February 20, 2006 9:50 AM PST

Google admits Desktop security risk

By Tom Espiner
Staff Writer, CNET News

Related Stories

More worries about Google Desktop 3

 February 15, 2006

Google Desktop 3 criticized

 February 10, 2006

Google updates desktop search tools

 February 8, 2006
Businesses have been warned by research company Gartner that the latest Google Desktop Beta has an "unacceptable security risk," and Google agrees.

On Feb. 9, Google unveiled Google Desktop 3, a free, downloadable program that includes an option to let users search across multiple computers for files. To do that, the application automatically stores copies of files, for up to a month, on Google servers. From there, copies are transferred to the user's other computers for archiving. The data is encrypted in transmission and while stored on Google servers.

The risk to enterprises, according to Gartner, lies in how this shared information is pooled by Google. The data is transferred to a remote server, where it is stored and can then be shared between users for up to 30 days.

Gartner said in a report on Thursday that the "mere transport (of data) outside the enterprise will represent an unacceptable security risk to many enterprises," as intellectual property could be transported out of the business.

Google told ZDNet UK on Monday that it recognized the risk, and recommended that companies take action. "We recognize that this is a big issue for enterprise. Yes, it's a risk, and we understand that businesses may be concerned," said Andy Ku, European marketing manager for Google.

Google confirmed to ZDNet UK that data was temporarily transported outside of businesses when the Search Across Computers feature was used, and that this represented "as much of a security risk as e-mail does."

"Theoretically any intellectual property can be transferred outside of a company," Ku said. "We understand that there are a lot of security concerns about the Search Across Computers feature, but Google won't hold information unless the user or enterprise opts in (to the feature)."

Google said that security was the concern of individual businesses. "The burden falls on enterprises to look after security issues," Ku said. "Companies can disable the Search Across Computers facility."

Gartner said that sensitive documents may be inadvertently shared by workers, who may not have specialist knowledge of regulatory or security restrictions.

Google said it was unable to comment on the risks posed when individuals share sensitive information. "Some users may, and some users may not be able to," said Ku, adding that companies should follow their own policies.

"At the end of the day, each company should make its own decision. If they are uncomfortable, they shouldn't enable the feature," Ku said. "It's about what a company deems to be best corporate policy."

Gartner has recommended that businesses use Google Desktop for Enterprise, as this allows systems administrators to centrally turn off the Search Across Computers feature, which it said should be "immediately disabled."

Companies "must also evaluate what they are allowing to be indexed, and whether they are comfortable that they can adequately bar the sharing of data with Google's servers," said Gartner.

Google agreed that Google Desktop Enterprise would better mitigate security risks. "If you're given a choice, choose Enterprise," said Ku.

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
security risk, Google Desktop, Gartner Inc., Google Inc., enterprise

Add a Comment (Log in or register) 22 comments (Showing first 20 comments)
Stupid author
by February 20, 2006 12:05 PM PST
Get your facts straight.
"To do that, the application automatically stores copies of files, for up to a month, on Google servers."
You have to turn this feature on purpose. It's off by default. And no duh it's a security risk. You transfer any data outside your network there's ALWAYS going to be a possibility that someone else could see it.
Honestly, this article is so pointless that I'm amazed anyone took the time to write it.
It's the new "cool thing" to bash Google.
Do it when they deserve it. Not just when you feel like it.

- James
Reply to this comment View all 2 replies
Where is the security risk???
by n3td3v February 20, 2006 12:25 PM PST
Where is the security risk outside of the design spec for the product?
Reply to this comment View all 2 replies
A Little Late
by KsprayDad February 20, 2006 12:47 PM PST
This story should have accompanied the original release...at this point its pointless...

IT managers already know about it and common slobs don't need to worry since it isn't invoked on download.

Non story.

Oh...

There is this great MAC site you should visit...

http://maxxuss.hotbox.ru/
Reply to this comment
Re: Where's the risk...
by FutureGuy February 20, 2006 3:34 PM PST
...if I understand this correctly the said feature when enabled causes the software to send files outside of the enterprise, which would be most unacceptable for most enterprises. Unless there is a red flashing warning next to that feature stating that this is going to happen users are not going to know the consequence. Its like having a button "Free up space" next to a drive which would format it, the way the software was designed to do, is it a bug? no, can one blame the user to be totally stupid no, is it bad design yes.
Reply to this comment
How is it is any less of a risk for the home user?
by ssway February 20, 2006 5:13 PM PST
Sure companies have to protect their intellectual property and what not, but how is this any less of a security risk for the home user? Home users don't want their personal files leaving their PC and going to google's servers. I sure as h3ll don't want my bank statements, etc going to google's servers. This is where Google has crossed the fine line they have been dancing on for the last few years.

I'm starting to get a rather bitter taste in my mouth at the mention of Google. Moving forward the public must be wary and vocal about Google. If we just sit back and let them, they will walk in and take our privacy.
Reply to this comment View reply
Just another alternative
by Nitez February 20, 2006 5:46 PM PST
MP3 players, portable hard drives, palmtops, laptops, email,... you name them! It's not like google invented the concept of transferring data from one computer to another. Other companies (forgive me for not remembering their names) have already provided these "30 days Upload-Download" services for a very long time. On the other hand, network administrators have their own responsibility in setting policies on what users can and cannot do, and apply those policies. One of the previous notes indicated that this option is switched off by defeault. Finally, I couldn't agree more on the fact that it is becomming a trend to criticize Google's good work. If this is an issue, talk to all manufacturers of portable devices and e-mail sevices. They would be equally liable for the "risk" of letting data out of companies' network. I guess they would all agree, as google did, that their is a risk indeed ...
Reply to this comment
Security issue is real
by J.G. February 20, 2006 8:02 PM PST
Portable devices are not comparable. The problem with this
application is that it allows data to be compromised via the
Internet, which is easy to do. A person has to go to quite a bit of
trouble to smuggle computer data out of a business via a portable
device if the business is being run properly. The advice that
businesses not use Google Desktop 3 is good.
Reply to this comment View reply
Article
by mess483 February 21, 2006 3:43 AM PST
I agree with the entire article.
http://www.referat-de.com/referate/Griechisch/1/Griechisch1.php
Reply to this comment
The difference
by hawkeyeaz1 February 21, 2006 8:06 AM PST
The difference is the security risk is not
imposed, but optional for those who choose it.
Google provides people options so they can
decide what they want.

Certain other companies (whom I shall not
mention) try to force customers to 'choose'
their offerings, regardless of what the customer
wants. Thus, the security risks, which are
usually more significant are unavoidable.
And now they want to be able to say what the
customer can and can't do on said software, and
send data about every file to someone other than
the customer. Isn't that a larger security risk?
Yet, they are not giving customers any choice.
DRM. It's a bigger problem.
Reply to this comment View reply
There are great network GDS alternatives
by john.murray February 21, 2006 11:14 AM PST
Use GDS ver1 with DNKA and TweakGDS resulting in a server based network search environment. No software on client machines:

http://dnka.com
http://desktop.google.com/plugins/tweakgds.html
Reply to this comment
Uploading ANYTHING to a 3rd party is a risk
by BKHerbert February 21, 2006 12:10 PM PST
Given the fact that the Bushies feel they have the right to snoop-without-subpoena, go on fishing-expeditions without oversight, and hack into anything they feel like, I keep wondering how companies like Google think that people will entrust their data to a company that will obviously roll over at the first sign of a request for information? Forget the concept of "security of data"... This is about "nothing is safe from the prying eyes of the Feds."

And before anyone regurgitates the tired argument about "If you have nothing to hide, then what's the problem?", I don't have anything to hide...I'm just tired of rolling over while the the Constitutional protections of the Bill of Rights is shredded in the name of "We're protecting you for your own good."
Reply to this comment
Who's fault is this?
by Seaspray0 February 22, 2006 8:31 AM PST
What? A security flaw and nobody is blaming microsoft? The silence is so.... refreshing.

But what did I expect. Ever time it's someone else's security flaw, the MS haters club clamps shut like they were discussing hunting rifles at an animal rights rally.
Reply to this comment
 See all 22 Comments >>
Powered by Jive Software
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right

  • News - Business Tech

    Chrome's JavaScript challenge to Silverlight

    The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.

  • Gallery

    Photos: Top 10 reviews of the week

    Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.

  • News - Apple

    Apple watchers spot 'iPod Nano' pix, iTunes hints

    The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.

  • Coop's Corner

    Chris Shipley 1, Internet lynch mob 0

    Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • News - Digital Media

    Creating a 'Facebook for spies'

    The CIA, FBI, and National Security Agency are reportedly testing a social-networking site designed for use by analysts within the 16 U.S. intelligence agencies.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • Crossfade

    The Standard, 'A Different Skin': Free MP3 of the Day

    Eschewing the danceable beats favored by many of its post-punk brethren, while opting instead for more ominous and insistent rhythms, is what makes the Standard visceral and engaging. Download a free MP3 of "A Different Skin" courtesy of CNET Download Mus

  • Green Tech

    Duke Energy to invest in mini solar power plants

    Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.

News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET