Google Desktop Search Under Fire 444
AchilleCB writes "Cnn and many other sources are jumping on the Google-privacy-bash bandwagon, they are carrying stories warning of more privacy implications regarding Google's Desktop Search, "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases." ... Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail."
Security Diversion (Score:5, Interesting)
So the actual problem is that public computers aren't secure? Google Desktop Search doesn't do anything more than what a halfway good script kiddies can do. I say that all public computers install the software and plug the permissions problem on the OS. If everyone can SEE the insecurity then the users will either
Choose one or proactively make a "none of the above choice" by doing something about it.
PS we almost freaking died out here - it's been an over an 1 1/2 since the last story.
Re:Security Diversion (Score:5, Insightful)
Re:Security Diversion (Score:3, Insightful)
That's why I don't like things like federal databases, or even cross-company commercial database integration.
Re:Security Diversion (Score:5, Insightful)
Your approach is all wrong. It DOES matter that your data is available; that _by definition_ transforms your data from "private" to "public". That's the end of your privacy with respect to that data. And you have yourself to blame. Don't use your credit card on a public computer.
-Billy
Re:Security Diversion (Score:5, Insightful)
If you go through my comment history, you'll find out all sorts of things about me. But will you? Probably not. It's not worth your time to sift through all the data.
However, with data analysis algorithms, you could have a computer tell you all you need to know about my posting habits, and possibly even find cyclical behaviors and suspicious gaps in my posting.
Add other users' histories into the mix, and you might think you've stumbled onto a conspiracy.
Re:Security Diversion (Score:3, Insightful)
How easy the information is to find doesn't matter, if it CAN be found at all. Ease is a matter of how much effort one is willing to invest.
-9mm-
Re:Security Diversion (Score:5, Interesting)
This points out a very severe recent problem, by the way. A judge recently decided that an airline's privacy policy didn't matter because "few people even read it, and most people don't care". If this is upheld, this sort of contract will become impossible to enforce, and privacy will become very hard to guard.
-Billy
Re:Security Diversion (Score:4, Funny)
Oh, come on. The only reason you don't like federal databases is because you owe the IRS $2,674.26 in back taxes and penalties from your 1999 taxes. And you never paid that parking ticket you got on 2nd Street in Cincinnati. Ohio on December 22, 2002. And there's that toll booth in Chicago you drove through without paying three times back in July. If you don't take care of your tickets, we might have to sieze the $3299 plasma TV you put on your Visa card on the 17th of last month (normally we'd threaten to put a lien on your house, but our records show that you moved into an apartment back in June).
Re:Security Diversion (Score:5, Insightful)
Re:Security Diversion (Score:3)
Re:Security Diversion (Score:2, Insightful)
Re:Security Diversion (Score:2)
You might be onto something.
Re:Security Diversion (Score:2)
No, but they wouldn't pirate [com.com] according to Steve Ballmer.
Price? (Score:5, Insightful)
Computers are now at $400 [microcenter.com] . When computers were $1500, people had no money for security, and they still don't.
Re:Security Diversion (Score:5, Insightful)
From what I understand, Google's desktop only caches what's already on the machine's hard drive. So all this "sensitive information" that it's finding is already there for those who know how to find it, and take the time to.
This is a wake up call for how much personal information is actually kept on our desktop machines.
Re:Security Diversion (Score:5, Insightful)
Re:Security Diversion (Score:5, Informative)
If it's in the HTML, you are talking about <meta> elements, and they are an unreliable substitution for proper HTTP headers.
More importantly though, the nocache directive still permits clients and proxies to store a copy of the resource in their cache, so long as the copy is revalidated before being used again. The directive that should be used for sensitive data is nostore.
Re:Security Diversion (Score:5, Insightful)
The clamor will be, at best, "Make Google stop!"
People who don't understand how things should be done are befuddled when confronted with the way they are done.
Re:Security Diversion (Score:5, Funny)
In todays society it's generally the inverse. People who do understand how things should be done are befuddled when confronted with the way they are done.
Re:Security Diversion (Score:5, Interesting)
But encryption is atypical as yet. And on a public terminal you aren't likely to be logging in as another user anyway, but rather as an unprivileged guest account. But then the harvesting and viewing could all happen without root/Administrator access.
Re:Security Diversion (Score:5, Interesting)
Re:Security Diversion (Score:5, Interesting)
Alternately, guest can make his own account with password really quickly, which will be destroyed with a month of inactivity. But that would be a frill.
Re:Security Diversion (Score:3, Informative)
Re:Security Diversion (Score:3, Interesting)
Re:Security Diversion (Score:5, Insightful)
1 - I didn't notice X before.
2 - I performed action Y.
3 - Now I notice X.
4 - Therefore Y must be the cause of X, regardless of what all those geeky pinhead types have to say about it. Don't they know the customer is always right?
The end result will be the google gets blamed for exposing what was there all along, an nobody is going to let facts get in the way of their own personal perceptions.
In Latin... (Score:5, Informative)
(Well, not "we". I don't actually speak Latin).
Re:Security Diversion (Score:3, Informative)
Re:what about "locked down" computers (Score:5, Insightful)
So how would one download the Googlebar?
This was discussed before! (Score:5, Insightful)
Re:This was discussed before! (Score:3, Informative)
Google archives information. You gave it information.
Re:Mod down that troll (Score:3, Insightful)
People need to be responsible for the own actions.
Re:Mod down that troll (Score:5, Insightful)
GDS runs as a system service and has access to everything.
Google got in bed with MS on this one as they only cache MS Office type docs.
GDS could easily cache file security attributes and filter accordingly based on the logged in user.
You'd all be having a fit if this happened on Linux.
Re:Mod down that troll (Score:5, Informative)
> cache MS Office type docs.
MSFT released filters allowing developers to get at the content of Office docs. Office is the prevalent productivity suite used. Why is GOOG in bed with MSFT?
> GDS runs as a system service and has access to
> everything.
No, there's an entry in HKEY_CURRENT_USER\...\CurrentVersion\Run that starts everything. That means it runs as the current user.
Re:Mod down that troll (Score:3, Informative)
As for your first point - you're trying to turn what I said into saying that Google has a business deal with MS to help MS take of the world. Google made a choice to use those formats, and made a choice to release it for one platform, and they forgot to address security properly on that platform.
Re:Mod down that troll (Score:5, Informative)
GoogleDesktop.exe
GoogleDesktopCrawl.exe
Goog
Each of them run as the current logged in user. Therefore, it can only search things that the current user has access to. The database that everything is stored into (the index) is user specific as well, stored in:
%systemdrive%\Documents and Settings\[username]\Local Settings\Application Data\Google\Google Desktop Search\
Other non-admin users do not have access to your index. Obviously, admin users will have access to all non-encrypted files on the machine, and the google desktop search doesn't change that.
Re:Mod down that troll (Score:3, Insightful)
Currently all software defines things that are private that are.
1) encrypted.
2) Access control handed over by the operating system.
Anything other then that is fair game. The problem isn't google. It is the software on a public machine or the user who doesn't know better.
Again? (Score:5, Informative)
Re:Again? (Score:3, Insightful)
Just because people have been warned, doesn't mean that they will take the advice. Many, if not most, actually will ignore the advice because it is a hassle. Stories like these hopefully wake people up a bit. Unfortunately, the blame is placed on google unfairly.
What I want to know... (Score:5, Insightful)
Seems to me focusing on the WRONG problem.
Re:Again? (Score:3, Insightful)
By that line of reasoning, we should get all pissy at Microsoft for including Windows Explorer with their OS. After all, Explorer makes it "lot easier to get and present it in a way that it can be easily understood."
And the Recycle Bin makes documents accessible "even if they are DELETED"!
Bottom line: y
and how is this googles problem? (Score:5, Insightful)
I've been using the desktop search for a week, and find it indispensible now. But, like any good, powerful tools, it can be misused, in a mis-configured enviornment.
Basically, just watch where you surf on a PUBLIC machine. duh.
Re:and how is this googles problem? (Score:4, Informative)
And clean your browser cache and history afterward. Where do you think it finds the info it returns?
Re:and how is this googles problem? (Score:2)
Re:and how is this googles problem? (Score:5, Informative)
And then the Google cache also. Which, on a public machine, you may or may not is there, and may not have access to.
Re:and how is this googles problem? (Score:5, Informative)
Right-click, select Preferences
Under Search Types, uncheck Web history and/or Include secure pages (HTTPS) in web history
Yet another "this is a benefit, not a design flaw" instance from Google. Why are people such idiots that this is a problem?
nevermind, I don't really want to know... it would just depress me.
Reasonable thing to comment on! (Score:5, Insightful)
Isn't it time that media start to put up opposition to services that compromise privacy in fundamental ways? I think this bandwagon is one that isn't so bad to have going on.
Google does great things, but without such opposition, they might not keep all issues in proper perspective. The things they mention are very important.
Re:Reasonable thing to comment on! (Score:2)
The problem is, though, that this isn't Google's fault. All they're really doing is drawing attention to a problem that previously existed anyway, and the media are now shooting the messenger.
Re:Reasonable thing to comment on! (Score:3, Insightful)
I agree with the replies to my comment. Google isn't doing anything worse than what is already available.
Does that mean that they should releaase a tool that has some serious privacy-invasion concerns?
The fact that they are hugely popular, and that people might otherwise never realize the inherent privacy risk is exactly why I think it's good that this extra attention is being paid to google.
... and yes, I think IE vulnerabilities are terrible. I think people should switch to more secure browsers. But
Re:Reasonable thing to comment on! (Score:2)
Re:Reasonable thing to comment on! (Score:2)
Yes, as long as they are commenting on the right services. For example, WHY are these machines setup in such a way as to allow this private information to be stored in the first place?
Google Desktop is the messenger.
Re:Reasonable thing to comment on! (Score:4, Insightful)
This is a stupid quote. Google doesn't even create the knife. The knife is already there in the cache, and if your library doesn't take care to delete it -- it is already accessible. You can already access that information by browsing through the directory structure, using an old cookie, going to your history tab, using the autocomplete feature, and probably a couple of other ways as well.
Google has done nothing to compromise your security or your privacy. Nothing. Even the guy who tries to defend Google doesn't seem to understand this point.
Oh come on (Score:5, Insightful)
Plus, why are these people have rights to install GDS on library computers? The libraries need to take notice by using a policy control to begin with.
Its a GOOGLE DESKTOP SEARCH tool. It says SEARCH in a screaming font. If that doesn't ring these people's bells, then they need to buy hi-fidelity headphones that are used by chronic deaf.
Blaming the kinfe company when the kid cut itself playing with the knife.
KeyLoggers anyone.. ? (Score:3, Insightful)
Notice people that write this software are the same group that use clippy to help them use Word and the same people that think anti-virus means complete security. Nuff Said!
This obvious fear mungering on the part of the media. Clueless as always.
Its a beta! (Score:3, Informative)
When you remove the obscurity... (Score:5, Insightful)
How is this really a concern? (Score:5, Insightful)
Maybe Google just needs to make the warning a bit more obvious, like a hug "WARNING: Google desktop allows you to search all files on this computer" or something.
-jason
Not to be the bearewr of bad news but... (Score:2, Insightful)
Kill the messenger. (Score:4, Insightful)
Re:Kill the messenger. (Score:4, Insightful)
Google just made it easier (Score:2, Informative)
Eric
Read a bit of Vioxx humor [ericgiguere.com]
Lurking privacy concern (Score:2, Insightful)
What really gets me is the Slashdot response. If Microsoft had released similar search feature, it would be one more na
Re:Lurking privacy concern (Score:5, Funny)
Re:Lurking privacy concern (Score:2)
Re:Lurking privacy concern (Score:3, Insightful)
Microsoft has released a similar feature. You've been able to find files by a string in the contents for a long time now. Not only is it not "a nail in the coffin of poor security", it is completely unnoticed in this entire fracas. Yes, the implementation sucks (and it seems like I've never gotten it to work right in XP), but it is there and I am yet to
Re:Lurking privacy concern (Score:3, Insightful)
If Microsoft had produced this search feature, it would probably be integrated into Windows, turned on by default, and difficult to disable. If Microsoft produced something like this, where you would go to msn.com and download the MSN Desktop Search Wizard which sits noticably in your system tray and can easily be disabled/uninstalled, I doubt there wo
Actually, this is the opposite (Score:2)
Public Computers? (Score:4, Insightful)
library users? (Score:5, Funny)
The point is well taken, but.... (Score:2)
That said...
Can anyone think of why the Desktop Search app would be installed on a library public terminal or internet cafe
Intent (Score:4, Insightful)
In favor of google: I do think they had the intent on creating a usefull tool.
In favor of google: As far as I know, all the information that their desktop search tool exposes can be found in simular ways using a veriety of tools including MS windows own 'find-in-files' search options. In other words, their desktop search tool doesn't go out and break user-protected barriers.
Against Google: Just because your intent is honerable doesn't mean you can ignore privacy concerns.
Against the media (CNN, et.al): No integrity to be found for a while now! Just plain bashing, advertising, manipulating, money-making propaganda.
my $0.02
Re:Intent (Score:3, Insightful)
This is silly (Score:5, Insightful)
Also, who would be sending private emails or requestion passwords via a public terminal and not know that this info could be seen after weither the Google utility is installed or not.
I'm called Overhype on this.
how is it... (Score:2, Offtopic)
Don't forget 911 (Score:3, Funny)
The Google engine should be required under The Patriot Act to forward everything that it finds on every public computer to Homeland Security at connectthedots.gov
Defensive measures such as logout and flushing the cache are acts of terrorism.
I dont care about public computers... (Score:2)
However, I would like to have complete access/understanding to what data the GDS sends back to the mothership. I unchecked that little box but when I search for something on google.com it brings the results from the local search as well so there is lots of data sent up.
The risk are already there... (Score:4, Insightful)
The point is that all the libraries I've been into don't allow you to do any of those things, otherwise they would already be infested with spyware and trojans, and I doubt that those same libraries would be stupid enough to install this google desktop search without knowing what it does. And it's the same with Kinkos, Kinkos actually allows you to install some stuff on there, but they reimage the drive every time a new user goes on there (but unlike what the story seems to suggest, Kinko has been doing this for years -- long before Google even became an household name).
This is a non-issue. This is just a newspaper troll who's taken the issue of the day and combined it with the hottest brand of the day, nothing more.
Hypocrites. If MS did this... (Score:2)
But it's Google, therefore, they couldn't POSSIBLY do any wrong, huh?
When this was first posted a few days ago, someone actually made the comment, "What do I care if it bypasses security? I'm the only one in my house using the computer." Yeah, great thinking there.
Yet the same guy would say, if this was Microsoft, "No wonder their shit sucks, they totally bypass all permissions!"
Weee little hypocrites.
Start | Search | For Files Or Folders (Score:2, Insightful)
Re:Start | Search | For Files Or Folders (Score:3, Informative)
Well, Windows search would take about 35 minutes to return results. (Get to watch the search dog, or paperclip, tho!)
GDS - about a tenth of a second.
People suck.
Not Google's fault, but the PC admins... (Score:5, Insightful)
Anyway, as for being installed on public PC's, the problem is not Google's, but those who permit the application to be installed on a public PC in the first place. Any PC administrator who permits user-installable applications in a public environment is asking for problems, headaches, and potential litigation.
Let's just hope this news doesn't get spun wrong and opens people's eyes to security...
I ran into this problem (Score:2)
On my home machine my wife and I have different accounts, but in general I've only locked down file system access by making files read-only. So I guess you could say that this is not a problem with GDS, but with my security settings. I could have read her emails
New killer app needed for public computers? (Score:3, Interesting)
But travellers that don't have laptops, travellers who've lost their laptops, and people who don't own computers, are going to find internet access more and more essential as time goes by.
It would be good if there were some way to have secure public terminals, that people could get onto the internet and be reasonably assured that their access is private.
I realize that iron-clad security isn't possible, but if it could rise to at least the security of ATMs (I say this knowing that ATMs have vulnerabilities) then I think the internet would be a better public resource.
Ultimately doesn't this come down to how MS works (Score:3, Interesting)
Google Desktop is doing exactly what it's programmed to do. The insecurity is in the way Windows has no seperation between users.
If there was a Google desktop for linux it would only be indexing the logged in users information and it would be readable/seachable only by that user (and root of course).
I understand the concern and I would say that google desktop doesn't belong on public terminals. I mean is there any situation where public terminals should have files to be searched on them anyway?
Re:Ultimately doesn't this come down to how MS wor (Score:3, Insightful)
Windows is moving that direction but files aren't protected between users in any way.
That's a bunch of BS. Profile directories have permissions set so that only that user, Administrators, and the system (SYSTEM account = OS) can read it. This is by default, without any user intervention. User-specific data includes user documents, the HKEY_CURRENT_USER registry tree, and Internet cache among other things.
What I'm assuming is happening with Google Desktop is that it's running as a service when indexing,
Complaining about the insecurities of GDS... (Score:3, Insightful)
...is like complaining about General Electric's light bulbs when they show you the termites which are eating your house from the foundation up.
Google Desktop Search is highlighting problems in Windows' Security, which is that there is none. This is good for Google in the long run on two fronts. It puts Microsoft on the defensive, as this is another issue that Microsoft will ultimately need to solve in security ahead of implementing new features. This gives Google the time to go on the offensive implementing new products for customers that are technically excellent and do not have the cooked in problems of Microsoft Software.
Google Desktop Spam finder (Score:5, Interesting)
Re: (Score:2)
that's what SSL is for (Score:2)
If Google search is finding things that are already stored on the hard drive, you can't blame Google search. Depending on evil people not finding things that are right there for them to see is security through obscurity.
Any web sites containing sensitive information should use SSL, which is not cached anywhere. SSL is free and widely supported. There is no excuse not to use it.
Stupid Humans (Score:5, Insightful)
Ok, you guys are amazing. Let's put this into context. Microsoft comes out with this great tool called ActiveX. It allows all kinds of wonderful things to happen, especially rich content in emails. Uh-oh, someone finds out that this technology is a great way to F around with folks' email since it's so integrated in Outlook (just using Outlook as an example, won't even go there with Windows). Bad, M$, no bone. Nevermind the users who don't know to simply turn off active scripting, they're not the problem - it's Microsoft - since software manufacturers should understand that all users are dumb. Enter Google. All data that's currently on the PC is presented in a highly searchable manner, even to people who have no idea about privacy issues involving electronic data. Stupid users, you shouldn't put such data there, don't you know how every application you've ever used persists data? It's obviously not Google's fault you're so stupid.
Allow me to describe for you living-in-yo-mamas-basement geeks how 6 billion people operate:
The average user has no idea of the security implications of simply going to a public computer and using the facilities provided for them.
If they've ever bought a computer before, they did not buy it from a store with a sales rep that gave them a book listing out every privacy/security vulnerability in the OS installed on it, and if they did they didn't read it. They may have never even talked to anyone knowledgeable about it.
Average users don't have conversations with geeks, sitting around talking about why M$ fscking sucks today and how 3l337 they are or how they 0wn3d U or whatever the hell they say. Average users have conversations with other average users about sports and knitting.
It is doubtful the user has a college degree in computer science, engineering, or even went to a technical school.
Not every kiddie is a script kiddie. I would venture to say most kids who use a library aren't script kiddies - script kiddies have computers at home. If you don't believe me, go to any public library with computers in south Atlanta and ask if their parents own a computer.
In a perfect world, it would be awesome if everyone understood the problems with computer privacy, but we have to deal with all those fucking ignorant lusers who don't read slashdot every hour. If Google doesn't understand this, rest assured they will be hounded by privacy counsils until they learn.
Ok, off do to some google credit card searches ;)
Privacy vs Functionality (Score:3, Insightful)
In this case you are sacrificing 'privacy' (if you want to call having information hidden away in some part of the file system that most users don't know about privacy) for the ability to quickly find things. If you think that is a worth sacrifice, by all means install the program. Otherwise, keep it off your computer.
As far as public computers go, well you shouldn't be accessing sensitive data on a public computer in the first place! Its easy to tell if google's desktop search thing is running, its not so easy to tell if someone installed a virus that is recording your every keystroke.
If you let people install things on public PCs... (Score:3, Insightful)
At the very least, you will end up reinstalling Windows every week as the system drowns in a mire of spyware and viruses.
In addition, why would anyone on a public PC want to install this? They'd only do it to look at other people's files. And if they want to do that, then why not go the whole hog and install a keystroke logger instead? Why bother looking through the windows when you can steal the keys?
Nothing to see here, move along...
Privacy Issues at Libraries (Score:4, Insightful)
Although I don't care for the desktop search utility,
it's hardly a valid complaint for privacy at a public
facility. It just means the average Joe can now find what most
with any limited knowledge of Windows can already see.
This is hardly worthy of news. It should be titled "Using Public Computers
Leaves Users Open."
How to not have to worry about this at all (Score:3, Informative)
Download and install their free program.
Then feel free to install the Google Desktop Search. Although the program tried to access the Internet, Zonealarm blocked it. Presto chango, problem solved and now I have an awesome desktop search on my computer which cannot spy on me.
Enough with the Google Love-fest on /. (Score:3, Insightful)
I am truly sick and tired of all those comments that get moderated as high whenever there's a google story and all seemingly are defensive of google regardless of what.
Let's face it. Google's practices towards privacy have been far from holy and way too intrusive. In fact, they've had an AWFUL record by any objective account. This invitation-only model of builcing up demand for their services as in orkut and gmail is ludicrous; it's such a cheap trick, the scarcity principle, and I can't believe how stuipdly the masses are falling for it, that once they get an orkut or gmail account they'll willingly do anything. Have you filled up an orkut form? pages and pages of information collected, NEVER seen anyone online who wants so much information about someone. The privacy conerns about gmail are also legitimate. It doesn't require you to tell them your life story by filling forms before you can use the service but who needs that when they got your email and can and do scan them. This whole beta excuse is pure BS; Google News has been beta for 3 years now! I have downloaded Google desktop search, but decided not to install it seeing how I already had software solutions that did more and better and without the privacy compromises I would have to make.
Dare anyone mod me down as troll or flamebait on this post and it'd be so much evidence of how sucked up into it many of you are.
Google DTS: Towards a Security Analysis (Score:4, Insightful)
1) The current tool runs with Administrator permissions.
This is simply a tiny technical oddity that Google will soon be able to fix.
2) The current tool indexes cache content.
We users don't want that. Even if the fact that it merely exposes underlying OS or app security flaws (by virtue of the power of indexing), it's not likely to impress users if Google brings these things up as search results.
This can be easily fixed by excluding cached content from indexing.
3) Search might move in a direction where global repositories and Web content are accessed using the same query.
This is tough: because it's such a useful feature, many people will want to have it. However, by submitting all your local searches in parallel also to a global search engine that maintains knowledge about your IP and a cookie, Google will soon more about you than your next to kin. This needs a theoretical solution (most likely there needs to be an intermediate layer of anonymization, like Freenet has it).
4) Google might be transferring "interesting" local content they find to their site to spy on you.
I don't believe they do this now, but that doesn't matter. The problem is they might in the future: imagine a fictional country passed a law that allowed their agents to get access to Google's infrastructure to fight a made-up enemy.... Right now, you have to TRUST them, but nobody monitors this in a principled way, so there should be a well-found mechanism in place to render potential temptations meaningless. Freedom is at stake here.
5) Even if you index only your own account, you don't want to see everything all the time. When you're being watched by your nine-year old boy, a search for mum shouldn't perhaps bring up and email revealing somebody close to him will probably die from cancer within 6 months. There are more examples.
This is tough, and it's a conceptual HCI issue, and a social one, not a technical security flaw. One solution could be to introduce a MODE to indicate the privacy/trust level of your context/environment, e.g. "I'm working alone at home", "I'm working in a group of colleagues in my company", "I'm on a public terminal in a busy shopping mall" (some people access their home machines remotely). The problem is somewhat related to watching other people type their passwords: it's always been part of hacker etiquette to look away when somebody logs on to a machine rather than stare on their fingers and take pencil notes. But the search issue is more complex, and there really needs to be a mechanism in place, not a social norm.
In summary, the Google desktop search tool is useful, because it forces us to re-think security and privacy as boundaries between local and global systems are blurred. After all, the network is the computer.
--
Try Nuggets [mynuggets.net], our mobile search engine. Ask questions in plain English via SMS, across the UK.
Is this a joke? (Score:3, Insightful)
Besides, these problems are easily countered through one of many methods (some of which are exclusive with some other options):
1. Regular security audits (e.g. after the library or cafe closes.) You may need specialized software to automate the process, but you should at the very least be checking the computers to see if they are okay.
2. User account restrictions. In most cases, security breaches occurr because the user somehow got hold of local administrator prvilages - this should be prevented when possible.
3. Public monitering. You generally want most computers within public view. For the computers that have a privacy screen, you should give a priority audit. While this doesn't preevnt intrusions, it does deter some and otherwise make things easier to detect by a random bystander.
4. Hard drive images. If a machine is suspected to be compromized, restore it from an image.
5. DeepFreeze. Pressing the reset button restores the computer to a usable state. You can even give users permission to install software without worries either under this option (but be careful not to give permissions to change user accounts or configure the network.)
The sky is not falling. As long as Chicken Little doesn't create enough panic to get all the barnyard animals to the fox's den, we are safe.
Re:Web-mail need not apply (Score:5, Informative)
Re:Web-mail need not apply (Score:2)
Re:Web-mail need not apply (Score:2, Redundant)
Re:Web-mail need not apply (Score:3, Informative)
Hmm, interesting. I just edited the URL to use https, and sure enough, it is running in SSL. Even though it uses SSL for login in both cases, it will display mail in whatever mode you started the connection with. It appears that it is up to user - good to know and I stand corrected.
-Em