A Personal Blog
Desktop Search Security Response
As I’ve done several times in the past, here is my security response to the auditor. Nothing really surprising here, but I’m opening it up in case I’ve been a dumbass :)
This is edited, for our security.
Over the last 4-6 weeks, several high profile Desktop Search (DS) tools have been released. The most widely talked about is Google’s Desktop Search tool, though others from Microsoft, Yahoo and Ask! have also been released. These new releases are in addition to mature software from X1 and Copernic.
There are several broad security, as well as corporate, issues with DS software – as well as several security issues with the individual packages.
Desktop Software Issues
For any enterprise, by far the biggest issue is that DS software indexes what is on a computer, as well as what is being done by a computer, and only reports the data to the user. It doesn’t tell an administrator, department head or IT department. Ultimately, we believe that any internal indexing, data mining or reporting software which is investigating users computers should be in the hands of someone who is prepared to deal with any repercussions of what may be found.
Beyond that, several of the packages examine and report results based on what could be termed “sensitive” and “private” data, often without the context for how that data arrived on the hard drive. For example, Google’s Desktop Search (GDS) indexes the cache for whatever web browser is being used – and even searches encrypted pages such as online banking or secure patient service sites.
Most DS tools and suites are, in fact, without a proper mechanism to limit access based on policies (so that users cannot choose to expand the search criteria). This means that even if DS software was “locked down”, it would be easily un-fixed by a user to, once again, search anything and everything.
Overall Recommendation
Overall, the NT team for e-Health Services, Health Sciences Center’s recommendation is to strongly discourage the use of DS software at x. It puts too much power into a users hands to search too much data in an unrestricted and unmanaged fashion. Inherent security issues in several packages, and the propensity for the software to be abused only further our belief that now is not the time to be releasing DS packages into the wild.
If a large enterprise-class vendor were to produce a manageable solution which provided the substantial benefits to users, without the substantial security and privacy risks built into the current generation of tools, we would be more than happy to look at approving the installation of DS software.
For now, however, there are simply too many questions, concerns and issues to condone the use of Desktop Search packages at x.
Are DS’s a security issue? In my opinion, yes. Sure, if someone has physical access to your machine they can “do anything”. However these tools pose a set of problems unique to the ability to find sensitive information. The issue of policies, profiles, access limitations, etc is a whole other kettle of fish.
So, yes, anyone can do “anything” with physical access to your machine. As long as “anyone” is someone who knows how to do “anything”. From an auditing perspective, DS’s have loads of issues, which is where this is coming from.
Feel free to comment and tell me I’m smoking some cheap crack ;-)
About the author
| Print article | This entry was posted by Jeremy Wright on December 20, 2004 at 10:25 am, and is filed under Work. Follow any responses to this post through RSS 2.0. Both comments and pings are currently closed. |
Comments are closed.
about 7 years ago
Joe Wilcox of Microsoft Monitor has a post up today about desktop search security – http://www.microsoftmonitor.com/archives/005539.html
about 7 years ago
You’re smoking some cheap crack ;).
I can see where you’re coming from though. However, desktop search solves problems (where DID that document go?) for the very people you are advising not to use it. I get the feeling you’re going to have an uphill battle to fight in terms of not seeing this installed on PCs.
about 7 years ago
Jonathan: Yep, I’d seen that just before I posted this (and sent the email).
Vinnie: Security vs functionality is a balance we try and play. With this first version of the software, we’re confident in this decision. We’re hopeful, though that the core issues surrounding DS get solved so that we CAN widely deploy it!
about 7 years ago
If Google indexes encrypted pages, it means IE is already saving them to your hard drive. You already have a problem; DS is just showing it to you. To ignore this and continue on is like not locking your back door, and then saying you don’t have a back door.
Google’s issue is perhaps related to that the use a web server/browser interface? :S Desktop search shouldn’t be opening ports on your machine, duh. But that’s an implementation detail, not a fundamental issue with all DS engines.
If someone is on your computer, what’s to stop them from installing some search engine, and THEN searching?
I have a keylogger on my machine. I leave it off most of the time (it’s handy when someone (ISP) comes to configure equipment using my machine). I’m not worried about it being used against me, because A) I don’t let people on my machine, and B) If they are, they could go install a keylogger anyways. Having it on my hard drive is such a trivial benefit…