While searching for an installer for Firefox, Word Tracker guru Claudiu Spulber discovered that Google had actually indexed the executable itself.

When he clicked the link in Google’s search results, the Firefox program immediately commenced installation. After further examination, Spulber concluded, “This is possible because a link to a normal website was redirected automatically to an executable file.”

He found that Google isn’t the only one. MSN and Yahoo index executables, too.

Websense techs wondered where an appropriate search might turn up executable malware:

Our results show that we were able to collect thousands of pieces of malicious binaries, mostly posted to newsgroups with false names that would normally trick a user, we found many on forum sites, as well as regular personal, educational, compromised, and underground sites. We also found several pieces of spyware on poker and casino sites. We found variants of the Bagel, and Mytob worms, various trojans, and many other malicious binaries.

And so, we find ourselves at another interesting intersection of Good and Evil.

Search engines can’t simply ignore executables, because most of us need to find them now and again.

Of course, they could scan binaries for viruses as they index. But a creep can always redirect a decent page later.

In any event, till they figure it out, search developers may want to post an unambiguous warning when they know a file is executable.

And you should avoid browsing, or even running your Windows computer, as Administrator. Malware can’t do Administrative-level damage, like disabling your firewall and installing executables, without Administrative-level rights. Unfortunately, most Windows users still run their local computers with Administrative privileges. Why? Convenience or lack of knowledge. Even people who know better don’t like flipping logins to do things.

That’s why Michael Howard, a Senior Security Program Manager in Microsoft’s Secure Engineering group, whipped up DropMyRights, his freebie utility. I reviewed it last year, and provided step-by-step installation instructions. DropMyRights works with most applications that interface with the Internet, including Firefox, Internet Explorer, Opera, Acrobat and most email clients.

As I said before, you will be vastly safer if you operate on a day-to-day basis as a non-administrator with restricted rights and privileges. Windows users often find this to be a major pain, preventing programs that should work from running, and blocking things they don’t want blocked.

That’s why Microsoft’s Aaron Margosis ginned up MakeMeAdmin. Aaron’s description:

When you run it, you get a Command Prompt running under your normal user account, but in a new logon session in which it is a member of the Administrators group. This Command Prompt and any programs started from it use your regular profile, authenticate as you on the network, but have full local admin privileges. All other programs continue to run with your regular, unprivileged account.

If you’re considering MakeMeAdmin, make sure you read the comments on Margosis’ blog. He provides lots of enrichment.

In the end, MakeMeAdmin requires more effort than DropMyRights, but adds significantly more protection. Like they say, security is inversely proportional to convenience.

On the fence? Why not install DropMyRights while you’re thinking about it?

You’ll make web searching a little bit safer all by yourself… without waiting for Google to save you.