Shocking flaw in Google desktop closed from attack

Alex Zaharov-Reutt
Wednesday, 21 February 2007 19:30

Business IT - Technology

Thanks to a security analysis company Watchfire Corp, Google have fixed a dangerous flaw in their popular Google Desktop Search software, stopping thieves from potentially mining the all the information it stores – but could this happen again?

If you use any brand of desktop search software, you know that it creates an index which stores a lot of information you ready for easy searching when you need it. It’s such a useful feature that similar search capability is built into Vista, with Windows XP owners able to choose from a range of search providers, including software from Microsoft, Copernic, Yahoo, Google and others.

If you’re not using desktop search software – you don’t know what you’re missing! It lets you search your computer at the same speed you can search the Internet with a search engine. Vista’s search doesn’t seem to be as fast I remember Google Desktop Search being on Windows XP, but it more than does the job to my satisfaction.

Now comes word that Google Desktop Search – one of the most popular search packages out there – was discovered by Watchfire to be vulnerable to a ‘cross-site scripting’ attack, as detailed in a story from the Associated Press.

According to that article, Watchfire discovered that a cross-site scripting attack could be used by an attacker to place malicious code on computers loaded with Google Desktop, with the PC able to be infected by a website, an infected email attachment, spyware or other means.

Concerningly, the article states that “From that instant, a hacker would have had free reign to use Google Desktop to search the victim's machine -- or multiple compromised machines at once -- and possibly to take full control of the computer, according to Watchfire.
Watchfire's founder and chief technical officer, Mike Weider, said the attack would have gone undetected by firewalls or antivirus software”.

Google was notified of the hole on January 4 and was notified that the hole was closed on February 1. That’s probably too long for the hole to have remained open, but as the vulnerability wasn’t made public, at least hordes of malware writers and other online criminals didn’t try to crack Google Desktop en masse.

While Watchfire believe that it may happen again, despite Google insisting they have added extra layers of protection to prevent this type of attack happening again in the future, the deviousness of tech-savvy online criminals is astounding, and will no doubt keep on hammering away, not only on Google Desktop, but on other search packages, along with operating systems and almost every other type of software and hardware – just as they do today.

Calls have now been made to Internet Security and anti-virus vendors to beef up the security of their software to be able to detect and protect against these attacks – even if a patch hasn’t yet been issued for the affected software.

That’s a call that Internet security companies say they’re heeding, with companies like TrustDefender www.trustdefender.com leading the fight against another online scourge, that of phishing and online pharming attacks. How do they do it? By making the computer a part of the overall security chain, proactively protecting computer systems instead of reactively issuing a patch every time something goes wrong.

Computer security software and hardware needs to work proactively to prevent online attacks from being successful. Doing that right is the next big challenge for the security industry – and they must not fail, or zero day attacks in the future will be an even more regular occurrence than it is becoming already, playing havoc with the online universe of the Internet that we all take so very much for granted today.