The last 'word' in file recovery: Google Desktop

Security Strategies This newsletter is sponsored by CREDANT Technologies, Inc. Survey Says: iPods a Growing Threat in Workplace 323 IT professionals reveal usage rates, potential impacts of portable data storage devices--iPods, MP3 players, USB flash drives, and data-centric smart phones at work. Surprisingly, organizations see rapid growth in usage, but few have a solution to prevent widespread data loss. Network World's Security Strategies Newsletter, 08/09/07 The last 'word' in file recovery: Google Desktop By M. E. Kabay I was working on a massive program review recently and had just spent half an hour in Microsoft Word 2002 on the third version of the document from 4 a.m. (I like working early in the day so that my 14-hour days can finish when my wife gets home at 6 p.m.) when my system froze at 4:31 a.m. Never mind why it froze - the issue is that I had to turn the power off and reboot. Naturally, I expected to be able to recover all but the last minute of my work when I reopened Word. I expected only a minor glitch because I have long used a one-minute parameter for the “Save AutoRecover info every:” field in the Tools | Options | Save menu. Note that in Microsoft Word 2007, the option is “Save AutoRecover information every:” but is otherwise the same. This option makes Word copy the contents of the open document to a recovery file at the frequency defined by the user. The default is once every 10 minutes, but that’s a relic of the days when file access (I/O) and processors were so slow that saving a moderate sized file (several pages) could noticeably delay typing of new text. We’d see the cursor stall and then suddenly spurt ahead with the new text (or worse, only part of it) when the disk I/O completed. With today’s gigahertz-speed processors, gigabytes of RAM and buffered disk I/O, saving even hundreds of pages to disk every minute makes no appreciable difference to performance. Network World Security Buyers Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyers Guide now. So now let’s get back to my system freeze. I opened Word and found _nothing_ showing up as a recovered file. Normally I’d see a list of all the Word files that I had been keeping open when the system crashed; however, today there were no such files. ACK! Half an hour of wasted work! I always find it harder to rewrite text that I’ve already written because of the ingrained resistance so many writers unconsciously feel to repeating themselves. In desperation, I even wasted five minutes searching for all files created that day (not all that many, considering it was now only 4:40 a.m.). To my horror, none of the hidden temporary files seemed to have my document (or at least, I couldn’t read them with any utility on my system). Suddenly I remembered that Google Desktop, which I run using encrypted indexes with no significant performance degradation despite the warnings on the configuration page, automatically keeps multiple cached copies of documents with timestamps. I typed a few key words into the pop-up search field and PRESTO! There were nine cached files available: the timestamps on them were 04:02 (twice), 04:09, 04:12, 04:15, 04:19, 04:21, 04:24, and 04:29. Opening the 04:29 file easily allowed me to recover all my missing text. Granted, it was ASCII text, not formatted Word text, but it still beat reconstituting the missing materials. Google Desktop has had some security weaknesses reported (e.g., see Brian Posey’s “The Security Risks of Desktop Searches” from May 31, 2005) but to my knowledge, all the weaknesses depend on failures of perimeter security. For example, one vulnerability involves systems that can connect to the computer running Google Desktop; however, I regularly check my (hardware) firewall by periodically using Steve Gibson’s ShieldsUP! test to verify that all my ports are in stealth mode. I’m not worried about intruders on my workstation. On the other hand, there is _no way_ that I would enable the “Search Across Computers” remote-access feature of Google Desktop - the one that is described as follows by Google: “Index and search my documents and viewed web pages from across all my computers. (This feature transmits the text of your indexed files to Google Desktop servers for copying to your other computers. Only files you open after turning on this feature will be copied to your other computers for searching.” My obligation to safeguard data belonging to or referencing students, colleagues, the university and clients precludes putting copies of their files on systems over which Norwich University and I have no control. Regular readers are aware that I use encrypted volumes for all confidential data, including on mobile devices and backup media. Indeed, I don’t even permit my faculty to use Turnitin for plagiarism checking because student essays are transmitted to Turnitin servers for checking. Instead, I use client-based systems such as EVE2 for plagiarism checking because there is no server to be compromised. In summary, Google Desktop saved me half an hour of work simply by caching timestamped images of my document every few minutes in the background. Considering how often I benefit daily from the instant search capabilities, I’m even more grateful now to the Google engineers for their free product.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Storm Worm's virulence may change tactics 2. U.C. researchers: Take antispam fight to Web 3. Kittens could solve spam 4. How far could cyber war go? 5. 802.11n WLAN tests show 'unbelievable' results 6. Cisco founder unveils the Next Big Thing? 7. iPhone lawsuit filed by doctor convicted of fraud 8. Cisco beats Q4 earnings expectations 9. Fujitsu links biometrics with Novell’s eDirectory 10. Do Not Call Registry gets wake-up call MOST-READ REVIEW: NAC alternatives hit the mark

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by CREDANT Technologies, Inc. Survey Says: iPods a Growing Threat in Workplace 323 IT professionals reveal usage rates, potential impacts of portable data storage devices--iPods, MP3 players, USB flash drives, and data-centric smart phones at work. Surprisingly, organizations see rapid growth in usage, but few have a solution to prevent widespread data loss. ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007