[ISN] Desktop Google Finds Holes
isn at c4i.org
Tue Nov 30 01:50:36 EST 2004
By Bruce Schneier
November 29, 2004
Google's desktop search software is so good that it exposes
vulnerabilities on your computer that you didn't know about.
Last month, Google released a beta version of its desktop search
software: Google Desktop Search. Install it on your Windows machine,
and it creates a searchable index of your data files, including word
processing files, spreadsheets, presentations, e-mail messages, cached
Web pages and chat sessions. It's a great idea. Windows' searching
capability has always been mediocre, and Google fixes the problem
There are some security issues, though. The problem is that GDS
indexes and finds documents that you may prefer not be found. For
example, GDS searches your browser's cache. This allows it to find old
Web pages you've visited, including online banking summaries, personal
messages sent from Web e-mail programs and password-protected personal
GDS can also retrieve encrypted files. No, it doesn't break the
encryption or save a copy of the key. However, it searches the Windows
cache, which can bypass some encryption programs entirely. And if you
install the program on a computer with multiple users, you can search
documents and Web pages for all users.
GDS isn't doing anything wrong; it's indexing and searching documents
just as it's supposed to. The vulnerabilities are due to the design of
Internet Explorer, Opera, Firefox, PGP and other programs.
First, Web browsers should not store SSL-encrypted pages or pages with
personal e-mail. If they do store them, they should at least ask the
Second, an encryption program that leaves copies of decrypted files in
the cache is poorly designed. Those files are there whether or not GDS
searches for them.
Third, GDS' ability to search files and Web pages of multiple users on
a computer received a lot of press when it was first discovered. This
is a complete nonissue. You have to be an administrator on the machine
to do this, which gives you access to everyone's files anyway.
Some people blame Google for these problems and suggest, wrongly, that
Google fix them. What if Google were to bow to public pressure and
modify GDS to avoid showing confidential information? The underlying
problems would remain: The private Web pages would still be in the
browser's cache; the encryption program would still be leaving copies
of the plain-text files in the operating system's cache; and the
administrator could still eavesdrop on anyone's computer to which he
or she has access. The only thing that would have changed is that
these vulnerabilities once again would be hidden from the average
In the end, this can only harm security.
GDS is very good at searching. It's so good that it exposes
vulnerabilities on your computer that you didn't know about. And now
that you know about them, pressure your software vendors to fix them.
Don't shoot the messenger.
Bruce Schneier is CTO of Counterpane Internet Security Inc.
More information about the ISN