New PC search tool poses security risks

People who use public or workplace computers for eMail, instant messaging, and web searching have a new privacy risk to worry about: Google’s free new tool that indexes a PC’s contents for quickly locating data.

If it’s installed on computers at schools, libraries, and internet cafes, for example, users could unwittingly allow people who follow them on the PCs to see sensitive information in eMail messages they’ve exchanged. That could mean revealed passwords, conversations with parents about sensitive student information, or viewed web pages detailing online purchases.

“It’s clearly a very powerful tool for locating information on the computer,” said Richard M. Smith, a privacy and security consultant in Cambridge, Mass. “On the flip side of things, it’s a perfect spy program.”

Google Desktop Search, publicly released Oct. 14 in a “beta” test phase for computers running the latest Windows operating systems, automatically records eMail you read through Outlook, Outlook Express, or the Internet Explorer (IE) browser. It also saves copies of web pages you view through IE and chat conversations using America Online Inc.’s instant-messaging software. And it finds Word, Excel, and PowerPoint files stored on the computer. (For more on this free new search tool, see related story.)

If you’re the computer’s only user, the software is helpful “as a photographic memory of everything you’ve seen on the computer,” said Marissa Mayer, director of consumer web products at Google Inc.

The giant index remains on the computer and isn’t shared with Google. The company can’t access it remotely even if it gets a subpoena ordering it to do so, Mayer said.

Google invades
computers with
new search function

Google Inc. has become the first tech heavyweight to tackle the daunting task of uncluttering computers, introducing a program that quickly scours hard drives for documents, eMail messages, instant messages, and past web searches. The desktop invasion heralds a momentous step into a crucial realm–the challenge of managing the information glut that has accumulated during the past decade, as society becomes more tethered to increasingly powerful computers….

  • Where the privacy and security concerns arise is when the computer is shared.

    Type in “” and you’ll get copies, or stored caches, of messages that previous users have seen. Enter an eMail address and you can read all the messages sent to and from that address. Type “password” and get password reminders that were sent back via eMail.

    Acknowledging the concerns, Mayer said managers of shared computers should think twice about installing the software until Google develops advanced features like password protection and multi-user support.

    In the meantime, users of shared PCs can look for telltale signs.

    A multicolored swirl in the system tray at the lower right corner of the computer desktop means the software is running. A user can right-click on that to exit the program–thereby preventing it from recording web surfing, eMail, and chat sessions.

    Users also can surf on non-IE browsers like Opera and Mozilla, although the software might index web pages already stored before it gets installed.

    Managers of public-access terminals can install software or deny users administrative privileges so they can’t install unauthorized programs, such as Google’s. In fact, many schools, libraries, and cybercafes already do so.

    Herb Jones, owner of Herb’s Cyber Cafe in Oblong, Ill., tried out the desktop search program on his computer and likes it–but he won’t install it on his two public terminals. In fact, he’s written software to prevent customers from installing programs like it.

    The FedEx Kinko’s chain is also taking preventive measures. It’s deploying software designed to refresh its public-access terminals to a virgin state for each new customer automatically. So any errant software would disappear, as would any personal settings, files, or web caches, said Maggie Thill, a spokeswoman with FedEx Kinko’s.

    But policies do vary, and no precaution is foolproof, warned Carol Brey-Casiano, president of the American Library Association and director of public libraries in El Paso, Texas. “We do our best to protect our patrons and computers and network, but as you can imagine, thousands of people can use public computers in a given week,” she said.

    The new Google tool would not only aid people in spying on past patrons on public PCs. At home, users could record their kids’ instant-messaging conversations or view a spouse’s eMail. In the office, employers could index what their workers are up to.

    If each user has a separate logon to Windows, Google Desktop Search will be stymied, however. That’s because only one person can install and use the software on a given computer.

    The power of Google’s software relies on centralizing what’s already saved on computers; most browsers, for instance, have a built-in cache that keeps copies of web pages recently visited. The difference is that Google’s index is permanent, though users can delete items individually. And the software makes all the items easier to find.

    The software can also betray users, said Annalee Newitz, policy analyst at the Electronic Frontier Foundation. Delete an eMail message or file, yet a copy remains on Google’s index.

    Neel Mehta, leader of the X-Force research and development team at Internet Security Systems Inc., said the threats are real, though there are plenty of other products available for spying–ones better at doing the recording secretly.

    “It’s not designed to be an [illicit] tool,” Mehta said of the Google software. “It’s designed to be a search engine.”

    Related Story:

    Google invades computers with new search function


    Google Desktop Search

    Want to share a great resource? Let us know at