Google has created a [url=http://desktop.google.com]desktop search[/url]  application. When Asim first told me about it, he immediately warned me not to install it on my machine. And I asked him "why not". So he told me he ran some searches to see how good it was at revealing information like usernames and passwords. Unfortunately according to him it's really good.

I ran a search on Amazons A9 search engine on "Google Desktop Vulnerabilities" and I came across this article: [url=http://www.eweek.com/article2/0,1759,1730748,00.asp?kc=ewnws112904dtx1k0000599Bruce]Desktop Google Finds Holes[/url]. This article tries to disspell the security issues, but I'm not entirely convinced.

If you have documents where you store data like FTP info, client information, Receipts of online transactions (which might expose your credit card info) etc etc etc The list goes on and on. I guess if I knew more about exactly how the search engine indexes data I might be more comfortable with it.

I hate to be a fear mongerer, I don't do things like encrypt files, e-mails and things of that nature. But one has to protect their passwords, especially if they do online banking, or even have a paypal account. Of course common sense will take you a long way…(never e-mail sensitive information- ie passwords, CC info)  but if this application is logging key strokes and all text appearing on your screen… then how can you stop it from logging things you dont want it to log?

The only real benefit I see in this application is having a search feature which is superior to the Windows built in search which is slow as hell and crappy as hell. When I am desperate to find a file, that is the only time I use it. But if it was really quick and didn't slow my machine down at all I wouldn't mind using this google application. But logging instant messages you can do that anyway through your chat application.

Any ideas? Any google advocates, employees, or security experts want to comment?

{mos_sb_discuss:8}

Filed under: Technology