Security in a Google world

Time to start thinking about how Google can block the next worm that attempts to use the search engine to spread.

Tech Culture

Google hacking shouldn't be a problem for Google, but it is.

The practice of finding sensitive information and vulnerable computers using the search engine took on a whole new tone on Tuesday when the Santy worm automated the procedure and used the service to spread. By filtering the requests from the worm, the search giant essentially stopped the program from spreading, but it took almost 10 hours to get the filter in place.

In many arenas, a 10-hour response time may seem reasonable, but as antivirus companies have learned, it's ten hours too late. The Microsoft SQL Slammer worm spread to tens of thousands of servers in less than 10 minutes.

It's moot whether Google deserves to be held accountable: The search engine's popularity has made it a key part of the Web infrastructure and a powerful tool for finding information, including information about vulnerable servers.

Potential solutions include throttling requests based on content type, similar to what Hewlett Packard and other have proposed as a way to slow the spread of worms in networks. By limiting the number of similar search queries from a single machine or even a large number of machines, the company could slow the spread of any future viruses that use Google's database to find potential victims.

Of course, that will only halt a single vector and worms with multiple means of spreading seem to be the rule nowadays. Still, such a solution could solve Google's part of the problem.

Autoplay: ON Autoplay: OFF