Microsoft has gotten a fair amount of justified criticism for the myriad Windows and Internet Explorer vulnerabilities. But now the darling of the tech world, Google, is starting to take some heat as well.
The Google Desktop search tool, it was revealed soon after its release, could be used to ferret out secret information about someone who uses a public computer, including reading his private email. That’s because it indexes all Web pages visited by Internet Explorer, including secure Web sites. So if you visit a site like Hotmail on a public computer and read your private mail, other people who use Google Desktop on the same PC will be able to read your mail, unless certain settings are tweaked.
That was a relatively minor problem, and easily fixed by a simple setting change. The last few days, though, have seen more serious security problems arise. Rice University researchers found out that a flaw in Google Desktop could be used to let intruders on the Internet secretly read the contents of your hard drive. Google fixed the security hole, and has automatically updated Google Desktop on people’s PCs so that it’s no longer vulnerable. But even though it was fixed, security experts warn that other similar holes may eventually surface — and so the research firm Gartner has recommended the businesses not let their users install it.
Now it’s been revealed that malware writers are using the Google search site as a way to attack vulnerable Web sites.
Why point the finger at Google? To show that Microsoft’s security woes are not all of its own making. I’ve long said that one reason Microsoft software is targeted is simply because most people use its software. Now the same thing is happening to Google which is, in terms of popularity, practically the Microsoft of the Web.
So yes, it’s true that Microsoft has a way to go to securing Windows and Internet Explorer. (Its recent acquisition of spyware vendor Giant Software, though, shows that it’s taking the issue seriously.) But Google’s security problems show that to certain extent, security holes are part of the price tech companies pay for success.
What do you think about Google’s recent security problems?