Desktop search 'a likely target for malware'

Companies should not deploy a desktop search tool without first considering the security implications because they could end up helping virus writers, say security experts
Written by Munir Kotadia, Contributor

Desktop search tools, such as those recently announced by Google, Microsoft and Yahoo, are designed to make it easier for users to find information stored on their hard drives. However, security experts are warning that virus writers could use the new tools to make their malware more efficient.

Foad Fadaghi, senior industry analyst at Frost & Sullivan Australia, said that most viruses are designed to harvest email addresses and other personal information from an infected system. He warns that, because desktop search tools can index and categorise that information, virus writers are likely to start exploiting the technology.

"Desktop search products are very efficient at harvesting data, so it wouldn't be surprising if exploits are sought by malicious coders. Any software that can index and capture data on a users PC will be subject to virus and Trojan exploits. It is just a matter of time," said Fadaghi.

Neil Campbell, the national security manager of IT services company Dimension Data, said that any change in the desktop environment can create new security vulnerabilities, so when companies decide to adopt a new product they should look beyond the user benefits.

"It sounds like great technology but don't deploy it without considering the security implications. With any new product area there is a need to consider security," said Campbell.

According to Campbell, virus writers are unlikely to start targeting the new tools immediately -- but only because they are not common.

"It is not going to be in the virus writers best interest to target them immediately. I would expect the spread of a virus to be inhibited because of the low take up rate -– at least to start with," said Campbell.

Viruses have already used Internet search engines to harvest email addresses. In August, a MyDoom variant pumped so many queries into Google that the search engine was unavailable or very slow for large periods of time. The same variant of MyDoom also succeeded in knocking a number of smaller search engines -- including Lycos and Altavista -- off the Web completely.

At the time, Graham Cluley, senior technology consultant at antivirus firm Sophos, said he expected virus authors to continue manipulating search engine technologies.

"You don't have to be psychic to predict the release of more worms trying to scoop up email addresses from search engines. Unfortunately, we expect to see other worm authors trying similar tricks in the future," said Cluley.

Dimension Data’s Campbell said that if companies do choose to deploy desktop search tools, they should take extra care to ensure viruses do not get a chance to execute on the desktop.

"You need to consider these issues once the virus has infected your PC but more importantly companies should prevent the virus from executing. Make sure the PCs are up-to-date from a patch and antivirus perspective and loaded with a personal firewall," said Campbell.

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.

Editorial standards