Google Desktop Search Functions As Spyware
dioscaido writes "Users of the Google Desktop Search software beware -- it indexes your files across all users on your PC, bypassing user protections. The Google cache feature allows all users to browse the contents of messages and files it has indexed, irrespective of who is logged in. 'This is not a bug, rather a feature,' says Marissa Mayer, Google's director of consumer Web products. 'Google Desktop Search is not intended to be used on computers that are shared with more than one person.'" Reminds me of a Neal Stephenson essay: "The Hole Hawg is dangerous because it does exactly what you tell it to. It is not bound by the physical limitations that are inherent in a cheap drill, and neither is it limited by safety interlocks that might be built into a homeowner's product by a liability-conscious manufacturer. The danger lies not in the machine itself but in the user's failure to envision the full consequences of the instructions he gives to it."
Well, there you go - Windows Exploit.
The problem in that case becomes Microsoft's, not Google's. It's just using a feature (or a bug, depends on the perspective) that exists in Windows.
It's easy to blame third parties whose software can be exploited because of inherent problems in the OS, but you're passing the buck.
Maybe if the OS were more secure, the possibilities for such exploits wouldn't exist in the first place.
The first versions of locate(1) had the same problem - the cronjob was indexing all the files and reporting on all the files even if the user running locate would not be able to learn of the file name. This was used as an way to circumvent the systems with the "security by obscurity" way of collaboration via random directory names. Today's slocate doesn't have this fallacy.
VKh
That's still an information leak, and thus a security breach. If a user can see filenames of other user's files, or inspect URL's that other users typed in, then they accessed that other user's private data. Just knowing what files are accessed or what webpages were visited, can be as serious a security breach as any, depending on the context.
If the files don't have appropriate permissions set, what expectation do you have of someone not being able to do this? This is why the question whether the files are protected is important.
In UNIX, I could use "locate" to find out whether a co-worker has cookies from porn sites if the permissions are not set. And what about Windows' "Search for files containing the following text?"
We have a total lack of information.....
LedgerSMB: Open source Accounting/ERP
It runs as *four* processes on my box:
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
Seems like more than enough.
I am finished indexing.
I haven't used WinXP in awhile, so correct me if I am wrong... doesn't XP have a little checkbox in the "User Accounts" dialog that says something like "Make my data private" or something to that effect? I believe it is unchecked by default. Can anyone confirm that by default XP doesn't make user folders strict, and that you have to explicitly enable this option. I'm pretty sure Windows 2000 doesn't work this way.
Just a confirmation please, and if not, a correction against what I've said.
Thanks.