Google Desktop Search Functions As Spyware

dioscaido writes "Users of the Google Desktop Search software beware -- it indexes your files across all users on your PC, bypassing user protections. The Google cache feature allows all users to browse the contents of messages and files it has indexed, irrespective of who is logged in. 'This is not a bug, rather a feature,' says Marissa Mayer, Google's director of consumer Web products. 'Google Desktop Search is not intended to be used on computers that are shared with more than one person.'" Reminds me of a Neal Stephenson essay: "The Hole Hawg is dangerous because it does exactly what you tell it to. It is not bound by the physical limitations that are inherent in a cheap drill, and neither is it limited by safety interlocks that might be built into a homeowner's product by a liability-conscious manufacturer. The danger lies not in the machine itself but in the user's failure to envision the full consequences of the instructions he gives to it."

Tin foil hats for everyone!!

[erick99]

For God's sake, this is a long ways to go to find something to be paranoid about.

Whether or not Google intended this, I take great pause at knowing any e-mail I write or read on a PC with Google Desktop Search could be called up and read by a complete stranger.

This application is intended for single user machines which pretty much limits it, in most cases, to home machines. I don't have complete strangers roaming around my house so it is not an issue for me.

Mayer dismissed my concern that this is a security issue. She points out that you can configure Google Desktop Search not to index Web pages or specific domains. That would prevent Google Desktop Search from indexing and caching the URL "mail.yahoo.com".

So what part of that did the reporter not understand? Finally, this is not mandatory software. A user has to hunt it down, download it, and install it. So don't use it if it is a problem for your computer. Now, I am not trying to be a jerk and some of this is said with tongue planted firmly in cheek. Still, you gotta wonder why people need to find things to be upset about. I am not sure why this irks me so much, maybe I should drink less coffee.....

Re:Tin foil hats for everyone!!

[SeinJunkie]

Using the new software, I was able to bypass user names and passwords that secure Web-based e-mail programs and view personal messages sent and received on public PCs. She didn't bypass user names and passwords. She accessed unprotected files just like Windows Explorer allows. This is a non-issue. If users don't want their information to be seen, they should be protecting their profile's Documents and Settings folder.

Re:Tin foil hats for everyone!!

[LnxAddct]

I'm just curious but... isn't it a flaw of the operating system that files generated by a user aren't automatically restricted to access by that user? This isn't google's fault, the same exact design ported to linux would work flawlessly.
Regards,
Steve

Re:Tin foil hats for everyone!!

[Dryth]

My cache is stored in: C:\Documents and Settings\[Current Account]\Local Settings\Application Data\Google\Google Desktop Search

I wasn't aware this was a publically accessible folder. I'm not allowed to access said folder under other users' accounts, on this machine, unless I run as Admin. That said, I haven't tried searching for files that would be found only under their accounts.

Security Breach? Really?

[johndiii]

From reading the article, there is no indication that protected files were actually read. In fact, pretty much everything he talks about seems to have been pulled from the web cache. With default security on Windows XP, each user's cache is accessible to the other users. As are everyone's Outlook data files. This is not great security, but that is not Google's responsibility.

So, I'd be really interested to know if the desktop search application runs as an admin process, or with system rights. Unless it does, this article is nothing but hot air. Google indexes files that you can read anyway? OMG!!! This is teh suxxorz!!!

And spyware? Hardly. Nothing in the article even comes close to suggesting that all of this indexed information is transmitted anywhere.

A problem if accessible remotely

[Disoriented]

Keep in mind that once you have physical access to the machine, all bets are off.

However...

Google's tool could be a danger if someone figures out a way to launch it remotely, by getting a user to click a link, or through some Windows exploit. If so, it's plausible that a remote attacker could gain access to the cache and use the information to gain administrative access to the machine.

---
"I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours."
-Sir Stephen Henry Roberts

Re:A problem if accessible remotely

[metlin]

Well, there you go - Windows Exploit.

The problem in that case becomes Microsoft's, not Google's. It's just using a feature (or a bug, depends on the perspective) that exists in Windows.

It's easy to blame third parties whose software can be exploited because of inherent problems in the OS, but you're passing the buck.

Maybe if the OS were more secure, the possibilities for such exploits wouldn't exist in the first place.

Re:A problem if accessible remotely

[colin_n]

I have tried to access the tool remotely. It appears that it only accepts connections locally on the computer.

Uh.

[emazing]

Since when does this constitute spyware? To my knowledge, spyware sends information to a third party without the user's knowledge.

Re:uhhh...sorta

[filtur]

Its beta toy tools stuff. You know, the kind that says "use at your own risk.

Like windows.......

That was too easy, ignore my post.

Spyware?!

[lunar_legacy]

Spyware has a different definition...

Google, the new Microsoft

[The+Bungi]

FUD, clear and simple. With the usual hysterical Slashbot "OMFG TEH COMPANIE IS TEH SUXXORZ!!1!" byline. It's amazing how once a company starts entering different areas and markets everyone starts whining, crying wolf and feeling threatened.

Windows users have had "home" directories that are inaccesible to anyone except themselves and a domain administrator since NT4 was released. If this Google tool is allowed to index things it's not suppose to index, then that's not Google's fault, and it's certainly not Microsoft's. It's the fault of whomever configured that machine. AFAIK NTFS security has not been comprimised yet.

And the "spyware" tag? Love it. FUD works both ways, doesn't it?

Google Desktop seems useful.

[kngthdn]

I just installed Google Desktop today, but so far I'm pretty impressed. Even though it's still indexing, I haven't noticed any difference in speed.

Google Desktop isn't spyware, because it makes what it is doing clear before you install it. Of course it reads your files; that's how Google works. As long as my data doesn't go back to Google, I couldn't care less.

And actually, if everyone could choose just some of our files to make available publicly, think how much more useful Google would be.

Maybe that's their plan. Get everybody to index their disks, and than offer killer p2p on Google.com.

Does anybody *else* think that would be awesome?

Re:Security Breach? Really?

[Waffle+Iron]

The situation is somewhat similar with the Linux 'updatedb' and 'locate' built-in search facilities. On my box, by default, the scanner runs under the 'nobody' account. However, unless a user takes specific action to change it, their home directory is world-readable by default.

The default file permissions seem to vary by the app that created them. My .mozilla and .kde directories are not world-readable, so the web caches would not get scanned. However, plenty of other files are world-readable by default, along with most documents I create.

This general situation has been around for many years. If you do share a machine, it's probably just a good idea to learn about file permissions in general.

Re: Security Breach? Really? Dreaded "locate"

[einhverfr]

That's still an information leak, and thus a security breach. If a user can see filenames of other user's files, or inspect URL's that other users typed in, then they accessed that other user's private data. Just knowing what files are accessed or what webpages were visited, can be as serious a security breach as any, depending on the context.

If the files don't have appropriate permissions set, what expectation do you have of someone not being able to do this? This is why the question whether the files are protected is important.

In UNIX, I could use "locate" to find out whether a co-worker has cookies from porn sites if the permissions are not set. And what about Windows' "Search for files containing the following text?"

We have a total lack of information.....

Re:Nothing to see

[ciroknight]

Even worse.. Google's FAQ on Multiple Users states that it is not for multiple user systems, so all of this nonsense is perfectly within it's working parameters, and as a beta program, is to be expected. Don't like it? Don't use it. Period.

Not spyware

[Guspaz]

Does it install itself onto your PC without your permission? No.

Does it gather personal information and send it to Google? No.

Does it run secretly in the background, with no way to remove it save an anti-spyware tool? No.

Does it allow you to access anything you couldn't access without it? No.

How is this spyware again? Or even a security threat? As another poster pointed out, this tool doesn't access anything you couldn't access through Explorer.

What's this, is Slashdot helping to spread FUD?!? Say it ain't so!

Who wrote this summary, Fox News?

[Sleepy]

Users of the Google Desktop Search software beware -- it indexes your files across all users on your PC, bypassing user protections.

This is just too misleading to be accidental. Talk about bias.

So dioscaido, you are suggesting Google defeats NTFS users/groups directory permissions and encryption?

No?

Oh.

Yeah, that's what I thought. Completely irresponsible journalism at work folks.

Basically this utility works NO DIFFERENT than "Start-->Search-->Search IN files", except that noobs don't know how to use Search properly, and Google search is "prettier". Oh, and MS's brain dead Search can't peek inside compressed files. Whoopie-do.

If I were more cynical, I'd chalk this fear-mongering up to someone with a lot of Yahoo stock, or someone afraid their wife/husband will find email evidence of an extra-marital affair. By default in Windows, ALL USERS CAN READ EACH OTHER'S FILES.

Nothing to see here, move along..

DISCLAIMER: I own no Google or Yahoo stock.

Re:Security Breach? Really?

[ip_fired]

The problem as I see it is in the startlingly easy way google desktop search makes intrusion possible, sometimes even without the person searching intentionally looking into other user's data. Any keyword I type is an instantaneous hook into the world of the other user who used the pc before me. That is what I find scary.

But that's just it. It's a SEARCH tool. It's supposed to find things that you don't know about. If it didn't, it wouldn't be a very good search tool. This should not be installed on public computers. And, if you are personally are concerned about it, there are products out there that will store all that sensitive information (browser history, email files) on a USB drive that you plug into the public computer before use.

As it is, I don't know how useful it will be to the average /. user. It only indexes files in your Documents directory, it only indexes a handful of files (.doc, .xls, .txt, .html files for example). It has SEVERAL limitations that are annoying. For example: I want it to index my java source code and javadocs for the project I'm working on. However, it refuses to index them.

Also, it doesn't index my Firefox cache or history, nor does it index my Thunderbird mail files.

In other words, nice try Google, but it's not useful to me (yet).

Slanted article

[AbyssLeaper]

I read this article a couple of hours ago, so I did what any self-respecting geek would do: I tried to see if the reporter/bloghead was full of shit or not. If you don't want to read any further, he is.

He used a public machine, presumably using a single logon. The software functioned as expected. It cached, separate from your IE cache, all traffic it was designed to cache. He then was able to search the data that anyone left on the machine. I contend that any douchebag that is dumb enough to send sensitive data from public terminal deserves whatever they get, ignorant or not.

The desktop search stores data in the c:\documents and settings\username\Local Settings\Application Data\Google\Google Desktop Search directory. On any PC that is relatively private, the average user isn't going to be able to search anyone else's data without a little bit of work. I had to actually copy the cache files from another user's profile to my PC in order to read the files. If were sharing a PC, I'd have to have elevate rights and access to the other user's provile in order to see anything of value.

As far as I'm concerned, the reporter that wrote the article doesn't know squat. There's no story here. Well, there is. He should have written abou the dangers of using a public terminal to send personal and/or sensitive data.

Very Powerful Tool

[jkichline]

First let me say this is a very powerful and convenient tool that works as advertised right out of the box. However, I am also upset by how easily this group defends Google and attacks Microsoft. I'm sorry, but if you are creating software you need to keep the users in mind and work with the environment you are given.

I have done a lot of research into how the Google Desktop system works. Here are some things I found...

1. The indexing "agent" (not a windows service) runs as the current user. So, Windows security should block Google from viewing those files.

2. Google installs its own web server on the machine and maps to port 4664. They also do a lot of validation to make sure you can only see this information from the local machine. This appears to be pretty strong.

3. Google stores its cache in the following windows directory: C:\Documents and Settings\username\Local Settings\Application Data\Google\Google Desktop Search -- Leading me to believe that this is user specific. I checked permissions on this other users do not have access to the cache, leading me to believe they would have their own version of the cache.

4. Google seems to abide by the rules of the operating system. Unless they are somehow bypassing Windows security (being google they could reverse engineer anything I guess), this is pretty sound. So it really comes down to the user for setting permissions on their files. Otherwise any old search program could also find those files.

5. Google Desktop search is not spyware. I think the fear is how it integrates your desktop with the Google home page but the truth is no information is sent. At least that's what Google says. However, I looked at the source of what is returned and this is not done using client-side script or an ActiveX object, so I'm not sure how they pull this off. This sort of scares me. For instance, the path to one of my files is seen coming from the their server.

Now, the bad side...

While I was impressed by the lockdown of interface to the local machine, this is easily compromised. In an hour or two I created a VBScript class that could host on the user's machine and use local HTTP to access this data. This means that spyware could be created that allow remote access to the otherwise ironclad cache. This is obviously bad since you could just start searching for passwords and possibly get them.

My suggestion to Google? Add additional settings. For instance, right now the default setting is EVERYWHERE, with some control over WHAT gets indexed. I suggest being able to point the index at specific folders, or be able to not index other folders. This is sort of like shipping a firewall with all ports open. Sure its up to the user to lock it down, but if you don't... bad things happen.

Also, more filetypes would be really good. Especially more code files, etc.

I also think the ability to share your cache could be an option. This would be handy to install on a corporate file server to provide access to files (this is the reason I created the remote access hack)

Of course this may be Google's strategy all along... make the free version do everything and be for personal systems, and then sell a version with more file types, more granular control, sharing etc. Sounds like good bait and switch to me.

So that is all. Very good software, very easy to use. Ships wide open and could breach privacy on beginner level users. Can be used for attack and Google needs to consider this. Overall.. thank you Google!

The only security

[NetBlackOps]

The first rule of system security is that the only security is PHYSICAL security.

What are the flaws here? It's a publicly accessible machine. Anyone can walk up and since it is publicly accessible, can merrily publicly access away. The presence or absence of the Google search tool in and of itself means nothing. In addition, with the tools that I have here, even if you DID have individual accounts I can own that machine, one way or another, in under a minute. It would slow me down some if someone with real Windows knowledge set up the system secuirty, but that is all that would happen, it would slow me down. After all, I do this for a living (systems security consultant). Don't be overjoyed Linux users, if I know your version, I can get you too. I track the vulnerability lists on a daily basis and no one save the truly paranoid (moi, of course) patches THAT quick!

Now, in the context of a personal PC, whose ox is getting gored here? No one. By definition. Note, I said personal PC. My personal PC, fully locked down Win'Server 2003 Ent., or as fully locked down as you can get with Windows (snort), happens to have this beast installed and yes I did pause to read the documentation, EULA, and all the warnings that they posted. This is just another search tool that just happens to use a web server front end so you can search using a browser interface that looks just like Google. Powerful (not Windows Find in my book) search tools have existed for eons in the computing world. This is yet another one and pretty spiffy actually. I was pretty impressed that it found in under a second something that I had been searching for for days, yes even with some pretty powerful search tools. Nice job!

Now, is my system less secure? No, if someone walked up, or happened to break into my system from the outside (about as likely as hell freezing over), then yes, having this available to them is a bit more of a problem but if they get in the door, then they already know where to drill down for personal information. Anything I'm really interested in protecting (under NDA, etc.) is already living on an encrypted HD with a VERY long key. Again, I'm paranoid. For the average user, again, once in somehow the presence of this tool changes nothing.

What is interesting is the potential for abuse in the case of a family or office setting. Be assured that half the problem in knowing where to go in those settings is identifying the interesting places and then you can identify the system security penetration required. This is NOT recommended for use in an office setting, but Google points out that it was not intended for such use anyway and spells it out most eloquently in the EULA as well. You do read the EULA, don't you? I do.

For the home, how much do you want to hide from your parents, spouse, or kids? Having no spouse of kids, I can't say. As for my parents, I'm the one locking down their systems ;-). You need to make that decision yourself but I do admit that most kids can find out what they need to know to penetrate any parents computers VERY easily. I do cruise the script-kiddie boards (often) to see what they are up to and the tools are all there within easy reach (Google search ;-) ).

So that's my two cents. Mere FUD. BTW, what idjit uses a public computer and expects no one to know what they are doing? Apparently a LOT of idjits accordinig to a fellow SysOp elsewhere that happens to have a day job at a large library. If the cops want to catch a lot of kiddie porn and kiddie stalkers, I can tell them right where to go, but they aren't listening (sigh).

NetBlackOps