Windows Vista will improve search functionality on a PC by letting users tag files with metadata, but those tags could cause unwanted and embarrassing information disclosure, Gartner analysts have warned.
Search and organisation capabilities are among the primary features of Windows Vista, the successor to Windows XP due out late in 2006. While building those features, Microsoft is not paying enough attention to managing the descriptive information, or metadata, that users can add to files to make it easier to find and organise data on a PC, according to Gartner.
"This opens up the possibility of the inadvertent disclosure of this metadata to other users inside and outside of your organisation," Gartner analysts Michael Silver and Neil MacDonald wrote in a research note published on Thursday.
For example, a user might use "good customers" and "bad customers" as keywords on contract files. If such a contract is sent to the customer with the keyword still attached, it could cause embarrassment or even loss of business, the analysts wrote.
Microsoft will provide a simple metadata removal tool with Windows Vista, but that's not good enough, according to Gartner. "If I rely on the user to remove metadata, a lot of that metadata is inevitably going to get through," Silver said in an interview. "It really needs to be automated."
Microsoft is concerned about user privacy and security, said Michael Burk, a product manager for Windows Vista. "Microsoft has listened to our customers and is implementing the usage of metadata throughout the system to give users breakthrough ways of managing and searching for their files while protecting user privacy," Burk said in a statement provided by Microsoft's public-relations agency.
Inadvertent disclosure of metadata has embarrassed businesses and government in the past with high-profile leaks of secrets. In Word documents, for example, metadata is used to track changes. Last year a gaffe by Linux nemesis SCO Group revealed which companies it had considered filing lawsuits against.
More recently, pharmaceutical giant Merck was put in the hot seat because of changes made to a document regarding Vioxx. There have also been document data leaks at the White House, the Pentagon, the United Nations and others, according to a compilation by Workshare, a maker of software that strips metadata out of files.
With the increased use of metadata in Windows Vista, Microsoft is heightening the problem, Silver said. "Instead of trying to shore up metadata, which has been lacking for a long time, they are adding yet another way to assign metadata, forget about it and send it to somebody else," he said.
Microsoft should have designed metadata management and protection tools into Windows Vista, but it has not, the analysts said. "With Microsoft's increased emphasis on security and privacy, the issues in Windows Vista should have been addressed deep within the OS during development," according to the Gartner report.
Before adopting Windows Vista, organisations must have a plan and policy for addressing metadata, Gartner advises. Companies that are sensitive about exposure could purchase third party tools to manage the extra data, the analysts suggest. "Taken to an extreme, you could avoid Windows Vista until the issue is addressed in an integrated fashion," they wrote.
Talkback
The old functionality before security issue again. After 10+ years one would think that the world would have learned the back-firing consequences of such an attitude but no, appereantly the wrong type of IT decision makers are still in place and it's up to the lesser people within the organisation to try to save face again. Make due with what you have and all that sort of lame excuses for poor judgement calls made in the past. And stil they wonder why it's so hard to find enough right people to want to make a career in the IT industry in those areas that count to the economy as a whole. Gee, I wonder.
The answer: consistent lack of (full) liability and accountability at those levels that count.
I'm more concerned about Vista's ability to keep the meta-data, right now if I add some data manually to the properties field and then edit that file, WIndows wipes it!
So what are they going to do about that?!
Its functionality/usability before security that has allowed Microsoft to dominate the market.
People will use an insecure system (to a degree) they wont use hard to use systems.
Visa cards are massively insecure, with large amounts of fraud but people still use them because they are simple