It's proving tougher than anticipated to protect SSL VPNs from the voracious caching machine housed inside Google Desktop Search.
The search tool, which is in beta, still manages to store and leave in the open certain SSL VPN data despite the best efforts of tools to curb the search engine's activity.
Customers are concerned that SSL VPN data might be cached and indexed by Google Desktop Search on a machine that is out of corporate control, such as an employee's home PC or one borrowed by an employee visiting a business associate. "It would be a horrible thing to think that there was a trail being left behind of what went on in what we regarded as secure SSL VPNs," says Jim Abshire, manager of operations and systems development at Herr Foods in Nottingham, Pa., which uses Netilla SSL VPN gear.
To address concerns, for instance, SSL VPN vendors that sell versions of Sygate's Virtual Desktop software touted it as a way to quarantine and encrypt SSL VPN sessions. But they discovered during tests with Network World last week that Google Desktop Search could still grab the content of Word documents and cache it in readable form.
Since then, Sygate says it has developed a fix for the bug that it plans to distribute tomorrow. It also has sought the help of Google to create a foolproof way for SSL VPN sessions to vanish from hard drives without a trace. Google says it is considering the request.
Complete article in http://www.nwfusion.com/news/2004/112204google.html
Vendors aim to tamp down spyware
Ever-growing concern about spyware spreading like wildfire has vendors such as ConfigureSoft, LANDesk Software, McAfee and TippingPoint Technologies rushing in with an assortment of products aimed at putting out the conflagration.
Recent announcements include:
TippingPoint's spyware filters for its UnityOne (http://www.tippingpoint.com/products.html) intrusion-prevention system.
McAfee's Anti-Spyware Enterprise Edition Module (http://www.networkassociates.com/us/products/mcafee/smb/antivirus/vs_spyware_smb.htm), an add-on that works with its anti-virus software.
ConfigureSoft's spyware tool kit for its Enterprise Configuration Manager (http://www.configuresoft.com/product_ecm_overview.htm) product.
LANDesk's Security Suite (http://www.landesk.com/Products/Index.aspx) software that helps users track spyware infiltrations.
Customers testing some of these new anti-spyware products say they're helpful in controlling the blaze but not yet comprehensive enough to snuff out every dangerous spark.
More in http://www.nwfusion.com/news/2004/112204spy.html