Google desktop v3 “search across computers”

To those of us who use it, the Google desktop was a god send. It truly was and is a revolutionary step in productivity and information management. Google’s world class search, but against your PC…..we were all thinking “the internet is good for something!” My personal favorite, the email search has single handedly saved me (and most likely others) hours. As opposed to the slow and un-indexed outlook search. So with all the warm and fuzzies we get from Google and their super neat products, why is a security blog writing about them? Let’s find out.

The old “safe” Google desktop version

The original Google desktop was pretty secure. It indexed you computer and made it searchable, pretty straight forward. There was some concern about the index files falling into the wrong hands but Google quickly released an enterprise version which would encrypt the index files. It was confined to your machine alone, and despite it adding a desktop link to the Google home page there were no ties back to the internet. Let’s move on and see what makes the new version tick.

The new “un-safe” Google desktop version

The newest version sports a lot of improvements with two new features. I won’t go over them all in the context of this article but they can be found here. But needless to say Google’s track record of continuous, smart improvements holds up with this release. One of the new updates that is making a splash in security circles is the “search across computers” feature. What it does is let you search for files you have across multiple computers. So if you had a .DOC file but could not remember if it was on your PC or laptop, this feature would search on both machines and show you the results. How this is made possible is by sending a copy of the indexed files up to Google’s servers for storage. Once there they stay for thirty days. According to Google this is needed to make sure your indexes are available even if one of your computers is powered off. Of course you’ll need a Google account and the desktop search installed on all the computers you want involved. Move on to the next section to see why some people are calling this contrary to the “Don’t be Evil” Google motto.

 

 

The bad about this feature

Is Google evil now? The easy answer is NO. But there are some valid concerns.

The EFF (Electronic Frontier Foundation) released an alert concerning the legal ramifications of this new feature, more specifically that these temporary files on Google can be subpoenaed. This is true and there seems to be some precedent to support it. But this is mitigated as you’ll see below. Also a concern is having copies of your data sitting out on the internet, effectively giving bad guys another place to get at your data. This too is a valid concern but is generally over blown. This last point addresses concerns a business might have and it’s real. Searching across a home and business computer. Suddenly that mission critical account information or intellectual property is now up on Google for a spell. Or the accountant indexed the books he’s been cooking for years and sure enough, they are sitting up at Google waiting to be subpoenaed. While this seems pretty bad, there is a reason these scenarios sound familiar to the last bad techie movie you’ve seen. Let’s move on to see why this is really no big deal.

Now the Good

It’s not all that bad…really it’s not. As with most things in tech security some due diligence and common sense go a long way. First off, this feature is disabled by default. Google is not trying to trick us into divulging our personal documents. Remember, this is Google and not some spyware company. Second, if you really need this and have to have it, it’s customizable. You can exclude folders and file types and you always have the option of removing your files from Google servers with a button click. Lastly, it’s as safe as everything else we do. Google encrypts the data on its way to their servers like most secure apps. We bank, do our taxes, shop, chat, etc. online everyday which is also sending personal information across the wire. If you trust those organizations with your personal info, Google should be no different. These points alone mitigate most of the perceived bad things. But it gets better, let’s move on.

Even Better

For businesses, the enterprise version is the cats meow. It takes the consumer product and really does add enterprise features. What a concept! Some of the added features are the previously mentioned index file encryption, integration with any Google appliances, and Group policy integration. The last one is a doozy, and really makes this Enterprise ready. Having group policy templates allows you and your IT folks to fully customize and lock down the Google desktop app effectively removing the risks. That is as long as your business has some mechanism to keep users from installing the non-enterprise version, but that’s a topic unto itself.

Conclusion

Yes, we don’t want our files Subpoenaed or hacked. But let’s be real. With some common sense this feature can be used safely (like all applications). And if it really bothers you all that much it’s an easy fix, just leave it disabled. There are a library of things that are less secure than this. And a mountain of things just as secure, but not getting press. People hear Google and security in the same sentence and start to light up the sky but it’s really not a critical issue.

If you enable it, just be smart about it and don’t let it index those incriminating photos from vacation and you’ll be fine.

Author:  Larry Hinz

Your email:  
subscribe unsubscribe  

Leave a Reply

You must be logged in to post a comment.