty things -- things like indexing all of the Word files on your computer? If one of them happens to be password protected, you click on the link and it asks for the password. But if you click on CACHED copy -- poof, there is the entire document, right there in your web browser. Whoops.

      Whoops is right. Sounds like MS Word password protection royally sucks.

      --
      Ironically, the word ironically is often used incorrectly.
    10. Re:Please.. don't shoot the messenger by cornjones · · Score: 2, Interesting

      If google can get at info in encyrpted word docs w/o the password, it sounds like there is unencrypted access to teh encrypted file through some sort of API. Does anybody know anything about this? I have a file that my brute force methods failed against and I have lost the password.

    11. Re:Please.. don't shoot the messenger by uptownguy · · Score: 2, Interesting

      I don't know anything about APIs or brute force attacks or whatever. I was a technical MANAGER but never an actual geek. (grins) But I can tell you that if you install GDS and let it index that file, you will be able to click on the cached copy of it and see it just fine.

      I emailed Google about this when I uninstalled GDS -- never heard back from them. Didn't expect to. Again, as other posters have pointed out -- this is a problem with MICROSOFT security, probably. I wasn't pointing fingers or laying blame -- I was just saying that the combination of the two is just a little too much for my laptop and my paranoia to handle. The fact is that there is now a tool out there that virus writers will be able to reverse engineer and do even more dangerous stuff. Get ready for a lot of late night phone calls!!!

      --


      I would have to say that explosives are the most abused technology in all of history.
  2. Sensationalism alert! dir/s aids malware writers! by garcia · · Score: 5, Insightful

    "It sounds like great technology but don't deploy it without considering the security implications. With any new product area there is a need to consider security," said Campbell.

    How about we not worry about userland programs being "insecure" when the real issue is that the malware was installed on the machine in the first place. Just because the desktop search features can index a large amount of personal data does not mean it's a security issue... The security issue is something entirely different and needs to be treated as such.

    Are we supposed to just suffer through computer-use because Microsoft and its users are lax about security so that life is easier?

    Dimension Data's Campbell said that if companies do choose to deploy desktop search tools, they should take extra care to ensure viruses do not get a chance to execute on the desktop.

    Companies like who? Microsoft right? Oh wait, we are supposed to just live with how shitty Windows is at userlevel security right?

    This article was a bunch of trash and really was speculation more than anything else. Move along, there's nothing to see here...

  3. Sure, George by gowen · · Score: 5, Funny
    "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst
    That's right. Who can forget the terrible slocate worm of 2002, that brought GNU/linux systems crashing to their knees.
    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    1. Re:Sure, George by kbnielsen · · Score: 2, Insightful

      > "Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said an analyst

      Hmmm... I thought that antivirus software is indexing and does capture data on a computer... Silly me... I now realize that antivirus software works by magic...

      /kbn

  4. Shhh! by romper · · Score: 2, Funny

    Don't give them any ideas! =)

    --
    Right is wrong when left is right.
  5. But remember the other side.... by Cougem · · Score: 2, Insightful

    While also increasing the ability for anti virus software to patrol and protect the computer, surely? Allowing more sweeps of the system to be performed, most often?

  6. efficient viruses? by k4_pacific · · Score: 5, Insightful

    "more efficient malware"

    Do virus writers really care that much about efficiency? It's not their PC that's gonna run the thing. They could just as easily make the thing continually grep for documents containing 16 digit Luhn-validated numbers and send them off someplace when they're found.

    --
    Unknown host pong.
    1. Re:efficient viruses? by miltimj · · Score: 4, Insightful

      Do virus writers really care that much about efficiency? It's not their PC that's gonna run the thing

      Except when the user's machine is cranking away at 100% CPU and/or hammering the hdd, they're going to wonder what's up, investigate, and terminate the process.

      (Yes, I know the average user won't, but they're more likely to inquire and report it to someone more knowledgeable).

      --
      "Truth is not decided by majority vote" consensus gentium -- Norman Geisler
    2. Re:efficient viruses? by jokumuu · · Score: 2, Insightful

      in short, yes virus writers care about efficiency. An efficient thing is more likely to be better in what it is designed to do. Say you want a computer to become member of a botnet, you would not want the users to normally notice anything wrong, decreasing the likelyhood of detection.

    3. Re:efficient viruses? by jellomizer · · Score: 4, Insightful

      The old viruses were very efficient they could be on your system for weeks without you noticing. Until that one program just seems to run a little slower then it should or you hear your floppy disk start processing when it shouldn't The more efficient a virus is the longer it will be there before someone realizes that something is wrong. Most virus out there dont want to distroy the computer just use it for its own goals.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    4. Re:efficient viruses? by drew · · Score: 4, Insightful

      actually, they will most likely decide that their computer is old and out of date and buy a new one.

      --
      If I don't put anything here, will anyone recognize me anymore?
  7. Taking Advantage by Nom+du+Keyboard · · Score: 5, Insightful
    virus writers could take advantage of the technology

    So tell me, is there any technology that virus writers can't take advantage of?

    And don't say Fire Walls. It wasn't so long ago that a well-known fire wall itself proved to be the vulnerable chink in the system.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    1. Re:Taking Advantage by jellomizer · · Score: 3, Interesting

      Sure the best time is durring a power failure. With the UPSs just powering the needed equiptment. Most of the monitors are off just the Computer And the network gear running on Solo. Cross Link your virus with the APC software when the power goes out you know no one will be looking so start up your virus take 100% of the CPU and do your thing.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  8. I'm sure that Microsoft will take the lead here... by kclittle · · Score: 2, Funny
    ...and prove the quoted analyst at Frost & Sullivan correct.

    --
    Generally, bash is superior to python in those environments where python is not installed.
  9. This just in! by guido1 · · Score: 4, Insightful

    Technology can be applied for either good or evil.

    Who'd have thunk?

    1. Re:This just in! by WIAKywbfatw · · Score: 2, Funny

      Yeah, And in other news just in, naysayers report that the invention of paper is a godsend to would-be anonymous blackmailers.

      --

      "Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
  10. Virus Source Code by totallygeek · · Score: 4, Informative
    For those interested, check out the Virus Source Code Database. As for the article, I don't think that making virus authoring easier is any concern. Why not make the software impervious to virus attack in the first place? I mean, the design of DOS, Windows, and now Windows XP does little to stop malware, viruses, trojans, spyware, etc.

    --
    Click here or here.
  11. Re:They'll never exploit MY desktop search tool by JaffaKREE · · Score: 4, Funny

    I have always found "grope" to be a much more effective and fun exploit. Whether you're in the office, or on-the-go, grope gets results !

  12. Hmm... by which+way+is+up · · Score: 4, Funny

    or maybe it will be easier to track down the malware since it will be indexed along with everything else?

  13. Inevitability by Tylerious · · Score: 2, Interesting

    No matter if people use the various desktop services or not, there's always going to be attacks from viruses and related stuff. I don't think people need to spread the virus scare any further than it is. What do you think virus senders want? Personal information, perhaps, but even more the attention. Why give it? Skipping out on helpful applications isn't the way to avoid these things. Nothing can replace an increased safety from people

  14. The #1 exploitation vector for virus writers... by Anonymous Coward · · Score: 5, Funny

    Filesystems!

    We must eliminate these horrors from operating systems or we will never be rid of all this nonsense. And after we get rid of filesystems, executables should be the next thing to go.

  15. Re:P2P+Desktop Search by cassidyc · · Score: 3, Interesting

    already happens, a misconfigured Kazaa will share your entire drive :)

    Try firing it up (or an adware light version) and looking for "inbox", then select any individual one and you can then search for all that persons shared files.

    Nosey, who me...?

    CJC

  16. Re:Remember by CrankyFool · · Score: 3, Informative

    So lets all agree for the moment that in the area of security (well, in most areas, really) Microsoft sucks.

    On the other hand, the fact they make no guarantees about suitability of their products is a red herring. I believe the OpenBSD people _do_ actually care about security. Have you seen the BSD license (under which OpenBSD is licensed)? It uses exactly the same verbiage.

  17. TerrorWorld by Doc+Ruby · · Score: 2, Insightful

    The terrorists have won. Any new power of people over our environment now spawns fear that another person will hijack it, and use it against us. "We have too much freedom, too much openness - we can't handle it".

    The hell with that. While that fear is multiplying across the world, the politicians charged with protecting us are exploiting and expanding it, while we give them more power without accountability: WHERE'S OSAMA? The corporations smell the money, and are switching their propaganda machines over to fearmongering, rather than fanning the flames of greed. As long as the actual threats are left to fester profitably, we'll suffer with the poison they ooze into our lives.

    We need to stop trusting these sources of FUD. When someone tosses more poison like this at you, challenge them - what are they doing about it? How are they standing up for their freedom, and yours? When they cop out with "it's not my job", "it's too hard", or "I don't know", just cut them out as a source. And get on your own way to protecting yourself and others. Not with innuendo that just makes the threat worse, but by installing firewalls on Windows, circulating anti-spam and anti-phishing warnings to your friends, and remaining calm. Our society is growing painfully through our dependence on our media. If we handle it well, we'll have qualified our traditional trust with verification. Otherwise, we won't have anything: freedom, peace, calm, or a civilization at all - just back to cowering in terror in caves.

    --

    --
    make install -not war

  18. Technology is E V I L!!!!! by debian4life · · Score: 2, Interesting

    Please stop innovating new software products. Don't you know they can be exploited.

    Always keep in mind that for everything you think it good, it is always twice as bad.

    If you don't believe me, just ask Internet tech writers and bloggers.

  19. Tools used for good and evil by TheEnigma · · Score: 5, Insightful

    Let me know when they invent the knife you can't cut a person with.

    Imagine having a job where you're paid big money to state the obvious. The dream of all useless people is to become an analyst.

    Undoubtedly someone will point out that one tool is more useful for nefarious deeds than another, but then how many people get killed by staplers? This is not news!

    --

    Stand back. I've got a brain and I'm not afraid to use it.

  20. so east to laugh by Lord+Floppy · · Score: 2, Interesting

    it is so true. Windows just sucks. Its not good for productivity at all. The code is a pure mess. If they want to be a worthwhile platform they might as well just rewrite the entire OS from the ground up.

    --
    Abandon all hope ye who enter here...
    1. Re:so east to laugh by eomnimedia · · Score: 2, Interesting

      Don't know why your post was marked as "Flamebait," L. Floppy.

      I totally agree with you. Windoze was a constant headache. Our office has switched to an all Mac OS X and/or Linux environment and we absolutely love it. It's cheaper, less maintenance, hardly any crashes (if any). We're not looking back. Windowz is a virus that we are more than happy to get rid of.

  21. Open Source means they can do it anyway by tezza · · Score: 2, Informative
    What's to stop them using something like Lucene in their payload anyway? This is a close match to what these desktop searches do.

    This is a completely useless article. Why blame the Desktop searches??? Once they're in, they have control. If a Sys Admin let the user have enough permissions to index the file with the vital data, surely that is the Sys Admin's fault.

    On UNIX the old adage was that once an intruder had a shell access to the box, you had to assume they could escalate their priveleges. This may not be possible in reality, but makes you focus on shoring up the ways in instead.

    --
    [% slash_sig_val.text %]
  22. My Foolproof Solution by severoon · · Score: 4, Funny

    My solution to this problem is iron-clad. I keep all my banking accounts empty and have nothing of value on my computer, or in life.

    --
    but have you considered the following argument: shut up.
    1. Re:My Foolproof Solution by garwain · · Score: 2, Interesting

      Same here, I have one SECURE system (linux on dialup) for my trading and other financial work. Anything that would hurt if it was hacked... Anything that makes little difference (ie. my checking account that's almost always in the negative) and day to day work I do from my workstation (which I regualarly check for viruses and spyware...) But if someone finds out any info on my day to day activities, it's not going to have a large impact on my life.

  23. Re:Sensationalism alert! dir/s aids malware writer by JimDabell · · Score: 2, Interesting

    How about we not worry about userland programs being "insecure" when the real issue is that the malware was installed on the machine in the first place.

    The problem is that these programs can be the method by which the malware gets on the machine.

    Example: Google Desktop Search contains a buffer overflow. You visit a malicious web page. Nothing happens. Later that day, when GDS is indexing your web browser cache, it processes the malicious page, and infects your system.

  24. Re:Sensationalism alert! dir/s aids malware writer by T-Ranger · · Score: 2, Insightful

    We dont need to worry about writing secure systems, becasue only bad people will attack us regardless of how secure the systems are.

    Right.

    Security is about layers. Every layer should be built with security in mind. Lets take a walk down memory lane...

    The Internet was initially a collection of sites who were all friends. Only "honourable" people had access, so security wasn't much of an issue. So things like the r* UNIX tools were created. Systems were not built with security in mind, because security was not a problem. As the internet becomes larget, with more access, security becomes more problematic. The Morris worm wasent even a directed attack, but an experiement gone bad. But directed attacks started to happen. Sendmail started its bug-of-the-month club. The Internet/Unix/C communities started thinking about security, and eventually things got better. (not perfect, but better).

    The Microsoft community (that is, MS reared programmers, not to mention (some of) MSFT itself) attitude is "how dare you attack our systems?! We dont need to worry about security, because the problem is with the attacker, not with us!" And things are bad. Exploits are discoverd and exploited by the bad guys as frequently as they are published on sites like bugtraq.

    Notice a pattern? Good.

    The problem here is blistfull ignorance. The Internet/Unix community of the 80s had a good excuse, nothing comparable came before them. The MS community does not. Security is Job #1. Unfortunatly, as you have proven, the pattern breaks down at the most important step "learn from your mistakes".