Are there still Google Desktop security problems?

BROWSE BY TAG Application Security,   Application and Platform Security,   Web Security Tools and Best Practices,   Web Application Security,   Enterprise Data Protection,   Data Loss Prevention,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Security Do Facebook URL security concerns justify blocking social networks? Is there a way to block iPhone widgets that bypass Web filters? Should enterprises be concerned with Twitter in the workplace? Will an application usage policy best control network bandwidth? Can an IP spoofing tool be used to spam SPF servers? How can URL-shortening services be manipulated? Is my security program ready for Web application firewall deployment? How to ensure the security of a shopping cart application When to use the service features of the Metasploit hacking tool Preventing cross-site request forgery attacks Web Application Security Web application vulnerability assessment shows patching progress Preventing SQL injection attacks: A network admin's perspective Cisco acquires SaaS security vendor ScanSafe Web application firewall use goes beyond compliance, company finds Gumblar Trojan drive-by exploits spike following Adobe update Some Facebook applications lead to Russian attack sites Barracuda acquires Purewire expanding Web security reach An enterprise strategy for Web application security threats Scanning with N-Stalker offers basic Web application security assessment Attackers target PDF, DirectShow flaws with malicious banner ads Data Loss Prevention Layoffs prompt insider threat fears, cybersecurity survey finds Breach prevention: How to keep track of data and applications Trend Micro to address DLP after analyst report criticizes strategy How to secure USB ports on Windows machines DLP technology challenges security costs Defining DLP Analyst DLP study finds maturity, ranks top DLP vendors Data protection tips for corporate compliance leaders Trustwave acquires data loss prevention vendor Vericept Best Data Loss Prevention Products

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anonymous Web surfing  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cookie poisoning  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Google Desktop Search was first released as a beta version in October 2004. In early 2006, version 3 was released, and this included the Search Across Computers (SAC) feature. SAC lets users search multiple computers from one desktop, provided that Google Desktop is installed on each of the PCs. To perform the search, Google copies indexed files using SSL encryption to Google Desktop servers. This means that even if one of your computers is offline, you can still search its contents from another one of your machines. Any content that is older than 30 days is deleted from Google's servers to make room for new content.

SAC has always been controversial. The EFF (Electronic Frontier Foundation) urges consumers not to use this feature, because it will "make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password." Research firm Gartner Inc. issued a recommendation that the Search Across Computers option should be disabled or heavily managed by enterprises.

Google's Enterprise Team agreed with Gartner's recommendation, and said enterprises should use the Google Desktop for Enterprise edition immediately and restrict its use accordingly. The Enterprise edition includes a Group Policy Administrative Template so that administrators can disable features such as the Search Across Computers. Administrators also have the ability to set time-based retention policies for different types of documents.

Security concerns about Google Desktop security surfaced in early 2007 when Web application company Watchfire Corp. found a series of vulnerabilities that could allow a hacker to gain remote access to sensitive data, and in some cases, gain full-system control. As a result of this serious flaw, Google changed some of the internal workings in version 5. Since then, no other security flaws have surfaced, but concerns over privacy have been ongoing.

As with most Google applications, the disclaimers that you implicitly agree to allow future changes in the license agreement. Could Google start scanning your files in order to serve targeted advertising? At the end of the day, using SAC means that your personal or business data is being stored on a third-party server, and you need to appreciate the risks this involves. If your Google account is ever compromised, any data that has been indexed may be readable by whoever accesses your account.

For many mobile workers working from different machines, being able to access files on multiple machines makes life a lot easier. SAC could also be a life saver if a laptop is stolen or a PC's hard drive fails. Google does have a good track record of protecting users' data from the authorities, but even so, it may be too much of a risk for many enterprises. If so, either use Group Policy or configure your firewall to block access to http://sac.enable.desktop.google.com, which will completely block both incoming and outbound Search Across Computers activity.