Search Engines - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Search Engines


Security Analysts Still Leery About Google Desktop 2



 By: Lisa Vaas
2005-08-23
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Search Engines story.


  Table of Contents:
  1. Security Analysts Still Leery About Google Desktop 2
  2. ' Multiple'

Rate This Article:
Poor Best
Security Analysts Still Leery About Google Desktop 2
( Page 1 of 2 )

Some are wary of opening the door to the tool's powerful desktop search capabilities; the problems involve leaving sensitive data lying unprotected on users' desktops.In spite of Googles efforts to placate the concerns of its enterprise audience, some security experts are still leery about opening the door to the powerful desktop search capabilities packed into the companys release of Google Desktop 2 on Monday.

"This is a very powerful tool, potentially with a bidirectional metaphor," said James Governor, principal analyst and founder of the analyst firm RedMonk. "Its indexing all this stuff on your desktop and doing something on the Web. Whos to say thats not a potential breach?"

Google Desktop 2 is the second beta of Google Inc.s desktop search tool, which it first unveiled in October 2004.

This version goes far above and beyond the first beta. For example, added features such as the Sidebar go beyond finding information on a users computer to personalizing an array of information on users e-mail, news, weather, photos, stocks and RSS and Atom news feeds, all based on their Web browsing history.

"We really focused on first, not only making desktop search faster and easier, but second, helping people to find new information through the Sidebar," said Nikhio Bhatla, product manager for Google Desktop. "We wanted to let people just sit back and let the Web come to them."

Resource Library:
Enterprises believe that some of that information is best not found, however.

When Google first unveiled Google Desktop Search (since renamed as Google Desktop) in October, security experts and IT administrators were alarmed to find that the tool had the ability to reveal personal and confidential information in search results, including returning password-encrypted Microsoft Office files that were available to users without the password, pages from secure sites that display corporate data from Web-based enterprise applications, or personal information such as financial services accounts and medical records.

Google responded to enterprise trepidation when it released an enterprise version of Google Desktop Search in May.

The enterprise version enables administrators to restrict indexing of, or access to, files.

It also allows administrators the ability to block communications back to Googles server for automatic updates of the software—a cause of concern that initially plagued security analysts with the consumer version of the product.

"I worry about data leakage from my desktop back to Google," said Bruce Schneier, chief technology officer at Counterpane Internet Security Inc. "Is information on what Im searching for going upstream? I didnt know [when he first looked at Beta 1 of Desktop Search]. So Im less likely to use it."

According to Bhatla, password-protected documents are no longer indexed in the enterprise version.

In this current release of the consumer version, Desktop 2, Google has also added a feature to encrypt the index so that all files are protected from access if a laptop or computer is stolen.

Desktop 2 also supports multiple users on one computer. If multiple people use a single computer and have their own, individual Windows accounts, each person can install and run Google Desktop and know that their information is inaccessible to other users—a major concern with Beta 1, as evidenced by feedback left on the subject by an eWEEK reader.

"[The idea that] in order for you to be able to view the files and browser caches of other users on the system, you must be the system administrator … are not quite true," wrote the reader, "clarkalex."

"On [Windows] XP maybe, [but] on other Windows systems a user can install software as a regular user account with no problem and can open up other users files with no problem," the reader wrote.

"This is because the default permissions are Everyone Full Control on a Windows system. This even applies to the users folder in Documents and Settings. There are still plenty of Win2K systems out there. The security policies would have to have been modified to make your statements true. Or the owner of the files that were to be kept secret would had to have changed the ntfs permissions on them. (Assuming ntfs was the file system in the first place.) On a Win2K system, generally there would be nothing stopping a regular joe from downloading [Google Desktop Search], installing it, and being able to see whatever he wanted. That would indeed be a security threat."

Next Page: Multiple-user systems use is still not advisable.





  Reader Comments: Security Analysts Still Leery About Google Desktop 2
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Search Engines Articles          >>> More By Lisa Vaas
 


x}vȲxycM 8am 'sY\!h,$mI&s%ΟKgUݭ/@2N&sOԭW~^/Vdž5%xa$?CO\<ޫW}u؟5s$-GF;fNM7MQ5~w8j4u7GRɁ_7s"%<4xo;GI<6qM}Tؖ/x'l߷\uE>>"%)m4EdB6vn5kzn;B 0VʯaT˱9<"#nBUDRd5vn/ /\2r.ddv {ƺ`S31iB+daVLJtd:st u5۴]JBJ63Q 訮S-]c;ٮ>&}׽1UgQ/#!_TBbp`ŭz˱)=~b4HXܦn?A7ھtԵ,\s:J#l$R"ۆ@踏Uo/uvU߰[dfq9Eu\ 4n yPr$Q*uToXo+{iX2)hͭk\Ȋ"IeU?pd-vBr: E eC8j09"A +tn&1`jLT+b13 6r3 u P%opKT/*PKŹZ̎kx:2 ,,ՑYln\:W~ :'3do̲5<jUQ* J va ?mV7g77MiCGVh/\Gx +?_XT'_Z`zO|nx07ɝz df3g Z.ȹ7 ߟN:d[Wϻ'$'MDOws`U-@mع̑\\۝ka2(7 cM<~xX'%9"5E [9];J|$zڦ-tu}G_x0}q̝7hr Ce)"8?3ՅI hA#{MabEK;+R? X\UE?(qe"E[fT}O9%)ޔ!E\rы \D?CC7=aD+I,t4WpOT=mfY]7'tauMUiwcwUÞ$\zmM[guz~XHѮnvZM(q8ǹ:no:*J=27RZ/JuYjbtfx٘n`qX&aѡJ}OԅTyxC MoNi>6H@=* pPѦKG˥Umf>; a +ϞuӅ>Wu\fNh$>6(Zlt`Se"s q9{۽ޚ^(gz7HX^0 j5u;d*S<ûmDSgx ީ L< M'[%kr#Ea1 CruR$>hI#2 Bг1,`@o&`%-gPr)ntry s{jr\B;7 ˥=*%4fqR%f 930iIbL=?hi1eG,Dv9JM .Y ϴR5ֲ f$5^&t&C3` {@ZgaI`0TD]Ew,O90S׾h14Ğ[_ }ۼ VϚ ݟ01}a] k%wzڴysÂf$tTDh]qڛ":iyTXh%3=Ͱ&SqOȃ=3p ԇ&>|Y;iXS$P.MmU;WQ7˔L8+״MPM Χ2*]hs< 8:K 6 O,mr12@Ppl1lg0D~t7<Ù=bFJV >zh'>ug H!lIXknj*z_No:!6+mm :$F&@0ũ/:SZ15F"R] 87 *C՗aHl- 6b8O 3l`(`(R p4vjeERثh3td tAqFA4`/@E} &% ë {b;@4]$.Hq{Tŧ_>C[y82l/C5,v&"fb:h[ ^=' -ݥCɁU|qh˹cpp0uׅ=- ΅_$gםai+@ ۣ!՜hRF Éaa.UYBeU&-JJY*rDeSl q,YX&T6M>0}-:#֒(mA\&K΁44"#,OAUF4%qbs0WUX(8 Z ov)2q͜a&lGR)C1s{dbi馓mOM]'j/$Ub4)Yu Yf"F@z"R֊Z585,\Vq~3W`^0+LL]>x_ᄯ.8fPkCcl,}CFo/!m^J]R9X>.y: ˟Q12&c*0 *u\S_Oiw!]rk c5qo ~~oQ oW6pWBa+J&~k<ɺIXȑ1 [bD:@k"˖U z@  tHhq!L`?#KGWFڤqJ{ۧw^]i>UNZЁP}-5up=X\ QB|Ѭ?&T$a5i[ ,U뵢L_iU7k-|h#Q@2S<"#G/=q|k N4{ՁJFB-bJ݂6n"uy@VYhQwj\ۡam(}Nq&fo^{lЛi/r dHp|avKre)$O@ЙY%7C:۸s:j&c`l@<粢c=b)hʅϚ08#= [i Ŝl{nkr /%UIV8ƝcU]8/ȫ$vϡR@7 PU)Ԟ̞N-mۨuL $^Wnlv 5N]1_~Zz9p)Jg HWTČeᩢo;U7iO;ԅ/Y"=wTP) jMDV5ѶU7(H?KCsmbbvQvTئʺHG٭X682V6jRno~aZ(JCL$KZW=EU:~ (zC9k%: bAyRTS,.=Jӛ6%UT-VS?ͳ!ӢBqi1he~:EKfbߧ-]Ѕ`@O|Cn$58@Sk ۤ#NHvRg0=< l,QF_TJh)4J::)?;ی) 5E_g%'k'u\-%[7SuY'D}_q+=?Unj'v?!!>48xac셏Q 䅠sZ en1~8JP -M>tSou+DZ30uʣhhw<)~[Ħ{ /䎉iH tJޣx ik>|%ĵh0%WRW!> ?<Du`*G]AJ=tݳ#r^uonI DaM:n{Q \;P+}ʂ{x :tD+ cϾM޻uSꄏF Y1U}-1rd?vFCS}?I^{I^[viemUfF0z^kH ^ݍD[""NARn/<L8zd GsHe3D?ymТ1>=C]pj?h@'y* LW*];ԡ|o~}2/7=d_6ZDNpw5V"{QI%*y}=J`TTky ^Av&0H?6!i8V=:okQ]u~ZjvÏ1!i ҧa@/uLzxT70G~"~]c~I.r@Sqqp~nnwkJljl 4!Q"h `9o9s [5 J7\9j>c! \7,X; 1? !H4O/m͵GO"G3QuǴ C~8ȷ62bx@K5QtP 7z!|b=SLbJf헧o<4v7s+y ]L+u9:+("p9z-Bq$ܣQXZ=A1?tܻ"BA8'6bR:~Q ]NNZ.A|g {bjBy ̅KAE- r*6|$u)b<'Q4oaV}4´P~tΔ*[,_3 L< X1UrlT6%Ke4D)^x%.'CX(a1WP;Z¡WʱUJpr7-;RExMJLr~%9~ěfUfR)27}NxiEERP%pNhmPEۥhjoTMۙ%I`= _3מNfEz}RRQCÀ. dMDa ߄)Rm[[V\ )8GdYPsG ?-\] 0.(е?V)͊!`Smb_UR3+l#x|Dh+t˝B m`+$h@^/BK@yeVM!wCOxIz 4dIk(XUO*J2 6ACЉRUg, HzOZi[-7e, g&RZg M'D.?$Y})}&m +m{4pAfT/6{ 0#.&]K8]ocbU-|ӶoJ d@lkՋM ڣ~X{U?!c,5[/ %=4 m&t #||||_^-I%H_Kߏ@-Tpp]eas2S0 A*B@cB +a!E@zھQv[$XWҜT0Y1j)AwtNܞٚ~~D|" ononononį܍X,KFd7m ky~D4qzRt kU`+Ct1$7̾g .&ڂ7?/b$vqG{zƗAfu+G|ÞE`/J3lrS\J g ^4!H֎/|iaL"'؂vS^Ɩ=tFc[_zحqx/[[UҎMc t] eIxoimO-tuӔF>",:^'GZ?ϡoUm "y*]W#u2_JZ~f ;7Z.c~U mvoGY tvZ_cvbK]񉻰YYJU7HF"wj˴JRMAwցo߷~t|IZ_3,Z~PxK `7}\/T^Gnʸjn{c;i)T}M\#W{kWh'R#RojkPw̼wBpANnI2VjAeA[o&6௲eulas(VjF/߻*JJس;}-#AV)MFk(+&rjytfC!`l¯J$CJj|" +h%N"r0MGV` 8X@dYQb æz_%5.~_a޶򘊅͠18w1ޗN#Ey/ER G(67Ȫu6E={8R[W@/j <fgDp%qajxflԝ/n;]0E=[G?d!f:,RK Y+ ZYʿC)3; 0}PCpo>bm؝d&?uL~n/|oUo|\| jad#6yl`'" p.\y?^ol#$Ht"O?g{xVW$-@\tdwUdo?]LeG~_)tbxE/u sH]VX(tw( F^ڒjo~es~MSwy? o^"·몈\e4!ª ixx5>ve>h~ #=%P5%(=e(h"Ojj*5n A^ c>!c+Z|D,=t%E/l]~0. 05vi9(ῤlݹju=HhJ|4\ +{+cc$5 UJuy"^V]ZX:"2*/ Czpi "bTI ;PcqXY U@+Ě0ki1{ GSc~^SԌx!?@׌oۦh;z=Vڹ*q1yK,Y-J8sӪ3977uzr}]\CP[cvXC-LKGt#hN%aZ`ǿ ~r&:&̾%kD0Պ 4T+Z P^P+]\ĩ-5E* fk(axZ~nL+.ʓ{z^zn=rY)kD;k.1 _XA<9gDڭR]cˉ^/@yj4ZψnmE/:OyZg^OCpaeXM3 6mY1Vg)ە]aIJ`%֧`w{zCd.NGER= "F㷏w 6^fO&8)Rx~p1c7ŇĤ.8 ~r5`: `['&>In$%H{J] UC `xK >V='yg0\C+< dC93`#wkЏ f-<NN?>u/;WAufXv>J49J*Q!>;1Llg?Oz ۧם~_ɦVTk!>>BZpȉ=:=5Ӧ?h1Ŭ5*#Mf&7@ )ns9e' LjV}^}xQ3Q+Q~ 'mvFy{Si'Oπ>gy {(^k릗wOsiF93ˌr\~FG(^~3l׺ EF/E|E}/>_d"?/?/2e2CF;(Q(GF_d^f%e\]f_e?=/ rqWU?Ӈ3߇3?d(%= ʡ2!~7P~U{7MF77!cvpv%sQ^ε3\}~)Pgu(g 3Vڭ^V`{AJ1gF+@~W~#^{u;+%'W23YKxE~%kgf[M2}!:c|M$X2o&W48O=1X)tnmn+Ĥ^1WsUV} 1՞b%dED<m}U>=u#%l,YM`0v4O5a;H_ L<f 3nArt tЦ1[r%>=RGPMyuXε'ƛJxdaw.g]C/~'ϥ.^gn9 pQa.`kM\wA/2x&!{^ xLk :d`gOn3F W'֠==ޙkd5Ck+cP%'3Σ.L ů݅NL{2̝τ>y F<`{iӳzm7m bmMøMƝ ZƼK5E >bq ?5< ëww +ЄAlv~oC~&O Ͻ}ow 4 C6`~?N@DUPޙaơ/;"waR* l;8d2֭ {k# 6 0y:fy, 9zn% - ix^S$| l~Ïexƪ~Axh>&ӽ>-t AяM(IS`/@s^nT0*+Q <&bY`þߟ2]-7:QT +)Yl{$uL"i~gsg_t 79!euz9+gwFPz`yq7e1$~Ml=u[+W^ƜΔk.m)tOu⫰CNt /)X ( LEΠnkMnDa:=YJ;}o#u!?"Lnlm^Vktm(0K{4l}EE%%Xrf fxE)]RjɄn~39xI1%h3l=mAb?ܩ6 m`G= v4Q ^QwM jR+[FɀH>Y;x5R`&(Ϫ0~ ҖnZ~f0.~v0/渲h9>Ŝf5rIȽkz^4<*.GLDN,<bSf}-)ZO_X[_,Q>)[5]_<|}m:{^}{OI)|?h@>L˔9-f4s?w|ŠcD W ̲^05="P??03FcVLT`}q v-]Kh R 1/rOpkM+=(x0F{̾50kx5~B8 ugmA'ViCC Xoϰ> &oµo @ o-L)_O`PN(,+abx@ O8HԦ02,Q3,8zscaI׬J?:sTU$ȅ! FǺ.9ҡR@xާjCdR芘{4zb7ʰ$Б;%In s`c\B|+Ԥ0A}^Ԭa?`~0GCitR*ٌ>Åyp7\ ҚxMEŌz5}8=a X@jë=8롂˷-ſuO{b}qN`.֮R҈]MM|5o%^ FͶ#t<^pSУLoᚨ ?D5V@([Z]04խ)f`^R1 `h:O, AwdM~&={oH = :"ಏcOu aGBUoZG' BDҶnI:=JiB tbELy(/&?HK  ?zXR -˼- tl9̂z~K# w\>J|psKi[m!Kk~$W{4O+Qdf@cE |5{nrqG{ˁ:tw9^apeqcSfژiC&yq9bc|[k0!ȶmbAj+T#A8!cLSum=GP+nh7~, wnY\vTD.=$Z~u\,LՑg8A@h :&ܕ%$eT%<JMP 0D79>To{nIZelG ٪ъvLqjE /yM͈AInBG 81*u^>$+}a7 xqxW+sr)rS[b0]TԤPim/z,Z~b+TLjbFm1KEoaOdx.}{Qn;r3gq- 3xSc?"qpkrj#̳v-tT3pJ4sǮ#-|Y$#Ћ(lؔIP0Zx;wCRȫya Nc 1j6`A3r2ǩGZv<7GZJ#[+tz WwUo{/O