In-Depth

Google Desktop Search Tool Raises Security Concerns

Free hard-drive indexing utility raises corporate security and privacy questions

• By Mathew Schwartz
• 10/27/2004

With Google’s recent release of Google Desktop (http://desktop.google.com/), a free program for indexing hard drive contents, organizations may want to evaluate the still-in-beta tool’s potential security and privacy impacts, and adjust their corporate security policies to explicitly permit or deny its use.

A number of information-retrieval tools, such as Blinx, Copernic, Enfish, Lookout, and X1, already have similar functionality—retrieving information from an array of file formats via one interface. To be sure, such tools have been available for years, though it’s only recently, as processor speeds and available hard drive space has grown, that they’ve become more widely used, and useful. Historically, most of these indexing and search programs weren’t free; many organizations limited their use. Likewise, many users choose to not deal with the mandatory time these programs take to create and maintain an index of contents, preferring to use in-program searching instead.

By contrast, Google’s free software might make such indexing and searching ubiquitous. First, there’s the ease of installing the software, which is a 400-Kbyte download that runs on Microsoft Windows XP. Second, there’s the software’s ease of use, via the familiar (and lean) Google interface. Organizations might want to set or adjust their policies sooner than later.

Easy Indexing of Hard Drive Contents

Google Desktop functions like Google’s Web site, only for hard drive contents. After an initial index of the hard drive—which may take a while—users can click a Google tray icon to launch a search, via their browser. While the search only return results from a user’s hard drive, it also includes the option to search for similar items on the Web. Still, Google stresses no private information ever leaves the PC, saying “the Google Desktop Search program does not make your computer’s content accessible to Google or anyone else.”

In its default mode, however, Google Desktop indexes and searches all instances of Outlook, Outlook Express, Microsoft Word, Excel, and PowerPoint, AOL IM Instant Messenger logs, and text and HTML files it finds on a PC. Note Google Desktop’s preferences allow any of these components to be excluded.

When a user with Google Desktop installed uses the regular Google search engine, the search engine also sends the search to Google Desktop, which delivers results to the resulting (local) HTML file. In other words, when a user searches with Google on their own PC, results include not only Web hits but hard drive hits. This feature can also be disabled in the preferences; this “Google Integration” option is checked (and thus active) by default.

Early reports indicate that Google Desktop may also be able to index contents of some password-protected files. Of course, using an application’s built-in password protection is notoriously insecure; free cracking tools abound on the Web for breaking Microsoft Office encryption, for starters. Even without Google Desktop’s password-breaking feature, however, users might just want to evaluate whether the contents of everything on their PC—from AOL IM chats to personal Word documents—should be retrievable via an easy search.

Window Into Shared PC Contents

Another security and privacy risk involves shared or public PCs, since users may inadvertently leave traces of their Web mail or browsing sessions, which would then be easily retrieved—probably inadvertently—by someone running Google Desktop.

Though more than one version of Google Desktop can’t be installed on a PC, even if there are multiple user accounts, Google cautions about its use on a shared PC. “If you install Desktop Search on a shared computer where all users log in with one username and password, please be aware that one user may accidentally find another’s Web-based e-mail, AIM chats, files,” and so on. In short, keeping Google Desktop off shared PCs might be wise.

A final security risk: Google Desktop is still in beta; it’s publicly untested. What are the impending security risks of a tool that is free, possibly ubiquitous, widely written about, easy to use, and which many users have suddenly downloaded and installed? Along those lines, how long before Trojan code emerges, via a worm attack, that runs financial and password searches via Google Desktop, then returns results to an attacker?

In short, security managers must balance whether they want an unrestricted program that easily and quickly retrieves all of a hard drive’s contents to be running on their organization’s machines, before security experts have a chance to vet the tool’s reliability.