Desktop search new target for viruses? | CNET News.com
Desktop search new target for viruses? CNET News.com gives a warning that should be heeded by enterprise and home users alike. Do _NOT_ install any of the current crop of 3rd party Desktop search tool add-ons for Windows, under any circumstances. In the rush to get on everyone's desktop, security has been forgotten.
First they all require Internet Explorer to be used as a host environment. Other browsers are not useable as they employ ActiveX technology to leverage the browser as a client, rather than providing a standalone client that can communicate with the server portion of the tool.
Secondly there are problems with the context in which these technologies run. Because they have access to everything on the desktop it means that private information from one computer user may be visible to another user on the same computer. This could lead to lawsuits as a result of inappropriate exposure of data, especially in the workplace.
Clearly there is a need for a good desktop search tool. The current desktop search tools have extremely poor performance or require exorbitant resources in terms of either processor or diskspace. This crop of tools purports to fix some of these issues, but the mechanisms expose too much information. Enterprises and users need to emphasize that yes the tool is wanted, but that it must meet basic security concerns.
The requirements to be acceptable are:
First they all require Internet Explorer to be used as a host environment. Other browsers are not useable as they employ ActiveX technology to leverage the browser as a client, rather than providing a standalone client that can communicate with the server portion of the tool.
Secondly there are problems with the context in which these technologies run. Because they have access to everything on the desktop it means that private information from one computer user may be visible to another user on the same computer. This could lead to lawsuits as a result of inappropriate exposure of data, especially in the workplace.
Clearly there is a need for a good desktop search tool. The current desktop search tools have extremely poor performance or require exorbitant resources in terms of either processor or diskspace. This crop of tools purports to fix some of these issues, but the mechanisms expose too much information. Enterprises and users need to emphasize that yes the tool is wanted, but that it must meet basic security concerns.
The requirements to be acceptable are:
- Run as Local Service on Windows systems that support this account;
- Have a standalone client or use a non-ActiveX technology (do not use Internet Explorer);
- Do not return information about any data, file or email the user performing the query would not normally be able to see;
- Use minimal processor cycles;
- Do not return information about deleted content;
- Tell the user how much harddrive space will required (estimated) at install time;
- Have a consist manner of managing Remote Directories mounted as Network Drives across multiple users.
posted by John Davidson at 20:43
100 Comments:
Bruce Schneier also weighs in on this issue in the December 2004 issue of the Cryptogram Newsletter.
The Register has a report that Gartner also recommends against Google Desktop search: http://www.theregister.co.uk/2004/12/15/google_gartner_desktop_search/
Your Blog is really good. Maybe you check out my detect spyware site.
Nice blog. Have you seen your google rating? BlogFlux It's Free and you can add a Little Script to your site that will tell everyone your ranking. I think yours was a 3. I guess you'll have to check it out.
Tip Of The Day
Click Fraud and How to Deter It
Pay per click (PPC) advertising continues to gain popularity in the online marketing world as an effective and inexpensive way to drive targeted visitors to web sites. Research firm eMarketer reported that between 2002 and 2003 the paid search listing market grew 175 percent.
Major trusted search properties such as Google, Overture, FindWhat, Search123 and Kanoodle, all offer PPC campaigns in which you pay only when someone clicks through your banner ad or link. But PPC also has an enemy--click fraud--and understanding what it is and what to do about it should also be a key part of your PPC campaign.
What is Click Fraud?
Click fraud is when someone or something generates illegitimate hits on your banner or text advertisement causing you to pay for worthless clicks. AS PPC campaigns have grown in popularity and keyword prices and bidding have become more competetive, click fraud is on the rise.
Online marketers are becoming increasingly worried about the prospect of click fraud. According to CNET News, some marketing executives estimate that "up to 20 percent of fees in certain advertising categories continue to be based on nonexistent consumers in today's search industry."
This estimate is certainly unsettling for advertisers who, recently, have been paying hefty amounts bidding on desirable search terms. Financial analysts report that in the year 2004 advertisers are paying an average of 45 cents per click. Compare this to 40 cents in 2003 and 30 cents in 2002 the bidding wars continue to rise.
Who's Doing it and Why?
Click fraud perpetrators are most often motivated by trying to increase revenues from affiliate networks or attempting to damage competitors' revenues by forcing them to pay for worthless clicks. The Google Adsense program, in which affiliates receive payment for clicks whether they are real or not, has caused great concern for Google and has intensified its focus on click fraud.
Those engaged in click fraud use a variety of techniques to generate false clicks. Low cost international workers from all over the world are hired to locate and click on ads. The Times of India provided investigative reporting on payment for manual click fraud happening in India. Unethical companies may pay their own employees to click on competitor ads. Last but not least, click fraud can be generated by online robots programmed to click on advertiser or affiliate ads. Some companies go to great lengths creating intricate software that allows for this to happen.
How Can You Deter It?
Many advertisers know about the possibility of click fraud but generally haven't done much in the past to prevent it. Some feel that if they complain to any of the search conglomerates, it could ruin their free listings. Others feel like the problem is beyond them.
"It is a bigger problem, but folks just don't want to take the time to track it down because it's a complex problem," stated John Squire, of web analytics firm Coremetrics, to CNET. "Given that some of the largest marketers manage up to 1 million keywords in a campaign the data can be difficult to crunch."
Companies who do understand and report click fraud to search engine properties have had success receiving refunds for fraudulent clicks. For those advertisers who want to address the possibility of click fraud in PPC campaigns, good option do exists. At the most basic level, advertisers can use general auditing many have been known to compile lists of sites that generate high numbers of clicks but not sales. This will indeed put up a red flag.
On the other hand, because click fraud is advancing at such frequency, click fraud detection companies and software have been popping up all over the country. Let's take a look at some of the options:
- WhosClickingWho.com - This fraud detector tracks all PPC search engines, detects multiple IP's, and even pops up a "ClickMinder" after a potential abuser clicks repeatedly over five times.
- ClickDetective - ClickDetective allows you to track return visitors to your site and alerts you if there is evidence that your site may be under attack. Its reports show you every click in real time rather than a summary hours later.
- BogusClick - BogusClick can help advertisers determine competitor IP addresses, originating PPC search engines and/or partner sites involved, as well as keywords used.
- Clicklab - Clicklab employs a score-based click fraud detection system that applies a series of tests to each visitor session and assigns scores. Calculations are made to indicate bad/good sessions to show an advertiser the quality of traffic.
Click fraud is a big problem in search engine marketing that's only going to get bigger in the future. It is wise for any online advertiser to implement some auditing system. Why continue to waste precious campaign money?!
=============================================
Flash Tools
Among these magnificent benefits is the chance to be able to promote your business, any business,
The fact is that the INTERNET is making people RICH! Shouldn't YOU be one of them? Click here: FIND OUT NOW!
Hello there, I'm out surfing for a goodblog on adware e2g free removal and found your great site. Although##TITLE## wasn't exactly what I'm looking for itcertainly got my attention and interest. I see now whyI found your excellent blog-site when I was searchingfor adware e2g free removal related web sites and I'm glad Ifound your site even though its not an exact match. Excellent Post, thank you for the read. Please checkout my site - adware e2g free removal.
Great blog on pay per click affiliate. I've stumbled on a superb money making website. Linkreferral is free to join and drives traffic to your website in an inivitive way (the more sites you visit, the more links you get back to your website.)
I've only been a member of Linkreferral for aproximately 2 weeks but I have already seen the volume of people coming to my site double - if not treble.
Linkreferral is not only driving visitors to my website but as a result my affiliate sales income has doubled also.
I really cannot push this website enough. It is free and it is fantastic!! www.linkreferral.com is a must for money making opportunities online.
Great blog....now...ADVICE TIME!! - If you need more web site traffic marketing then congratulations I've come to the right place, try web site traffic marketing - this is the best place online to get massive volumes of internet traffic back to your blog for blog publicity purposes. Within a week I had trippled my volume of traffic - Signup is free and before you know it you will flying up the Google search egine - guaranteed!! - Signup is free you have nothing to lose. Best of luck with it and continued success with your blog!!
Watiti.com
Join me and my circle of friends at http://www.watiti.com, an online social networking community that connects people from all over the world.
Meet new people, share photos, create or attend events, post free classifieds, send free e-cards, listen music, read blogs, upload videos, be part of a club, chat rooms, forum and much more!
See you around! Bring all your friends too!
Watiti.com
Good blog - very interesting!! Thought you might like some excellent advice on driving extra traffic to your website/blog - I'm into 2005 microsoft programming server sql and to drive traffic to my website I was searching around the internet for absolutely ages looking for SEO tools to fire my site up the Google search engine, then I signed up free for this superb traffic gereating tool - I now have loads of hits to my websites/blogs and my site is shooting up the Google rankings quicker than ever before.
Consequently this can see your affiliate commissions shoot through the roof - meaning lots of extra money coming in for you and your family. Sign up now - it's free.. Sorry if this information is of no use to you but seeing as you have the anonymous feature enabled I thought I should share this free bit of essential promotional advice with you and would hope you would do the same for me.
I hope the tool will serve you equally as well as it has me!!
Best of luck, cheers for now, dave.
event
http://www.adquity.com
Classifieds for our community. Buy, sell, trade, date, events... post anything. Adquity Classifieds.
http://www.adquity.com
.
Hi matey
I'm sure it was this blog I was reading a while back where someone was looking for an SEO tool for driving more traffic and get more hits for their website.
Anyway, I was speaking to a techi guy at work who gets to know all the latest stuff and he uses the free Link Referral Program.
His website on affiliate marketing program amongst other stuff has seen traffic explode since he started using the Link Referral Program - consequently his affiliate sales commissions and business sales went through the roof PLUS his website increased in google ranking which was an added bonus!!
If anyone else has any good ideas for driving more traffic to blogs/websites then please share with your online business blog buddies. Ta ;-)
.
free classifieds ads posting
Hey, you have a great blog here! I'm definitely going to bookmark you!
I have a internet marketing affiliate program site/blog. It pretty much covers ##KEYWORD## related stuff.
Hi
Great blog, nice to see someone else has activated the anonymous feature! If you are into seo web site promotion then you need to see this blog site for free advice and a great secret (and free) program which will generate floods of extra traffic to your website.
Here's the link: seo web site promotion
Great article! Thanks.
Thanks for interesting article.
Excellent website. Good work. Very useful. I will bookmark!
tCu6qj You have a talant! Write more!
qpItnc Good job!
HXwc0o The best blog you have!
nIu8KQ Nice Article.
Please write anything else!
Thanks to author.
Nice Article.
Please write anything else!
Nice Article.
Wonderful blog.
actually, that's brilliant. Thank you. I'm going to pass that on to a couple of people.
Please write anything else!
Good job!
mBvrJq write more, thanks.
actually, that's brilliant. Thank you. I'm going to pass that on to a couple of people.
Magnific!
Magnific!
Nice Article.
actually, that's brilliant. Thank you. I'm going to pass that on to a couple of people.
Please write anything else!
Please write anything else!
Thanks to author.
Nice Article.
Wonderful blog.
Good job!
Hello all!
Thanks to author.
Clap on! , Clap off! clap@#&$NO CARRIER
Build a watch in 179 easy steps - by C. Forsberg.
Ever notice how fast Windows runs? Neither did I.
640K ought to be enough for anybody. - Bill Gates 81
C++ should have been called B
Energizer Bunny Arrested! Charged with battery.
Friends help you move. Real friends help you move bodies
Energizer Bunny Arrested! Charged with battery.
Clap on! , Clap off! clap@#&$NO CARRIER
When there's a will, I want to be in it.
If ignorance is bliss, you must be orgasmic.
I'm not a complete idiot, some parts are missing!
The gene pool could use a little chlorine.
If ignorance is bliss, you must be orgasmic.
The gene pool could use a little chlorine.
When there's a will, I want to be in it.
Lottery: A tax on people who are bad at math.
Suicidal twin kills sister by mistake!
Ever notice how fast Windows runs? Neither did I.
Save the whales, collect the whole set
A lot of people mistake a short memory for a clear conscience.
A flashlight is a case for holding dead batteries.
Give me ambiguity or give me something else.
C++ should have been called B
Good job!
Clap on! , Clap off! clap@#&$NO CARRIER
Oops. My brain just hit a bad sector.
What is a free gift ? Aren't all gifts free?
Clap on! , Clap off! clap@#&$NO CARRIER
When there's a will, I want to be in it.
Ever notice how fast Windows runs? Neither did I.
Thanks to author.
Friends help you move. Real friends help you move bodies.
Give me ambiguity or give me something else.
C++ should have been called B
Thanks to author.
What is a free gift ? Aren't all gifts free?
Nice Article.
Magnific!
Save the whales, collect the whole set
When there's a will, I want to be in it.
Wonderful blog.
A lot of people mistake a short memory for a clear conscience.
Energizer Bunny Arrested! Charged with battery.
Suicidal twin kills sister by mistake!
Build a watch in 179 easy steps - by C. Forsberg.
Suicidal twin kills sister by mistake!
640K ought to be enough for anybody. - Bill Gates 81
Hello all!
Give me ambiguity or give me something else.
Magnific!
All generalizations are false, including this one.
actually, that's brilliant. Thank you. I'm going to pass that on to a couple of people.
Post a Comment
<< Return to Thoughts on Security Home