Google desktop search sparks security scare

Google's newly released desktop search application creates profound security and privacy risks for any companies with public access PCs, security experts have warned.

"In a shared environment people can use this powerful Google search tool to deeply mine data from public access terminals," John McIntosh, managing consultant with IT and security consultancy Heulyn, told vnunet.com.

"Firms need to be aware of ways in which this type of software is used and what impact it may have. Credit card details can be easily unearthed, together with other personal data.

"This can easily lead to identity theft and this is clearly a fast-growing problem. There is no skill needed to do it, and it makes it very easy to gain access to potentially sensitive data."

Unveiled last week in a beta test version, the free Google Desktop search application is designed to enable users to search local email, files, web history and chat details.

"Google Desktop Search brings the power of Google to your personal information on your own computer," said Larry Page, Google's co-founder and president of products.

"As easily as searching Google, you can instantly search your files, local email, the web pages you have seen and more."

However, within the Desktop Search application the option 'Include secure pages https in web history' is checked by default, making it possible for someone to search previous users' access to 'secure' web content.

"Security has always been of particular importance in shared environments, but this tool introduces a whole new concept. The main problems in shared environments is how to clean up afterwards," McIntosh warned.

"People want ease of use, but this comes at the price of security. There is always a trade off with more functionality leading to more vulnerability.

"Companies do not seem to understand the test cycles that they need to go through to secure their products for real-world usage."

Mike Davis, senior research analyst with Butler Group, argued that the benefits of tools such as the Google Desktop Search outweighed the risks.

"There are more benefits than risk with this sort of technology. If you have not done anything wrong then you have nothing to fear," he said.

"In corporate environments you should be concerned about people downloading and installing it themselves.

"Implementation needs to be controlled under policies. Tools like this can expose lapses in security policies and this is not a bad thing."