To hear Dan Wallach tell it, zealous Rice University students caused the flap over Google Desktop Search (GDS), the personal search tool which is currently in beta. As part of a final assignment in Wallach's computer security class, two students discovered GDS could reveal information on local hard drives to remote attackers. That flaw has since been corrected, but the students may have highlighted an issue that could bedevil corporate computer security for some time.
GDS is proving popular with end users, including those in enterprise environments. Analysts, though, don't feel the search tool is ready for corporate work.
"There isn't administrative control for the tool to manage what's happening with users and deployment," said Rita Knox, an analyst with Stamford, Conn.-based Gartner. Gartner discourages the use of GDS in enterprises. Google's official position is that GDS shouldn't be in broad corporate distribution. The company has promised improvements to address enterprise issues but there's no timetable for these developments.
Unfortunately, Knox acknowledged, simply forbidding the use of GDS and similar tools isn't likely to work. Anecdotally, she knows that enterprise users are installing GDS right now. It's a situation she likens to that of instant messaging, with IT departments scrambling to come up with answers while users embrace new technology.
Like Gartner, Framingham, Mass.-based IDC advised caution and predicts several years of turmoil before things shake out. Susan Feldman, research vice president for content technologies at IDC, noted that revealing results isn't the only way security can be breached. "Knowing what searches were being performed by an enterprise could also lead to some pretty good guesses about what was being worked on, and that could endanger the enterprise as well," she said.
In what may be a sign of problems to come, Rice's Wallach and his students discovered a flaw in GDS that allowed a third party to read search result summaries. Accomplishing this requires some cooperation from the end user, who must also have chosen to mingle local search results with those from the Web. Under those conditions, the attacker could capture 30 to 40 character snippets of local files. A clever attacker could even drive the search, uncovering such things as passwords or credit card numbers.
To its credit, Mountain View, Calif.-based Google fixed the problem by the time it was publicized last month. They did this by changing the way GDS inserts local search outcomes into overall search results. A Google spokesman asserted: "This vulnerability has been addressed for current and future users."
Wallach, an assistant professor of computer science, has looked at Google's solution and thinks the problem solved. Thanks to auto-update, the new software will be rolled out automatically. However, GDS is just the first of a wave of personal search tools. Software from Microsoft and others are in the offing, and these and the revamped GDS may offer new avenues of attack.
Wallach, who uncovered security flaws in electronic voting, the secure digital music initiative and Java, knows that attacks on the new search tools will come and may succeed due to an inherent advantage. "The builder has to get everything right," he said. "The attacker just has to find one thing that's wrong."