Tuesday, November 30, 2004

Google desktop search security

Bruce Schneier responds to some of the hype ([1] [2] [3]) over so-called security flaws in Google Desktop Search:
    Google's desktop search software is so good that it exposes vulnerabilities on your computer that you didn't know about.

    Some people blame Google for these problems and suggest, wrongly, that Google fix them. What if Google were to bow to public pressure and modify GDS to avoid showing confidential information? The underlying problems would remain: The private Web pages would still be in the browser's cache; the encryption program would still be leaving copies of the plain-text files in the operating system's cache; and the administrator could still eavesdrop on anyone's computer to which he or she has access. The only thing that would have changed is that these vulnerabilities once again would be hidden from the average computer user.

    GDS is very good at searching. It's so good that it exposes vulnerabilities on your computer that you didn't know about. And now that you know about them, pressure your software vendors to fix them. Don't shoot the messenger.
Exactly right. These security issues exist whether you have Google Desktop Search installed or not.

No comments: