Google Stumbles With New Desktop ToolBeta search app creates vulnerabilities that may threaten your data's security.
Illustration by Stuart Bradford
Google wants to help you effectively access the piles of information you store in the documents, e-mail messages, Web pages, and contact lists stuffed on your PC. And who better to help you than the most popular search engine on the Net, right? Not so fast.
Though it lacks a few features, the beta version of Google Desktop Search does give the same satisfying results for your PC that Google.com provides for the Web. But as it's designed now, GDS also delivers a potential security nightmare, say industry experts.
Google is not the only powerhouse focusing on desktop search. AOL, Microsoft, Mozilla, and Yahoo are all working on their own versions.
Google's tool downloads and installs itself in no time at all, and lets you generally select the types of files you want to include. GDS then sets out to build an index of your entire electronic existence. It operates in the background, so you can continue working. Indexing 20GB of data--not including Adobe PDF files, which the GDS beta does not index--took a little more than an hour on my PC.
Go to the Preferences page to select which types of files you'll allow GDS to cache. You can also opt not to send Google reports.
After the indexing is done, a simple double-click launches GDS, which offers the same look and feel that millions of Internet users have come to know by using Google.com.
And that's where the thrill ended for me. To be fair, highly specific searches returned accurate results, just as they do on Google.com. But when you look for files or e-mail that may be years old, whose details are now sketchy, you may be less able to target searches properly, and anything less leaves you wading through piles of Word documents and instant messaging hits even when you know you're looking for a spreadsheet.
I preferred the free Copernic Desktop Search tool. It works as fast as you can type, and your results are sorted according to file type and date.
One thing Copernic's tool doesn't include is secure Web pages. In my book, that's a good thing, since such pages (with URLs that begin with https) include things like online banking statements and e-commerce sites containing your credit card information. But unless you indicate otherwise either at installation or later, GDS includes it all, even though such pages are supposed to be secure and accessible only if you have entered the correct user names and passwords for your protection.
GDS also provides cached access to PGP-protected hard drives. How does GDS circumvent the safeguards for such protected data and Web sites? Simple: The tool adds all viewed documents and pages to its cache--after you've gone through the security handshakes. (Go to Preferences to turn off this ability if you miss it in installation. Note that any secure pages GDS already has in its index remain there, but they are hidden from search results unless you choose to include them once again.)
Moreover, GDS stores its painfully complete index in one convenient location on your hard drive with no encryption or password protection--a hacker's and worm writer's dream come true.
"[GDS] puts the index of your data in a well-known place on your hard drive," says Stephen Green, principal investigator of the Advanced Search Technologies Group at Sun Microsystems. "It's only a matter of time before there is a spyware application or a worm that sends your Google index to a site somewhere."
Joe Stewart, senior security researcher at Chicago security services firm LURHQ, agrees, saying GDS's unsecured index "lowers the bar for the expertise needed to find and compromise sensitive data."
Google has not responded to our multiple requests for comment on these issues.
GDS works fairly well as a search engine for your desktop. But there are other free search tools with equal or better functionality, without the potential privacy and security hassles I saw in this beta.