Comments on: Desktop Search Security Response http://www.ensight.org/2004/12/desktop-search-security-response/ A Personal Blog Mon, 07 May 2012 18:40:32 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Michael Giagnocavo http://www.ensight.org/2004/12/desktop-search-security-response/#comment-4670 Michael Giagnocavo Tue, 21 Dec 2004 17:43:58 +0000 /?p=1644#comment-4670 If Google indexes encrypted pages, it means IE is already saving them to your hard drive. You already have a problem; DS is just showing it to you. To ignore this and continue on is like not locking your back door, and then saying you don't have a back door. Google's issue is perhaps related to that the use a web server/browser interface? :S Desktop search shouldn't be opening ports on your machine, duh. But that's an implementation detail, not a fundamental issue with all DS engines. If someone is on your computer, what's to stop them from installing some search engine, and THEN searching? I have a keylogger on my machine. I leave it off most of the time (it's handy when someone (ISP) comes to configure equipment using my machine). I'm not worried about it being used against me, because A) I don't let people on my machine, and B) If they are, they could go install a keylogger anyways. Having it on my hard drive is such a trivial benefit... If Google indexes encrypted pages, it means IE is already saving them to your hard drive. You already have a problem; DS is just showing it to you. To ignore this and continue on is like not locking your back door, and then saying you don’t have a back door.

Google’s issue is perhaps related to that the use a web server/browser interface? :S Desktop search shouldn’t be opening ports on your machine, duh. But that’s an implementation detail, not a fundamental issue with all DS engines.

If someone is on your computer, what’s to stop them from installing some search engine, and THEN searching?

I have a keylogger on my machine. I leave it off most of the time (it’s handy when someone (ISP) comes to configure equipment using my machine). I’m not worried about it being used against me, because A) I don’t let people on my machine, and B) If they are, they could go install a keylogger anyways. Having it on my hard drive is such a trivial benefit…

]]> By: Jeremy C. Wright http://www.ensight.org/2004/12/desktop-search-security-response/#comment-4669 Jeremy C. Wright Mon, 20 Dec 2004 18:11:39 +0000 /?p=1644#comment-4669 Jonathan: Yep, I'd seen that just before I posted this (and sent the email). Vinnie: Security vs functionality is a balance we try and play. With this first version of the software, we're confident in this decision. We're hopeful, though that the core issues surrounding DS get solved so that we CAN widely deploy it! Jonathan: Yep, I’d seen that just before I posted this (and sent the email).

Vinnie: Security vs functionality is a balance we try and play. With this first version of the software, we’re confident in this decision. We’re hopeful, though that the core issues surrounding DS get solved so that we CAN widely deploy it!

]]> By: Vinnie Garcia http://www.ensight.org/2004/12/desktop-search-security-response/#comment-4668 Vinnie Garcia Mon, 20 Dec 2004 17:57:58 +0000 /?p=1644#comment-4668 You're smoking some cheap crack ;). I can see where you're coming from though. However, desktop search solves problems (where DID that document go?) for the very people you are advising not to use it. I get the feeling you're going to have an uphill battle to fight in terms of not seeing this installed on PCs. You’re smoking some cheap crack ;).

I can see where you’re coming from though. However, desktop search solves problems (where DID that document go?) for the very people you are advising not to use it. I get the feeling you’re going to have an uphill battle to fight in terms of not seeing this installed on PCs.

]]> By: Jonathan Hardwick [MSFT] http://www.ensight.org/2004/12/desktop-search-security-response/#comment-4667 Jonathan Hardwick [MSFT] Mon, 20 Dec 2004 17:26:00 +0000 /?p=1644#comment-4667 Joe Wilcox of Microsoft Monitor has a post up today about desktop search security - http://www.microsoftmonitor.com/archives/005539.html Joe Wilcox of Microsoft Monitor has a post up today about desktop search security – http://www.microsoftmonitor.com/archives/005539.html

]]> By: Ensight - Jeremy C. Wright » The Whole Story (… or as much as I know anyways) http://www.ensight.org/2004/12/desktop-search-security-response/#comment-4671 Ensight - Jeremy C. Wright » The Whole Story (… or as much as I know anyways) Wed, 30 Nov -0001 00:00:00 +0000 /?p=1644#comment-4671 [...] nd that might fall into that category were two security responses to our auditor (here and <a href="http://www.ensight.org/archives/2004/12/20/desktop-search-security-response/" rel="nofollow">here</a>). I had approval for the first one. I inferred it for the sec [...] [...] nd that might fall into that category were two security responses to our auditor (here and here). I had approval for the first one. I inferred it for the sec [...]

]]>