Google Desktop: Next Big Thing or Dangerous Tool?

The new Google Desktop offers some pretty spiffy stuff you can play with.Here’s the question, though… is this a good thing, or a very bad thing?

For instance, the Google Desktop has the Photo Slideshow that willdisplay photos from your hard drive, the websites you visit and RSS feedsyou may be subscribed to. This should do wonders for keeping employeesfrom inappropriate sites during work hours. Or, it will do wonders forthe bottom line when an employee is inadvertently exposed toinappropriate content.

What about the cool new ability to download sidebar plugins. These arelittle third-party applets that will do any number of things, such ascompute currency excahnge rates, along with acting as a thesaurus anddictionary. Who in your orgnization will vet those executables to makesure they are doing what they say they do, and not anything else, likesending password and account data back to the mothership. Now, not onlyhave they scooped some subset of data you aren’t even aware of, it’spossible they have the username and password to your employee’s Gmailaccount which provides access to the Google Desktop.

You see, the Google Desktop is being touted as the next revolution ininformation sharing in the workplace. Unfortunately, it seems it’s alsothe next revolution in, well, information sharing, if you know what Imean.

What does it mean, for example, when it says ”index and cache alldocuments on your system”? The object is to allow you to search throughthem to find any specific piece of information you might be looking for.Here is Google’s definition, quoted from the Desktop webpage:

Google Desktop can index the following types of items on yourComputer:

  • Email (Gmail, Outlook (Express), Netscape, Thunderbird andMozilla);
  • Chats from Google Talk, AIM, and MSN Messenger;
  • Word, Excel, Powerpoint, PDF, images, audio and video;
  • Calendar appointments, contacts, tasks, notes, journal;
  • Zipfiles including content;
  • Text and other files;
  • Password-protected Office documents, and
  • Secure web pages (HTTPS)
  • By default. You can disable the indexing and search features for wholecategories. But it doesn’t appear that you can disable by file folder.What user is going to be dilligent in their setup to ensure the rightcategories get de-selected?

    The allure of this product is the ease with which you can retrieveinformation. Turning off indexing and searching of Word, Excel, or emaildoesn’t make a lot of sense if you want to utilize the strengths of theapplication. But where are you most likely to store your senstive data?Probably in Word, Excel and email documents.

    If you turn off indexing, anything you use afterward isn’t indexed, buteverything you’ve indexed before remains in the cache available to besearched.

    It gets better.

    You know that email you wrote to your boss, explaining in great detailwhat a moron he is and how you have half a mind to just quit and collectunemployment? Yes, you saved it, thought better about it and then deletedit. But it has been indexed and cached, and you can bring up that cachedcopy, or worse, your boss can. All documents that have been indexed andcached provide a revision history. This could be a good thing, but itcould most definitely be a very bad thing. You can delete your cache, butwill you remember to do it?

    Disabling indexing by file folder would save a lot of aggravation. Buthuman nature says most users keep mutliple copies in multiple locationsbecause they can never find it when they need it. Or, they received emailcontaining documents which now reside in some attachment directorysomewhere no one ever thinks about.

    So there’s this little matter of indexing, caching and searching and withV3 the great innovation is to allow Searching Across Computers. Thismeans you can find all that incriminating data from over the Internet. Ofcourse, you have to be in possession of the Google account username andpassword. Oh, unless you happen to be using the Enterprise version, inwhich case, all your collaborative workers can share all of your darkestelectronic secrets. From your illicit AIM chats to the salacious picturesyou might download.

    Search Across Computers ”temporarily” stores your files on a Googleserver in order to provide them to your other computers should the sourcesystem be offline or powered off. How long is ”temporary” if they neverknow when your machine is going to be offline?

    This may seem like no big deal, until you consider the amount ofsensitive material that gets passed around your company on a daily basis.

    HR is sending employment, medical data, and payroll information tocolleagues and employees. Employees are sharing important company datawith other groups within the company and consultants outside the company.Nothing makes more sense than to have this data freely available to allinvolved parties, until you realize you’re making it easier for peopleother than the ones you intended to have access to it, as well.

    A hacker in Italy has posted a webpagedescribing a way to utilize the Google Desktop to exploit vulnerabilitiesin IE to phish user data via malicious webpages. This is not news, andanyone who uses IE as the default corporate browser (because it’s easyand it’s delivered with the operating system) needs to have their headexamined. The hacker has updated his webpage to indicate that the holehas been plugged, but the question remains how long will it be beforeanother vulnerability in IE is exploited through the Google Desktop?

    I’m not saying the Google Desktop is a bad thing to use. I am saying thatif you plan to use it in the corporate environment, you need tothoroughly investigate the best method for configuring and maintaining itto protect your most valuable resources.

    Don’t be afraid to say that the rewards are not worth the risks and don’tbe afraid to bring that message to your employees, either. Enforcing agood business decision involves the buy-in of employees, and when youbring a decision of this nature to them with the facts of how it willprotect them, their identity and privacy, as well as business assets,they’ll be more willing to listen.

    However, unless you operate a draconian workstation software policy, youwill have rogue installations to worry about.

    If you plan to use it in a personal setting, don’t forget to weigh allthe risks of letting anyone who has access to your system, have access toall your documents, pictures and email.

    Top Products

    Related articles