Google Desktop is a powerful tool. As such it can do a lot of useful
things, or, if misused, can cause a great deal of harm.
Google Desktop's "Search Across Computers" feature indexes content on
a computer and caches content on Google servers for searching and
retrieving from other computers. If this feature is enabled and
allowed to crawl sensitive content, an exposure could occur if the
owner's Google account is compromised.
The Search Across Computers feature is not enabled by default, but
privacy experts point out that an intruder (in person or over the net)
with brief access to a computer could quickly enable it on a target
computer and later download documents cached online by Google.
But there are many ways a computer can be compromised:
-- An intruder with brief physical access could copy documents
to a thumb drive.
-- Or an intruder with brief access could install a keystroke
logger (hardware or software).
-- If a computer has remote terminal services enabled with a
weak password, an intruder could access files from across the
Internet.
-- A user can accidentally share folders with sensitive
information over the network.
-- Spyware, as we all know, is a major vector for data exposure.
Increasingly, exposures occur when laptop computers or portable media
are lost or stolen. Reportedly, confidential information on millions
of veterans was exposed because a policy analyst who had permission to
access the data took a laptop and an external disk drive to his house,
and a burglar stole the devices.
I think the emphasis should be on education, awareness, and mitigating
risk in general, rather than declaring one software tool verboten.
Colleges and departments -- and individual faculty and staff -- should
minimize the number of places they store sensitive information, and
should securely shred digital and paper files when no longer needed.
People should not carry unencrypted files with sensitive information
on laptops or portable media. System administrators should make sure
new computers are locked down using best practices.
Google Desktop 4 is now available, and I verified that Search Across
Computers is disabled by default. We will want to monitor the
defaults when Dell's new system images include the Google software.
/rich
On 5/26/06, John Valenti <[log in to unmask]> wrote:
> According to this ComputerWorld article:
>
> "Dell will factory-install the Google desktop, toolbar, search engine
> and home page on desktops and notebooks shipping to consumers and
> small and medium-size businesses worldwide, said Dell spokesman Jess
> Blackburn."
>
> The MSU position is still that Google Desktop isn't allowed on any
> machine with sensitive data, right? And since sensitive data
> includes student numbers, that probably means not allowed on any
> faculty/staff computer.
>
> Links below. I left in the SAV article link too. (Thanks for the
> heads-up on that, Chris!)
>
> >
> > * Researchers find flaw in Symantec antivirus
> > http://cwflyris.computerworld.com/t/556616/6335285/20767/0/
> >
> > * Dell to preinstall Google on new PCs
> > http://cwflyris.computerworld.com/t/556616/6335285/20768/0/
> >
> >
>
|