Security Analysts Still Leery About Google Desktop 2

By Lisa Vaas  |  Posted 2005-08-23

Security Analysts Still Leery About Google Desktop 2

In spite of Googles efforts to placate the concerns of its enterprise audience, some security experts are still leery about opening the door to the powerful desktop search capabilities packed into the companys release of Google Desktop 2 on Monday.

"This is a very powerful tool, potentially with a bidirectional metaphor," said James Governor, principal analyst and founder of the analyst firm RedMonk. "Its indexing all this stuff on your desktop and doing something on the Web. Whos to say thats not a potential breach?"

Google Desktop 2 is the second beta of Google Inc.s desktop search tool, which it first unveiled in October 2004.

This version goes far above and beyond the first beta. For example, added features such as the Sidebar go beyond finding information on a users computer to personalizing an array of information on users e-mail, news, weather, photos, stocks and RSS and Atom news feeds, all based on their Web browsing history.

"We really focused on first, not only making desktop search faster and easier, but second, helping people to find new information through the Sidebar," said Nikhio Bhatla, product manager for Google Desktop. "We wanted to let people just sit back and let the Web come to them."

Enterprises believe that some of that information is best not found, however.

When Google first unveiled Google Desktop Search (since renamed as Google Desktop) in October, security experts and IT administrators were alarmed to find that the tool had the ability to reveal personal and confidential information in search results, including returning password-encrypted Microsoft Office files that were available to users without the password, pages from secure sites that display corporate data from Web-based enterprise applications, or personal information such as financial services accounts and medical records.

Google responded to enterprise trepidation when it released an enterprise version of Google Desktop Search in May.

The enterprise version enables administrators to restrict indexing of, or access to, files.

It also allows administrators the ability to block communications back to Googles server for automatic updates of the software—a cause of concern that initially plagued security analysts with the consumer version of the product.

"I worry about data leakage from my desktop back to Google," said Bruce Schneier, chief technology officer at Counterpane Internet Security Inc. "Is information on what Im searching for going upstream? I didnt know [when he first looked at Beta 1 of Desktop Search]. So Im less likely to use it."

According to Bhatla, password-protected documents are no longer indexed in the enterprise version.

In this current release of the consumer version, Desktop 2, Google has also added a feature to encrypt the index so that all files are protected from access if a laptop or computer is stolen.

Desktop 2 also supports multiple users on one computer. If multiple people use a single computer and have their own, individual Windows accounts, each person can install and run Google Desktop and know that their information is inaccessible to other users—a major concern with Beta 1, as evidenced by feedback left on the subject by an eWEEK reader.

"[The idea that] in order for you to be able to view the files and browser caches of other users on the system, you must be the system administrator … are not quite true," wrote the reader, "clarkalex."

"On [Windows] XP maybe, [but] on other Windows systems a user can install software as a regular user account with no problem and can open up other users files with no problem," the reader wrote.

"This is because the default permissions are Everyone Full Control on a Windows system. This even applies to the users folder in Documents and Settings. There are still plenty of Win2K systems out there. The security policies would have to have been modified to make your statements true. Or the owner of the files that were to be kept secret would had to have changed the ntfs permissions on them. (Assuming ntfs was the file system in the first place.) On a Win2K system, generally there would be nothing stopping a regular joe from downloading [Google Desktop Search], installing it, and being able to see whatever he wanted. That would indeed be a security threat."

Next Page: Multiple-user systems use is still not advisable.


-User Systems Use Is Still Not Advisable">

Bhatla said that even with Desktop 2s ability to support multiple users on one system, Google still doesnt recommend installation for multiple users, since it indexes Web history in real time.

"Some people may be concerned about that and may not want other people on the computer to access that information," he said.

Google has tackled the problem of returning secure pages, as well. In the previous version, users had to uncheck the option for not indexing such pages. Now, by default, https files are not indexed.

"That, coupled with the index encryption feature, as well as support for multiple user accounts, [means that] we have significant features to improve on the security of the product," Bhatla said.

And, again, the enterprise version of the product gives administrators even greater control over what the application does, he pointed out.

"You can say, We dont ever want Internet pages indexed, and users cant change that," he said.

Security experts have also raised questions regarding privacy, particularly when it comes to medical or financial records—all of which falls within the realm of compliance with regulations such as HIPAA and Sarbanes-Oxley.

"From an enterprise perspective, [tools like Google Desktop] raise issues around privacy, Governor said. "Certainly organizations are being audited to be sure they have controls in place around infrastructure. That includes desktop search and anything else. It means IT organizations need to be aware of this stuff."

But is Google Desktop capable of finding anything that couldnt be found through other, less direct means?

"Rather than navigating the file folder hierarchy, you can find anything you want using search … so the search user interface essentially supplants the Windows user interface and the whole file folder structure beneath it," although you could certainly find the same elements through the file folder structure without Google Desktop, said Joe Wilcox, a senior analyst with Jupiter Media.

Pete Lindstrom, research director with Spire Security LLC, concurred.

"It is truly embarrassing for anyone to suggest that their security model was based around piles of available yet inaccessible information," he said in an e-mail exchange.

"The people who are really worried about [Google Desktop] really didnt have good security to begin with."

And yet, Governor said, theres a big difference between a fully indexed desktop and one that is not indexed.

"With an indexed desktop, there has to be a chance for exploit," he said.

Google Desktop, at the very least, demonstrates the power of scale and search that systems can provide, Lindstrom said, and shows that enterprises must "constantly acknowledge and respond to this by ensuring that our systems are covered regardless of whether we believe the access is there," he said.

Jon Oltsik, an analyst with Enterprise Strategy Group, said that such desktop search tools are "extremely useful tools for individuals" that need to be added to an enterprise based on risk profile.

"If they supersede access control on your file system, thats bad," he said. "Thats no different from Companies should have policies on acceptable use of Web surfing, for example."

In other news, Google is expected to unveil a "communications tool" as early as Wednesday that is said to be a step beyond the companys current search-related business focus.

The Los Angeles Times, citing unnamed sources, reported Tuesday that Google intends to launch an instant messaging program named Google Talk that goes beyond text-based instant messaging to enable people to use their keyboards to hold voice conversations with other computer users, according to a source quoted by the newspaper.

Webloggers have suggested the Google is intending to base Google Talk on the open-source Jabber system.

Such a service would make Google a competitor with Skype, which offers a similar service that is popular in Europe.

Googles Bhatla declined to comment on the news.

Check out eWEEK.coms for the latest news, views and analysis on enterprise search technology.

Rocket Fuel