Google Desktop Search Functions As Spyware

dioscaido writes "Users of the Google Desktop Search software beware -- it indexes your files across all users on your PC, bypassing user protections. The Google cache feature allows all users to browse the contents of messages and files it has indexed, irrespective of who is logged in. 'This is not a bug, rather a feature,' says Marissa Mayer, Google's director of consumer Web products. 'Google Desktop Search is not intended to be used on computers that are shared with more than one person.'" Reminds me of a Neal Stephenson essay: "The Hole Hawg is dangerous because it does exactly what you tell it to. It is not bound by the physical limitations that are inherent in a cheap drill, and neither is it limited by safety interlocks that might be built into a homeowner's product by a liability-conscious manufacturer. The danger lies not in the machine itself but in the user's failure to envision the full consequences of the instructions he gives to it."

Tin foil hats for everyone!!

[erick99]

For God's sake, this is a long ways to go to find something to be paranoid about.

Whether or not Google intended this, I take great pause at knowing any e-mail I write or read on a PC with Google Desktop Search could be called up and read by a complete stranger.

This application is intended for single user machines which pretty much limits it, in most cases, to home machines. I don't have complete strangers roaming around my house so it is not an issue for me.

Mayer dismissed my concern that this is a security issue. She points out that you can configure Google Desktop Search not to index Web pages or specific domains. That would prevent Google Desktop Search from indexing and caching the URL "mail.yahoo.com".

So what part of that did the reporter not understand? Finally, this is not mandatory software. A user has to hunt it down, download it, and install it. So don't use it if it is a problem for your computer. Now, I am not trying to be a jerk and some of this is said with tongue planted firmly in cheek. Still, you gotta wonder why people need to find things to be upset about. I am not sure why this irks me so much, maybe I should drink less coffee.....

Re:Tin foil hats for everyone!!

[SeinJunkie]

Using the new software, I was able to bypass user names and passwords that secure Web-based e-mail programs and view personal messages sent and received on public PCs. She didn't bypass user names and passwords. She accessed unprotected files just like Windows Explorer allows. This is a non-issue. If users don't want their information to be seen, they should be protecting their profile's Documents and Settings folder.

PC WORLD

[inKubus]

PC World has long been a Microsoft yellow journalism rag. It's just Microsoft Corp.'s Department of Monopoly Security at work.

Really, the Google tool is simply very powerful and is merely exposing the low default security in Windows profiles to the masses--but it's nothing me and the parent haven't known for 4 or 5 years now..........

Nothing to see here.

Re:PC WORLD

[BrokenHalo]

PC World has long been a Microsoft yellow journalism rag. It's just Microsoft Corp.'s Department of Monopoly Security at work.

Then why do they distribute Linux install disks attached to the cover from time to time?

False!

[Anonymous Coward]

Read the article more carefully. As far as I can tell what's actually happening is that Google Desktop Search makes copies of users protected files into an unprotected folder that may be accessed by all users. As the author says:

"I was not able to access the query results directly, but Google Desktop Search stores cached versions of search results found on your desktop, just like it does for its Web searches. The cached versions of the pages could be viewed."

Re:False!

[Anonymous Coward]

I think the reporter is making some confusion...
He talks about a public computer (in a booth in some expo). Various visitors used that computer to access their web accounts (using probably the same windows user on that demo machine).
The result pages were stored in the IE cache.
The reporter (using the same windows user) accessed the cache, not the live page at mail.yahoo.com, bypassing _Yahoo_'s and _Hotmail_'s passwords. (Evidentely the webmail users didn't check the "public computer" button in the login pa

I guess so

[alexisbellido]

I doubt that Google, or any other company dedicated to develop software, could do such a silly application. In any case, it would be Windows fault if their supposed protected files could be ready by a user (or application) not authorized. Also, as somebody already pointed, nobody is forcing you to donwload and install this tool, if you wanna use it then do so, it's free and it's easy.

Re:False!

[Martin Blank]

It's stored in %USERPROFILE%\Local Settings\Application Data\Google\Google Desktop Search. If I lock off my profile to other users (if they existed), then they wouldn't be able to read the files that exist therein, including the Google cache.

Re:False!

[Anonymous Coward]

They're proteced by access from other users, but not from the user who is currently logged in. These files will be cached and available to other users who wouldn't otherwise be able to look at other user's files. That's the point.

Re:Tin foil hats for everyone!!

[dioscaido]

Yes she did. As I understand it from other sources, the problem is when you install google desktop, you are administrator. As such, you index the whole hard drive, since the administrator has permissions to it. Later, this index is available to all users, and the cache allows for unprotected vieweing of the contents of the files.

Re:Tin foil hats for everyone!!

[jhoffoss]

You can exclude URLs and directories!

This is the same old *I want my PC to do everything I tell it to, but I don't want it to possibly ever harm me* mentality...if you're going to install something, read the documentation and understand what that means.

This is not even close to spyware. Now Windows, I don't ever recall seeing documentation on Windows until after it was installed... :)

Slanted article

[AbyssLeaper]

I read this article a couple of hours ago, so I did what any self-respecting geek would do: I tried to see if the reporter/bloghead was full of shit or not. If you don't want to read any further, he is.

He used a public machine, presumably using a single logon. The software functioned as expected. It cached, separate from your IE cache, all traffic it was designed to cache. He then was able to search the data that anyone left on the machine. I contend that any douchebag that is dumb enough to send sensitive data from public terminal deserves whatever they get, ignorant or not.

The desktop search stores data in the c:\documents and settings\username\Local Settings\Application Data\Google\Google Desktop Search directory. On any PC that is relatively private, the average user isn't going to be able to search anyone else's data without a little bit of work. I had to actually copy the cache files from another user's profile to my PC in order to read the files. If were sharing a PC, I'd have to have elevate rights and access to the other user's provile in order to see anything of value.

As far as I'm concerned, the reporter that wrote the article doesn't know squat. There's no story here. Well, there is. He should have written abou the dangers of using a public terminal to send personal and/or sensitive data.

Re:Tin foil hats for everyone!!

[Ravadill]

Someone using a single user OS like Home shouldn't really be worried about having unprotected files against local users.

Re:Tin foil hats for everyone!!

[KhalidBoussouara]

The feature for file permissions on XP home is still there (provided NTFS is used) but microsoft don't provide a way to use it. I have managed to find a way.

I was bored one day so I picked up an old CD lying about. It was an ISP disk which happened to have an old NT service pack on it. I thought to myself, since XP home is based on the NT kernel perhaps there is something in it that allows access to advanced features not in XP home. I extracted the files (not sure how) and most of it was useless crap. Ho

Re:Tin foil hats for everyone!!

[lightknight]

I'll assume that your talking about NTFS file permissions...

On a Windows XP box, disable "Simple Sharing". After a quick reboot, right-clicking on a file shows the standard NTFS File & Share permissions.

Re:Tin foil hats for everyone!!

[MongooseKY]

I may be incorrect on this (XP Home is evil and I won't use it) but IIRC, you can't disable simple file sharing (also evil) on Windows XP Home. For XP Pro users, your suggestion is correct though.

Re:Tin foil hats for everyone!!

[lachlan76]

You can, but there isn't a GUI for it. What you need to do is open a command line, and use the cacls program.

For example, to grant read access to R:\home\lachlan to 'someuser' you would use:

cacls /e /t /g someuser:r R:\home\lachlan

To revoke those privs, use:

cacls /e /t /r someuser R:\home\lachlan

/e = edit, and not replace
/t = recursive
/g user:priv = grant
/r user = revoke

I think those are the right args anyway, I've switched to linux, so it's been a while. But cacls is the right program.

Re:Tin foil hats for everyone!!

[Anonymous Coward]

You're conflating NTFS encryption with NTFS access control lists. It might be useful to read up on NTFS encryption. Some useful links include the step-by-step guide to EFS [microsoft.com] and an overview of EFS in XP/2003 [microsoft.com].

To encrypt a file, a random symmetric file encryption key (FEK) is generated. This is used for the actual file encryption and this key is in turn encrypted with the user's public key (and the public keys of any designated recovery agents) so that he can use his private key to decrypt the FEK and use t

Re:Tin foil hats for everyone!!

[civilizedINTENSITY]

Actually not FOS at all. We covered this in my Information Assurance and Computer Security class before the midterm. You boot Linux from removable media and change the Administrator password. Now you have it all.

Austrumi is a Linux bootable ISO image for recovering NT passwords and other cool tools and methods, sized for Business Card size CD media (50Mb). It allows you to change any password, including that of the Administrator, on a partition occupied by Windows NT, Windows 2000 or Windows XP. Simply boot the CD and when you get to the initial boot prompt, type: boot: nt_pass This will launch a console utility that will detect Windows partitions on the hard disk and provide you with a menu to modify any user or Administrator passwords on the Windows system. It will even give access to the Windows registry for recovery purposes. Quite a handy utility to keep in your wallet (AUSTRUMI is small enough to fit on a business card-size CD) if you are unfortunate enough to having to deal with Windows machines in your line of work.

Read more at http://sourceforge.net/projects/austrumi

Re:Tin foil hats for everyone!!

[kjamez]

amen. and on top of that, i would be willing to bet the google-desktop ships with a valid/working/easy un-install mechanism ... hardly SPYWARE ... you told it to install, you told it what to do, you opted to install, etc etc ...

Let's get this into perspective

[G27 Radio]

Maybe I'm mistaken here, but does this even allow you to search files that you wouldn't otherwise be able to access via Windows' built in search? If not then this whole google/spyware freak-out is just a bunch of bullshit and the people propagating it are idiots.

Re:Let's get this into perspective

[LiquidCoooled]

I agree 100% it should honor the ACLs, but I wonder if we could do anything else?

We essentially have the google bot on our machines, would it be good to honor the standards the realbot uses?

Would it pick up and honor my robots.txt file?

Will we start seeing meta tags inside emails and word documents and stored pages to exclude from indexing?

Re:Tin foil hats for everyone!!

[LnxAddct]

I'm just curious but... isn't it a flaw of the operating system that files generated by a user aren't automatically restricted to access by that user? This isn't google's fault, the same exact design ported to linux would work flawlessly.
Regards,
Steve

Re:Tin foil hats for everyone!!

[Dryth]

My cache is stored in: C:\Documents and Settings\[Current Account]\Local Settings\Application Data\Google\Google Desktop Search

I wasn't aware this was a publically accessible folder. I'm not allowed to access said folder under other users' accounts, on this machine, unless I run as Admin. That said, I haven't tried searching for files that would be found only under their accounts.

Re:Tin foil hats for everyone!!

[Jugalator]

Hmm, maybe it's because the GDS indexing process runs with administrative rights and indexes other user's profile folders? :-/ That's at least the only way I can see this being a problem... Otherwise you just have a problem with your security settings on your computer.

Re:Tin foil hats for everyone!!

[Jugalator]

Well, since it's a SERVER, it is likely running as a service with all the rights of the admin who installed it...which means it can do whatever it wants.

... and the cache is then stored into the Administrator's profile folder. (GDS stores the index in the user's profile folder)

So what's then the problem? Regular users can't read the admin profile folder.

Re:Tin foil hats for everyone!!

[thepoch]

I haven't used WinXP in awhile, so correct me if I am wrong... doesn't XP have a little checkbox in the "User Accounts" dialog that says something like "Make my data private" or something to that effect? I believe it is unchecked by default. Can anyone confirm that by default XP doesn't make user folders strict, and that you have to explicitly enable this option. I'm pretty sure Windows 2000 doesn't work this way.

Just a confirmation please, and if not, a correction against what I've said.

Thanks.

Re:Tin foil hats for everyone!!

[AnyoneEB]

In XP you have to, in any folder, go to tools --> folder options... --> view (tab) --> scroll all the way down and uncheck "Use simple file sharing (Recommended)". That will give you a "security" tab in the properties of every folder and file allowing you to set NTFS permissions from explorer.

Re:Tin foil hats for everyone!!

[node 3]

So what part of that did the reporter not understand? Finally, this is not mandatory software. A user has to hunt it down, download it, and install it. So don't use it if it is a problem for your computer.

The thing is, most people don't understand computers well enough to know the potential for privacy issues involved when they install software. It's unreasonable to demand users to become experts before using their computer. This tool sounds like it makes things worse. Google doesn't seem to be acting very responsibly here, even if a technically astute user can mitigate the risks.

This article sounds a lot like, "Hey, dumb users such as myself, I installed the Google Desktop Search and some of my previously hidden data showed up to other users on the system. Take caution until Google addresses the issue."

Re:Tin foil hats for everyone!!

[Anonymous Coward]

Jealous, are we? ;)

~m

Security Breach? Really?

[johndiii]

From reading the article, there is no indication that protected files were actually read. In fact, pretty much everything he talks about seems to have been pulled from the web cache. With default security on Windows XP, each user's cache is accessible to the other users. As are everyone's Outlook data files. This is not great security, but that is not Google's responsibility.

So, I'd be really interested to know if the desktop search application runs as an admin process, or with system rights. Unless it does, this article is nothing but hot air. Google indexes files that you can read anyway? OMG!!! This is teh suxxorz!!!

And spyware? Hardly. Nothing in the article even comes close to suggesting that all of this indexed information is transmitted anywhere.

Re:Security Breach? Really?

[jdunlevy]

yeah, certainly not "spyware" in any usual sense of the word if the information isn't being made available or transmitted off the box.

Re:Security Breach? Really?

[RobertB-DC]

With default security on Windows XP, each user's cache is accessible to the other users. As are everyone's Outlook data files. This is not great security, but that is not Google's responsibility.

Indeed. Yet another reason I use Opera [opera.com]. With IE, I've never been able to figure out exactly where the cache is, much less how to kill it without trashing the OS. Not that I've tried very hard, because it's so much easier to take care of it in Opera:

* "File"
* "Delete Private Information"
* check all the boxes
* h

Re:Security Breach? Really?

[EvilSS]

True story. MS does some bizzare virtualization of the cache directory. What explorer sees really isn't there. Go go command prompt, CD to the cache folder, and do dir /AH and dir /AS and compare to explorer.

Re:Security Breach? Really?

[boomgopher]

Yeah, on my two user XP Pro box, I was able to index and search the seconds user's files, but their account was not "protected" using a password, etc.

One annoyance is that the second account cannot use Google desktop at all. It warns roughly "Only the user who installed this can use the Google Desktop", etc.

Re: Security Breach? Really?

[Alwin Henseler]

...there is no indication that protected files were actually read.

That's still an information leak, and thus a security breach. If a user can see filenames of other user's files, or inspect URL's that other users typed in, then they accessed that other user's private data. Just knowing what files are accessed or what webpages were visited, can be as serious a security breach as any, depending on the context.

Re: Security Breach? Really? Dreaded "locate"

[einhverfr]

That's still an information leak, and thus a security breach. If a user can see filenames of other user's files, or inspect URL's that other users typed in, then they accessed that other user's private data. Just knowing what files are accessed or what webpages were visited, can be as serious a security breach as any, depending on the context.

If the files don't have appropriate permissions set, what expectation do you have of someone not being able to do this? This is why the question whether the files are protected is important.

In UNIX, I could use "locate" to find out whether a co-worker has cookies from porn sites if the permissions are not set. And what about Windows' "Search for files containing the following text?"

We have a total lack of information.....

Re:Security Breach? Really?

[Waffle Iron]

The situation is somewhat similar with the Linux 'updatedb' and 'locate' built-in search facilities. On my box, by default, the scanner runs under the 'nobody' account. However, unless a user takes specific action to change it, their home directory is world-readable by default.

The default file permissions seem to vary by the app that created them. My .mozilla and .kde directories are not world-readable, so the web caches would not get scanned. However, plenty of other files are world-readable by default, along with most documents I create.

This general situation has been around for many years. If you do share a machine, it's probably just a good idea to learn about file permissions in general.

Re:Security Breach? Really?

[vondo]

Nope, locate, or at least the version I have (slocate), doesn't return the names of files you don't have access too. The db may be out there and readable, but if I type "locate messages" as a normal user, I don't get /var/log/messages since I can't read it.

The other thing is that locate doesn't let you search within files. Normally, the name of a file is not that important, what is inside is. There are exceptions, of course.

Re:Security Breach? Really?

[ip_fired]

The problem as I see it is in the startlingly easy way google desktop search makes intrusion possible, sometimes even without the person searching intentionally looking into other user's data. Any keyword I type is an instantaneous hook into the world of the other user who used the pc before me. That is what I find scary.

But that's just it. It's a SEARCH tool. It's supposed to find things that you don't know about. If it didn't, it wouldn't be a very good search tool. This should not be installed on public computers. And, if you are personally are concerned about it, there are products out there that will store all that sensitive information (browser history, email files) on a USB drive that you plug into the public computer before use.

As it is, I don't know how useful it will be to the average /. user. It only indexes files in your Documents directory, it only indexes a handful of files (.doc, .xls, .txt, .html files for example). It has SEVERAL limitations that are annoying. For example: I want it to index my java source code and javadocs for the project I'm working on. However, it refuses to index them.

Also, it doesn't index my Firefox cache or history, nor does it index my Thunderbird mail files.

In other words, nice try Google, but it's not useful to me (yet).

A problem if accessible remotely

[Disoriented]

Keep in mind that once you have physical access to the machine, all bets are off.

However...

Google's tool could be a danger if someone figures out a way to launch it remotely, by getting a user to click a link, or through some Windows exploit. If so, it's plausible that a remote attacker could gain access to the cache and use the information to gain administrative access to the machine.

---
"I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours."
-Sir Stephen Henry Roberts

Re:A problem if accessible remotely

[metlin]

Well, there you go - Windows Exploit.

The problem in that case becomes Microsoft's, not Google's. It's just using a feature (or a bug, depends on the perspective) that exists in Windows.

It's easy to blame third parties whose software can be exploited because of inherent problems in the OS, but you're passing the buck.

Maybe if the OS were more secure, the possibilities for such exploits wouldn't exist in the first place.

Re:A problem if accessible remotely

[burns210]

Simple fix... Have 2 indexes, one public, shared over the entire computer, one private, for the specific user only.

All PUBLIC data(shared documents, etc) are in the public index, and all users can see them, private data, like documents in a user's home folder are sent to the private index.

GDS would then combine the two transparently for search results.

Re:A problem if accessible remotely

[DogDude]

If there's a Windows exploit, why would the hacker bother with the Google Desktop? If you've got access to a hacked PC, just use cmd or explorer to go whatever you want. This isn't going to make any difference if you've already got a security hole.

Re:A problem if accessible remotely

[colin_n]

I have tried to access the tool remotely. It appears that it only accepts connections locally on the computer.

uhhh...sorta

[Zed2K]

Unless you add the path to the preference option of the user that you don't want to be indexed. This also isn't release software. Its beta toy tools stuff. You know, the kind that says "use at your own risk."

Re:uhhh...sorta

[filtur]

Its beta toy tools stuff. You know, the kind that says "use at your own risk.

Like windows.......

That was too easy, ignore my post.

Re:uhhh...sorta

[misleb]

Don't all software EULA's basically say "use at your own risk?"

An adage I've heard before

[TimmyDee]

The Hole Hawg is dangerous because it does exactly what you tell it to.

Yes, well computers in general are dangerous because they are very good at doing exactly what you tell them to do. For better OR for worse.

Re:An adage I've heard before

[lothar97]

Yes, well computers in general are dangerous because they are very good at doing exactly what you tell them to do

I'd argue that computers are more dangerous because they do lots of things that most users do not have the slightest inkling about. In the case of Win boxes, you get open ports, system restore to cache virii, not coming with AV software, default "administrator user" with no password, default firewall that ignores outgoing traffic, etc. I could go on, but I'm bored with the list.

Couple this wi

Uh.

[emazing]

Since when does this constitute spyware? To my knowledge, spyware sends information to a third party without the user's knowledge.

Re:Uh.

[metlin]

Worse, all that this does is use a feature of the OS - nothing more.

It's almost National Enquirer-esque, sensationalist.

Whether or not Google intended this, I take great pause at knowing any e-mail I write or read on a PC with Google Desktop Search could be called up and read by a complete stranger.

If a complete stranger has physical access to your single user system, you have more problems than you realize. Don't blame Google for that. Duh.

Re:Uh.

[hacker]

"Worse, all that this does is use a feature of the OS - nothing more."

I don't know about your OS, but mine does not send my usage data to third parties [washingtonpost.com].

"Once the Google search technology is installed for free on a personal computer, it will transmit basic data daily about usage patterns. For example, it will tell the company how often Google is being used to search personal computers, how often it is used to search the Web, and how often simultaneous searches are done. Google lets users opt out of sending some usage data, but not all of it.

However, Mayer said the data collected will be aggregated so that the company knows where to focus its efforts on upgrading the search technology. She emphasized that the daily up-loading will not transmit any personal information to Google and said it is typical for major software programs that offer voluntary upgrades and fixes for bugs to capture that sort of information as a matter of routine."

Nothing to see

[samael]

It indexes all the files that you'd have access to anyway...

Can't see what the fuss is.

Re:Nothing to see

[hng_rval]

Not all your files. I have access to my Trillian logs (c:\program files\trillian) and those are not indexed.

Re:Nothing to see

[ciroknight]

Even worse.. Google's FAQ on Multiple Users [google.com] states that it is not for multiple user systems, so all of this nonsense is perfectly within it's working parameters, and as a beta program, is to be expected. Don't like it? Don't use it. Period.

Re:Nothing to see

[Tongo]

No, it runs at the same level as the user you are logged in as. If you are logged in as admin, it runs with admin rights. If you log in as joeuser, it runs with joeusers rights.

BTW, MSFT DID do this. It only indexes the same information that you can get to using Explorer.

Another fiasco...

[ryanmfw]

Sounds like another fiasco that Google is gonna have to withstand, just for being honest. Anyone remember when the privacy hounds were out about GMail perpetually storing your mail, and that a *gasp* computer would actually read it! Reminds me exactly of this. Of course, they'll come out and clarify it later, but by then the damage will be done. Oh well.

Re:Another fiasco...

[DogDude]

This won't create any kind of fiasco. First off, it's not spyware, and the only person who suggested it, did so on a relatively unknown blog. "Spyware" won't even cross the minds of non-Slashdot readers, nor should it.

Re:Another fiasco...

[metlin]

Well said.

However, the problem is that Google actually tries to portray a benign image. Although I must admit that so far they have kept that up.

However, as an AC has pointed out in this thread, that is the problem of being a public company.

Although your motives may be benign, you're under the control of your share-holders. At which point all bets are off and you will be scrutinised very closely.

Wahey, no Mac version.

[ecc962]

Suddenly I'm not so bothered that there's no Mac version!

stock

[ch-chuck]

goog up 2 bucks on the news

original locate vs. slocate

[BACbKA]

The first versions of locate(1) had the same problem - the cronjob was indexing all the files and reporting on all the files even if the user running locate would not be able to learn of the file name. This was used as an way to circumvent the systems with the "security by obscurity" way of collaboration via random directory names. Today's slocate doesn't have this fallacy.

Spyware?!

[lunar_legacy]

Spyware has a different definition...

Was there a warning?

[Fat Casper]

I haven't used this, but the only problem I'd have with it is if there wasn't a warning. Was there a mention anywhere that it was only intended for one user computers? If there was, then good for Google. If there wasn't, I still don't think it's that huge of an oversight.

Re:Was there a warning?

[Richard_at_work]

Yes, its in the 'getting started guide' and in the application FAQ. And as another user above said, "It only indexes files you would otherwise have access to anyway", IE if it gets indexed, theres nothing stopping you manually interrogating the file anyway.

I wish it was password protected

[Dr. Sp0ng]

I can already see the girlfriend-snooping potential here.

Weak argument

[tuxlove]

This is a weak argument by Google. Saying that this tool is only for single-user systems is just a cover for laziness. Why in hell would an operating system implement a system of file permissions if security weren't an issue? Since the tool functions the same whether or not the system is single-user, Google is implicitly admitting they're lazy and don't care if their software can be used to spy on others. I don't see a problem with a tool that indexes all users' files, but I do have a problem if it doesn't

Re:Weak argument

[William Tanksley]

I do agree that Google shouldn't, by default, look into other users' home directories. This makes a lot of sense, and as you say can't be hard to do. But I think you might be mistaken in thinking that there are file permissions blocking Google's way. The problem is that Windows programmers don't tend to put file permissions, encryption, or other protection on their files; you can't really tell what's yours and what isn't.

I do, however, suspect that Google probably overlooked the idea of NOT searching throu

Google, the new Microsoft

[The Bungi]

FUD, clear and simple. With the usual hysterical Slashbot "OMFG TEH COMPANIE IS TEH SUXXORZ!!1!" byline. It's amazing how once a company starts entering different areas and markets everyone starts whining, crying wolf and feeling threatened.

Windows users have had "home" directories that are inaccesible to anyone except themselves and a domain administrator since NT4 was released. If this Google tool is allowed to index things it's not suppose to index, then that's not Google's fault, and it's certainly not Microsoft's. It's the fault of whomever configured that machine. AFAIK NTFS security has not been comprimised yet.

And the "spyware" tag? Love it. FUD works both ways, doesn't it?

Google Desktop seems useful.

[kngthdn]

I just installed Google Desktop today, but so far I'm pretty impressed. Even though it's still indexing, I haven't noticed any difference in speed.

Google Desktop isn't spyware, because it makes what it is doing clear before you install it. Of course it reads your files; that's how Google works. As long as my data doesn't go back to Google, I couldn't care less.

And actually, if everyone could choose just some of our files to make available publicly, think how much more useful Google would be.

Maybe that's their plan. Get everybody to index their disks, and than offer killer p2p on Google.com.

Does anybody *else* think that would be awesome?

Re:Google Desktop seems useful.

[Peyna]

It would be cool if you could put txts and docs into a special folder acessible to the outside world.

Gee, if only someone could make some kind of program [apache.org] that could make files on your computer accessible to the outside world.

Re:Google Desktop seems useful.

[hacker]

Read it again. It transmits usage patterns, heuristics about the nature of your content, aggregated with the other information collected from other users of the tool, and so on... with the intended target of improving ad relevance as served to you, when you use Google. It caches (tracks) what you search for when using Google, and it also caches (tracks) what your own local files and content contain, as they pertain to the tool's functionality.

It may not be sending your emails or files back to Google, but

Sounds good to me

[lukestuts]

Now I can share all those important email attachments people keep sending me!

Year of Google Contraversy

[ciroknight]

Seems like every step Google has taken to make searching more integrated into our life and software has been shot by the media saying it's "too intrusive", and this is on BETA software and BETA programs that Google are running.

This says that either Google's far too ahead of it's time, or that the media really needs to grow up. Google's policy is that their software does no evil, it's the user's responsibility to make sure that they are not evil with it. Besides, if someone wanted to write a trojan to scan all of a user's files and report back somewhere, it could be done a lot easier than hacking GDS.

Face facts people; Google's here to stay, and they're here to help.

Re:Year of Google Contraversy

[DogDude]

Well, "the media" hasn't attacked Google at all. The only person suggesting this ridiculousless is one writer for a relatively irrelevant PC rag on his blog. Anybody can post anything on the Net... that doesn't make them "media" any more than it makes what is written true. In fact, that's one difference between "the media" and average joe. Real journalists do fact checking and real analysis. This is some guy talking about what he found, and he happens to work for PC World (which I didn't evne know st

How can it tell it is running in Mozilla?

[Saint Stephen]

When the google service is running, surfing to www.google.com shows a Desktop choice. When it is not running it doesn't. This works in IE and Firefox -- but not Lynx.

How can www.google.com tell the service is running on the local computer without using activex? I thought maybe it had some javascript that checked http://127.0.0.1:4whateverportituses, but I didn't see that. Must be that.

If it can do that, it can upload data to google!

A long way from spyware!

[RealAlaskan]

First of all, most Windows PCs are single-user.

Second, this just lets any user find anything that he has read permission on. As usual, Windows default settings are suitable only for single-user machines.

Third, it could only be ``spyware'' if it phoned home. Even the silly article didn't suggest that it does that.li>

Just another sensationalist /. headline. Nothing to see here ....

Other ironies

[markomarko]

I never installed the google search tool since it warned that it be installed as an Internet Explorer "helper application." Ahem, cough....IE...helper application...back to the drawing board google.

The same mistake was made in Unix!

[Anthony Liguori]

The locate command was designed to get around the terribly slow transversal of directories when looking for a particular filename. It suffered the same basic design flaw in that it did not take user permission into account. The slocate (s as in secure) was designed to get around this obvious flaw. I'm a tad surprised Google didn't see this one coming. Maybe they've been hiring a few too many PhDs and not enough folks with real experience :-)

Luke, come to the dark side.

[recharged95]

"And google, now a public company, gives in to corporate America. They tried to redefine the business, but instead it refined them." It is now the corporation.

Makes sense that you don't bite the hand that feeds ya.

next...

Microsoft Plant?

[DanielMarkham]

This article looks like a plant from the Microsoft PR department. There really is not much of a story here.

I know it has to be driving MS nuts that google is getting into the filesystem niche, especially with all the trouble they've had over the years with putting together a database-based filing system. I imagine if they keep on pushing the release out past Longhorn, google is going to overtake them .

Not spyware

[Guspaz]

Does it install itself onto your PC without your permission? No.

Does it gather personal information and send it to Google? No.

Does it run secretly in the background, with no way to remove it save an anti-spyware tool? No.

Does it allow you to access anything you couldn't access without it? No.

How is this spyware again? Or even a security threat? As another poster pointed out, this tool doesn't access anything you couldn't access through Explorer.

What's this, is Slashdot helping to spread FUD?!? Say it ain't so!

FOUR processes

[hey]

It runs as *four* processes on my box:

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe

Seems like more than enough.
I am finished indexing.

Who wrote this summary, Fox News?

[Sleepy]

Users of the Google Desktop Search software beware -- it indexes your files across all users on your PC, bypassing user protections.

This is just too misleading to be accidental. Talk about bias.

So dioscaido [slashdot.org], you are suggesting Google defeats NTFS users/groups directory permissions and encryption?

No?

Oh.

Yeah, that's what I thought. Completely irresponsible journalism at work folks.

Basically this utility works NO DIFFERENT than "Start-->Search-->Search IN files", except that noobs don't know how to use Search properly, and Google search is "prettier". Oh, and MS's brain dead Search can't peek inside compressed files. Whoopie-do.

If I were more cynical, I'd chalk this fear-mongering up to someone with a lot of Yahoo stock, or someone afraid their wife/husband will find email evidence of an extra-marital affair. By default in Windows, ALL USERS CAN READ EACH OTHER'S FILES.

Nothing to see here, move along..

DISCLAIMER: I own no Google or Yahoo stock.

how is this spyware?

[drew]

while i can understand why some people might be leary of the security implications here, how in the world does this qualify as spyware? it doesn't pop up annoying adds, it doesn't send my data to some secret gathering place, it doesnt report any of my habits to any other person (unless thay also have physical access to my computer and can search for that information)

oh yeah, got ahead of myself. spyware is the new virus. its just a word one person uses to scare another person when neither one really knows what they are talking about. nothing to see, move along...

Re:how is this spyware?

[drew]

only if they would have had access to read it already anyway. if windows didn't make a users data, documents, and web caches world readable by default this wouldn't be an issue.

anything google desktop search 'enables' somebody to find, they would have been able to find anyway without it. it just would have taken longer (and may have required a little more knowledge about what you were looking for).

The Irony - "stuffit" or zip

[crucini]

I've long enjoyed this essay. I find some irony in the linked version, which gives us a teaser paragraph and then:

Download the rest of the article here. Mac stuffit or PC Zip

Considering that the essay is largely about the superiority of Unix, and the blindness of the prevailing PC/Mac culture to the existence of Unix, the PC/Mac dichotomy presented here seems oddly appropriate.

Of course this notion of "downloading" a compressed version is dumb. Harper Collins just needs to add mod_gz to their web server, so they can transparently compress for most modern browsers.

Very Powerful Tool

[jkichline]

First let me say this is a very powerful and convenient tool that works as advertised right out of the box. However, I am also upset by how easily this group defends Google and attacks Microsoft. I'm sorry, but if you are creating software you need to keep the users in mind and work with the environment you are given.

I have done a lot of research into how the Google Desktop system works. Here are some things I found...

1. The indexing "agent" (not a windows service) runs as the current user. So, Windows security should block Google from viewing those files.

2. Google installs its own web server on the machine and maps to port 4664. They also do a lot of validation to make sure you can only see this information from the local machine. This appears to be pretty strong.

3. Google stores its cache in the following windows directory: C:\Documents and Settings\username\Local Settings\Application Data\Google\Google Desktop Search -- Leading me to believe that this is user specific. I checked permissions on this other users do not have access to the cache, leading me to believe they would have their own version of the cache.

4. Google seems to abide by the rules of the operating system. Unless they are somehow bypassing Windows security (being google they could reverse engineer anything I guess), this is pretty sound. So it really comes down to the user for setting permissions on their files. Otherwise any old search program could also find those files.

5. Google Desktop search is not spyware. I think the fear is how it integrates your desktop with the Google home page but the truth is no information is sent. At least that's what Google says. However, I looked at the source of what is returned and this is not done using client-side script or an ActiveX object, so I'm not sure how they pull this off. This sort of scares me. For instance, the path to one of my files is seen coming from the their server.

Now, the bad side...

While I was impressed by the lockdown of interface to the local machine, this is easily compromised. In an hour or two I created a VBScript class that could host on the user's machine and use local HTTP to access this data. This means that spyware could be created that allow remote access to the otherwise ironclad cache. This is obviously bad since you could just start searching for passwords and possibly get them.

My suggestion to Google? Add additional settings. For instance, right now the default setting is EVERYWHERE, with some control over WHAT gets indexed. I suggest being able to point the index at specific folders, or be able to not index other folders. This is sort of like shipping a firewall with all ports open. Sure its up to the user to lock it down, but if you don't... bad things happen.

Also, more filetypes would be really good. Especially more code files, etc.

I also think the ability to share your cache could be an option. This would be handy to install on a corporate file server to provide access to files (this is the reason I created the remote access hack)

Of course this may be Google's strategy all along... make the free version do everything and be for personal systems, and then sell a version with more file types, more granular control, sharing etc. Sounds like good bait and switch to me.

So that is all. Very good software, very easy to use. Ships wide open and could breach privacy on beginner level users. Can be used for attack and Google needs to consider this. Overall.. thank you Google!

Re:Very Powerful Tool

[A Guy From Ottawa]

Although I thought most of your post was quite intelligent and interesting, I have to take offence (for Google) to this statement:

In an hour or two I created a VBScript class that could host on the user's machine and use local HTTP to access this data. (snip) This is obviously bad since you could just start searching for passwords and possibly get them.

If I have comprimised a machine to the point that I can CREATE a script AND execute it, basically the you're fucked. All your base are belong to me. I cou

The Hole Hawg

[Wanker]

These drills are great. I doubt anyone could really appreciate how much like UNIX they really are until they've injured themselves with one.

Here's the whole (hole?) essay:

http://steve-parker.org/articles/others/stephenson /holehawg.shtml [steve-parker.org]

Some choice quotes:

The Hole Hawg is a drill made by the Milwaukee Tool Company. If you look in a typical hardware store you may find smaller Milwaukee drills but not the Hole Hawg, which is too powerful and too expensive for homeowners. The Hole Hawg does not have the pistol-like design of a cheap homeowner's drill. It is a cube of solid metal with a handle sticking out of one face and a chuck mounted in another. The cube contains a disconcertingly potent electric motor.

During the Eighties I did some construction work. One day, another worker leaned a ladder against the outside of the building that we were putting up, climbed up to the second-story level, and used the Hole Hawg to drill a hole through the exterior wall. At some point, the drill bit caught in the wall. The Hole Hawg, following its one and only imperative, kept going. It spun the worker's body around like a rag doll, causing him to knock his own ladder down. Fortunately he kept his grip on the Hole Hawg, which remained lodged in the wall, and he simply dangled from it and shouted for help until someone came along and reinstated the ladder.

It's very, very difficult to have both the presence of mind and the physical strength to hang onto a powerful drill that's just flung you off your ladder. Kudos to that guy-- I wasn't so lucky. :)

Where my homeowner's drill had labored and whined to spin the huge bit around, and had stalled at the slightest obstruction, the Hole Hawg rotated with the stupid consistency of a spinning planet. When the hole saw seized up, the Hole Hawg spun itself and me around, and crushed one of my hands between the steel pipe handle and a joist, producing a few lacerations, each surrounded by a wide corona of deeply bruised flesh. ... After a few such run-ins, when I got ready to use the Hole Hawg my heart actually began to pound with atavistic terror.

There never seemed to be a good happy medium between holding the drill tightly enough that when it hung up I had enough of a grip to let it grind through whatever was hanging it up and loosely enough that when it REALLY hung up I could abandon it without injury.

Apply appropriate Windows/UNIX metaphors. :)

I installed this yesterday...

[Plural of Mongoose]

And removed it today.

I arrived home from work today, and fired up a simple search using my now-indexed Google Desktop. The first item listed, by dint of a coincidental search term, was an email my cleaning lady had sent.

The 'drill' in the email was NOT the one I was looking for.

I must say, I was quite surprised - the search cached viewed and sent emails from a private hotmail account - it even kept a view of the inbox.

This is, well, bullshit. Really - how many people NEVER have anyone else on their system. This search has wayyyyyyyyyyyy tooo much room for abuse - and once they fix it, I guarantee you this old version will be worth $$$ on the black market...

Only one copy, one user per PC

[Kraegar]

I have an XP pro machine.

I installed the google desktop search.

I had to be an admin to do the install. That means I have to have rights to read all files on the machine to install it.

I switched to a non admin account, I was told only the original person who installed it could run it.

I switched to a different admin account, tried to run it, got the message that only the installer could. I attempted to install it again under this account, I got the message that it's not meant for multi-user systems, only one user can install it on a PC at a time.

So in summary, if you don't trust someone who's an admin on your system, don't use that system. The search only makes it easier for them to see your data - they already have rights to.

Home vs. Pro edition of XP

[Doppler00]

Are we talking about installing this Google Desktop Search software on Windows XP Home edition or Windows XP Pro? There is a huge difference between how these two operating systems handle user right assignments. Windows XP Home has a very stripped down version of the system whereby you can't easily change user permissions of individual folders. My guess is that most people will set up user accounts on the home version with "Administrator" rights as many programs simply don't work correctly in XP as a "User".

Because XP Pro is typically used in office environments, if you set up a user account and you log in, you will NOT be able to see the other users folders unless an Admin sets those permissions.

Of course, all this seems silly as linux has had proper file permission settings forever whereas Windows has just recently added that feature.

Re:Home vs. Pro edition of XP

[praxis]

"Of course, all this seems silly as linux has had proper file permission settings forever whereas Windows has just recently added that feature."

Windows has had proper file permission settings since Windows NT 3.5 shipped September 1994. Slackware 1.0 (I consider this the first viable installable distribution) shipped August 1993. That's a whole year different. Percentage wise, Linux has had proper file permission settings 10% longer than Windows.

Not to mention, Windows ACL are more fined grained than what most Linux distributions offer.

To preempt the argument that Windows defaults are insecure: I am comparing the technical abilities of the systems out of the box; which are the tools an administrator may use to configure what he feels are "proper file permission settings."

The only security

[NetBlackOps]

The first rule of system security is that the only security is PHYSICAL security.

What are the flaws here? It's a publicly accessible machine. Anyone can walk up and since it is publicly accessible, can merrily publicly access away. The presence or absence of the Google search tool in and of itself means nothing. In addition, with the tools that I have here, even if you DID have individual accounts I can own that machine, one way or another, in under a minute. It would slow me down some if someone with real Windows knowledge set up the system secuirty, but that is all that would happen, it would slow me down. After all, I do this for a living (systems security consultant). Don't be overjoyed Linux users, if I know your version, I can get you too. I track the vulnerability lists on a daily basis and no one save the truly paranoid (moi, of course) patches THAT quick!

Now, in the context of a personal PC, whose ox is getting gored here? No one. By definition. Note, I said personal PC. My personal PC, fully locked down Win'Server 2003 Ent., or as fully locked down as you can get with Windows (snort), happens to have this beast installed and yes I did pause to read the documentation, EULA, and all the warnings that they posted. This is just another search tool that just happens to use a web server front end so you can search using a browser interface that looks just like Google. Powerful (not Windows Find in my book) search tools have existed for eons in the computing world. This is yet another one and pretty spiffy actually. I was pretty impressed that it found in under a second something that I had been searching for for days, yes even with some pretty powerful search tools. Nice job!

Now, is my system less secure? No, if someone walked up, or happened to break into my system from the outside (about as likely as hell freezing over), then yes, having this available to them is a bit more of a problem but if they get in the door, then they already know where to drill down for personal information. Anything I'm really interested in protecting (under NDA, etc.) is already living on an encrypted HD with a VERY long key. Again, I'm paranoid. For the average user, again, once in somehow the presence of this tool changes nothing.

What is interesting is the potential for abuse in the case of a family or office setting. Be assured that half the problem in knowing where to go in those settings is identifying the interesting places and then you can identify the system security penetration required. This is NOT recommended for use in an office setting, but Google points out that it was not intended for such use anyway and spells it out most eloquently in the EULA as well. You do read the EULA, don't you? I do.

For the home, how much do you want to hide from your parents, spouse, or kids? Having no spouse of kids, I can't say. As for my parents, I'm the one locking down their systems ;-). You need to make that decision yourself but I do admit that most kids can find out what they need to know to penetrate any parents computers VERY easily. I do cruise the script-kiddie boards (often) to see what they are up to and the tools are all there within easy reach (Google search ;-) ).

So that's my two cents. Mere FUD. BTW, what idjit uses a public computer and expects no one to know what they are doing? Apparently a LOT of idjits accordinig to a fellow SysOp elsewhere that happens to have a day job at a large library. If the cops want to catch a lot of kiddie porn and kiddie stalkers, I can tell them right where to go, but they aren't listening (sigh).

NetBlackOps

crap

[Anonymous Coward]

OK, so this guy who wrote the article is a moron. I installed this on my Win2000 machine using my main account which is an Administrator account (but not 'administrator') and had it index my machine. I then switched to the 'administrator' username just to see what would happen, and it says that it was installed by somebody else (a different account) and couldn't run. Therefore, there is no security breach that I can see, and I was using two different administrator accounts.

The FAQ mentions multiple users who use the same login and password. Well, of course, duh. If several people use the same account, of course they can see the same files. It's the same damn account.

And one more thing, it isn't spyware as spyware returns information about you to someone else, like a company. At most, it could be classified as a 'priviledge elevation' of sorts, since purportedly you can see other people's files, although I can't reproduce this on my machine.

Re:How is it spyware?

[Anonymous Coward]

Does it phone home, sending entire indexes of your harddrive to google?

Yeah, then it kills your entire family and rapes your dog. Not being evil isn't as easy as it sounds I guess.

Way to not read my post.

[jelwell]

Hopefully you at least read the article. Because your trolling is not helping.

So as to not be a troll, the point is that anyone with physical access to your machine can install something that takes advantage of caches, or creates it's own. This "news item" is blown out of proportion because the user went to a machine that had *already* had Google Desktop Search installed.

Any user that wanted to read all your yahoo email could just as easily have installed a key catcher, either hardware or software. Or all

Re:i thought the headline was talking about this..

[stevel]

It isn't accessing the Internet - it uses a local loopback connection to talk to its server, but your firewall doesn't distinguish that.

Google Desktop can send debug info to Google, but the claim is that it sends no information about what you searched for or your local file contents to Google. You can opt out of the debug and statistical info collection.