CNET News tries to spread some panic about desktop search technologies and misses the point completely:
Security experts are warning that virus writers could use new desktop search tools to make their malicious software more efficient.
Foad Fadaghi, senior industry analyst at Frost & Sullivan Australia, said that most viruses are designed to harvest e-mail addresses and other personal information from an infected system. He warned that because desktop search tools such as those recently announced by Google, Microsoft and Yahoo can index and categorize that information, virus writers are likely to start exploiting the technology.
“Desktop search products are very efficient at harvesting data, so it wouldn’t be surprising if exploits are sought by malicious coders. Any software that can index and capture data on a user’s PC will be subject to virus and Trojan exploits. It is just a matter of time,” Fadaghi said.
And how exactly would they do this? If you install an untrusted piece of software, someone else owns your PC. They can do anything they want, with or without the help of an indexing engine. (Oh, and by the way, Windows XP already has an indexing engine, and has since Day 1.)
The implication of this story is that you are somehow safer if you allow a virus or worm to be installed on your computer but don’t have desktop search software running.
Do you believe that? I didn’t think so.
Ed Bott 
Delivering security “advice” is hard work. Rick Samona on my team is working to pull together security guidance and tools for developers (http://blogs.msdn.com/johnmont/archive/2004/12/15/316222.aspx) and it turns out that it’s non-trivial to get agreement on what to do and how to phrase it.
That said, the CNet advice is a little lame.
Looks like the advice was good – just look at the reports of the probs with desktop search.
http://www.bpm-today.com/news/Google-Shuts-Hole-in-Desktop-Search/story.xhtml?story_id=122000E83IEE
http://www.infoworld.com/article/07/02/23/HNsecondgoogledesktopattack_1.html
http://www.theregister.co.uk/2004/12/20/google_desktop_flaw/
and the list goes on ….
talk to the big virus protection companies, they’ll tell you…
you were too quick to judge
this story was ahead of its time – AND NO I DONT WORK FOR CNET.
Ted, the problem here is not with Desktop Search but with the fact that Google ties its desktop search into the web browser. The two potential vulnerabilities you list (the first two links are actually news stories about the same bulletin) are both tied to the web browser, not to desktop search.
In both cases, the vulnerability allows an attacker to plant code on your system because of a vulnerability in the way the browser hooks are written. This has nothing to do with the original thesis of the article, which says that virus writers will start trying to steal your information using the index.