If your organization doesn't block Google Desktop and other desktop search engines (DSEs), chances are these programs are running on many of your users' PCs. This may be cause for privacy related concerns since DSEs can index sensitive information stored on hard drives and "phone home" user-initiated search queries. Furthermore, Google (the company) may retain records of all searches, tied to every individual user. This tip explains how to block or secure Google Desktop in the enterprise.
Google Desktop: One of many DSEs
Google Desktop is part of an emerging desktop search engine (DSE) movement. Other DSEs include Ask Jeeves, Copernic, HotBot, X1, Yahoo and MSN Search Toolbar with Windows Desktop Search (WDS). Vista, the new Microsoft operating system due in late 2006, will have similar functionality. Another DSE, Spotlight, is built into Apple Mac OS X 10.4. Most DSEs are free and easy for users to procure.
A DSE maintains an index of a PC's hard drive, allowing users to quickly search their hard drive and receive relevant results in less than a second. Google Desktop Version 2, released in September 2005, also includes a companion sidebar, which pipes in a user's e-mail, news related to their Internet browsing habits, RSS feeds, weather reports and more.
DSEs are an especial concern on public PCs used to access a company's SSL VPN, because an attacker could use a DSE to easily retrieve sensitive corporate information left in the browser cache. Most SSL VPN vendors offer ways to block Google Desktop and other DSEs. Some push software agents that secure a user session and delete the browser cache when finished. Such software can often secure sessions by prohibiting Google Desktop from accessing the Web cache. Other SSL VPNs reduce risks by prohibiting PCs running Google Desktop from connecting to the SSL VPN.
You can keep Google Desktop off all corporate machines by simply not giving users administrator-level access to their PCs. Without administrator-level access, users can't install Google Desktop. Otherwise, DSEs can be blocked using desktop management tools.
On the other hand, if organizations allow Google Desktop, there are a number of techniques for securing it:
- Use an enterprise DSE
Google Desktop is like instant messenger software: if you don't explicitly block it, it's guaranteed to be on some users' PCs, therefore consider centrally managing it. Desktop Search for the Enterprise, Google's administrator-controlled version, has a Group Policy control. It also enables centralized distribution and adds the ability to search Lotus Notes e-mails. Microsoft's WDS also offers centralized administration tied to group policies.
- Encrypt the index file
To secure the actual Google Desktop index -- in case an attacker manages to grab it -- set the Group Policy preference to "encrypt index." Note this only works on NTFS volumes.
- Change the index file's location
Beyond encrypting the index file, administrators can also change its default location, which makes it more difficult for an attacker to grab it.
- Disallow Google Desktop on PCs with shared login names
For PCs with multiple users, Google Desktop creates a different index for each user, mitigating many privacy and sensitive information-sharing concerns. However, in organizations where multiple employees share a computer and use the same username and password, prohibit the use of Google Desktop. If you don't, each user's Web sessions will be added to a centralized index.
- Disable HTTPS indexing
By default, Google Desktop indexes all cached Web pages, even if they're secure (HTTPS). Deactivating the "secure Web pages (HTTPS)" preference will prevent the indexing of sensitive information. Most other DSEs do not offer such functionality.
IT managers must also incorporate Google Desktop (or any other DSE) into their patch-management and compliance procedures. Here are three steps to help with these processes:
- Watch for Google Desktop updates
Administrators can allow Google Desktop to automatically update itself and they can specify minimum versions users can run. Alternately, a Group Policy preference allows administrators to block auto-updating and manage the process themselves. If selected, administrators have to add Google Desktop to their PC updating and patching process, either pushing updates via Group Policy, Microsoft SMS or patch management products. Have a plan in place, and patch vulnerabilities quickly.
- Listen in as Google phones home
Another policy allows administrators to filter, track and store the HTTP requests Google Desktop sends when a user activates "Advanced Features" (which includes Internet search and customized news feeds). While this provides companies with an audit trail, warn users that it will deactivate the Google News feed in their sidebar.
- Factor Google Desktop into your document retention policy
Organizations in regulated industries should be aware that Google Desktop retains files and deleted e-mails. Google claims this is for version control -- so users can refer to e-mails and information in documents, even if they're no longer available. Users can manually remove documents from the index, but don't rely on Google to do so, and especially not for regulatory reasons.
About the Author This was first published in November 2005
Mathew Schwartz is a freelance writer, editor, and photographer based in Cambridge, Mass. He regularly contributes information security and corporate compliance stories to Enterprise Systems and IT Compliance Now. His work has also appeared in numerous other publications, including The Boston Globe, the Times of London and Wired News. Other recent work includes coauthoring a 188-page report on best practices for building and maintaining intranet portals, from the Nielsen Norman Group.
This was first published in November 2005