Offline Search?
Ben Scott
dragonhawk at gmail.com
Thu Jun 5 14:31:25 EDT 2008
On Thu, Jun 5, 2008 at 1:51 PM, Thomas Charron <twaffle at gmail.com> wrote:
>> The security analyst in me is compelled to point out that this (and
>> all other "portable apps") would be a gigantic malware compromise
>> vector.
>
> I don't believe he's talking about toting the app itself around,
> just the data files.
Well, if we assume the computer is offline (which we've been asked
to do)... and the software isn't on the drive... what good is having
the search engine data going to do? :)
> In reality, this is no different then what most people do with
> standard USB drives.
Yup. And they're a big security risk in that very way. Most
computer users have horrible security habits. Film at eleven.
> ... generally network attacks are exponentially more effective.
Certainly the spam botherders go more after drive-by downloads and
Trojan horses, since so many lusers are willing to run whatever a web
page or email tells them to. But there are traditional viruses and
hybrid worms out there, too, and they can "infect" the software on a
USB drive. Attackers don't stand still, and not all of them are going
after the low-hanging fruit these days. And even when the drives
themselves are clean, many people still expose themselves to
significant risk by using them on PCs that are already compromised.
You may be willing to take that risk. Indeed, many apparently are
willing to do so, or (more likely) are unaware of the risk they take.
I, however, am not so comfortable. Maybe I'm paranoid, but then, on
today's Internet, there really are people out to get you...
-- Ben
More information about the gnhlug-discuss
mailing list