New Google tool for searching computers a privacy risk on shared PCs
By Anick Jesdanun, The Associated Press Oct 18 2004 1:43PM
People who use public or workplace computers for e-mail, instant
messaging and Web searching have a new security risk to worry about:
Google's free new tool that indexes a PC's contents for quickly
locating data.
If it's installed on computers at libraries and Internet cafes, users
could unwittingly allow people who follow them on the PCs, for
example, to see sensitive information in e-mails they've exchanged.
That could mean revealed passwords, conversations with doctors, or
viewed Web pages detailing online purchases.
"It's clearly a very powerful tool for locating information on the
computer," said Richard M. Smith, a privacy and security consultant
in Cambridge, Mass. "On the flip side of things, it's a perfect spy
program."
Google Desktop Search, publicly released Thursday in a "beta" test
phase for computers running the latest Windows operating systems,
automatically records e-mail you read through Outlook, Outlook
Express or the Internet Explorer browser. It also saves copies of Web
pages you view through IE and chat conversations using America Online
Inc.'s instant-messaging software. And it finds Word, Excel and
PowerPoint files stored on the computer.
If you're the computer's only user, the software is helpful "as a
photographic memory of everything you've seen on the computer," said
Marissa Mayer, director of consumer Web products at Google Inc.
The giant index remains on the computer and isn't shared with Google.
The company can't access it remotely even if it gets a subpoena
ordering it to do so, Mayer said.
Where the privacy and security concerns arise is when the computer is
shared.
Type in "hotmail.com" and you'll get copies, or stored caches, of
messages that previous users have seen. Enter an e-mail address and
you can read all the messages sent to and from that address. Type
"password" and get password reminders that were sent back via e-mail.
Acknowledging the concerns, Mayer said managers of shared computers
should think twice about installing the software until Google
develops advanced features like password protection and multi-user
support.
In the meantime, users of shared PCs can look for telltale signs.
A multicolored swirl in the system tray at the lower right corner of
the computer desktop means the software is running. A user can right-
click on that to exit the program -- thereby preventing it from
recording Web surfing, e-mail and chat sessions.
Users can also surf on non-IE browsers like Opera and Mozilla,
although the software may index Web pages already stored before the
software gets installed.
Managers of public access terminals can also install software or deny
users administrative privileges so they can't install unauthorized
programs, such as Google's. In fact, many libraries and cybercafes
already do so.
Herb Jones, owner of Herb's Cyber Cafe in Oblong, Ill., tried out the
desktop search program on his computer and likes it -- but he won't
install it on his two public terminals. In fact, he's written
software to prevent customers from installing programs like it.
"Otherwise, they can put on their own files if they want, a worm, a
virus, anything, and you're shut down," Jones said.
The FedEx Kinko's chain is also taking preventive measures. It's
deploying software designed to automatically refresh its public
access terminals to a virgin state for each new customer. So any
errant software would disappear, as would any personal settings,
files or Web caches, said Maggie Thill, a spokeswoman with FedEx
Kinko's.
But policies do vary, and no precaution is foolproof, warned Carol
Brey-Casiano, president of the American Library Association and
director of public libraries in El Paso, Texas.
"We do our best to protect our patrons and computers and network, but
as you can imagine, thousands of people can use public computers in a
given week," she said.
The new Google tool would not only aid people in spying on past
patrons on public PCs. At home, parents could record their kids'
instant messaging conversations or view a spouse's e-mail. In the
office, employers could index what their workers are up to.
If each user has a separate logon to Windows, Google Desktop Search
will be stymied, however. That's because only one person can install
and use the software on a given computer.
Google's software's power relies on centralizing what's already saved
on computers; most browsers, for instance, have a built-in cache that
keeps copies of Web pages recently visited. The difference is that
Google's index is permanent, though users can delete items
individually. And the software makes all the items easier to find.
Neel Mehta, leader of the X-Force research and development team at
Internet Security Systems Inc., said the threats are real, though
there are plenty of other products available for spying -- ones
better at doing the recording secretly.
"It's not designed to be an illicitous tool," Mehta said of the
Google software. "It's designed to be a search engine."
---
* Origin: [adminz] tech, security, support (192:168/0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:04:04
search: