I've heard the same from a couple multinationals
I never took a good look at the data stream going to Google but I'm guessing it cannot be all that secure. I have always dictated what should be on a machine for my users and have always denied the Google desktop from being utilized. In my mind I just couldn't justify having a tool, made by a company that makes almost all their money off of knowing what text is on a page, run on a business machine.
Shame on any IT head that would let this or anything like it get installed.
There's no evidence here that Google Desktop Search is a security risk. If your computer contains unencrypted sensitive data, that's a security risk by itself.
If you run an IT department, then yes, you should know everything that's running on the machines and what it does, and yes, you should think carefully about letting users run Desktop Search.
Of course it's a security threat. It updates itself - which means that the code can change in an instant - and it's purpose is to organise YOUR data.
However - in a connected world... answering the doorbell is a securuty threat...
This should be identified as an Data Security issue in this particular instance with respect to HIPAA.
From the article:
"In order to share your indexed files between your computers, we securely transmit this content to Google Desktop servers located at Google."
"It would allow our users who have Google Desktop and Gmail accounts to share data across the Google servers and wherever else they happened to log into a computer - and that could include data protected under the Health Insurance Portability and Accountability Act."
That could potentially get you fired if you're tasked with ensuring HIPAA compliance.
I have recently(with in 10 days) purchased 2 laptops and a desktop from Dell. Systems come standard preinstalled with a lot of Junk, not just Google Desktop.
My first Action before turning the system ON and before its plugged in to the main network is to NUKE the OS - Take out and Format Hardrive. Then install Fresh OS from the disk that contains all the Updates and Patches. Gives me a piece of ming Every time.
But this is for the person who has a clue. What About the Miranda next Door, and her network?
This is an example of how software vendors make your operating system insecure.
This has always been the catch 22 for microsoft versus Apple OSX.
MS is insecure because the platform allows third party development which creates insecurity by definition.
We all have given in to Google anyway - why not send them your credit card by Google Checkout that may as well just fast track it and get it done (only joking)
Connecting to the internet is crackers now - whatever happened to listening to music or reading books? (again, only joking)
And to the guy that formats a Dell PC after purchase - why not just purchase a cheap white label PC for half the price without the OS installed? Is that not like buying a microwave meal and then cooking a nice rack of lamb and then roasting a few potatoes to put with it? (not joking)
I neglected to say that......
Don't get a flipping gmail account, google adword account, google adsense account in the same name if you are worried about security.
Forget the law - the purpose of this is to link your whole life together.
Do you really need to share all this if you use Google Adwords or Adsense and don't want everything tracked?
Or, a better way to say it - don't get everything from one provider. In "real life" that is a bad idea so why can't that be so in Google world.... I mean the Internet....
|My first Action before turning the system ON and before its plugged in to the main network is to NUKE the OS |
That typically nukes your warranty though.
|There's no evidence here that Google Desktop Search is a security risk. |
You have to be kidding me. Of course it's a security risk, same as Skype, etc.
No it doesn't, where did you get that from?
|That typically nukes your warranty though. |
Even if it did you can always reinstall from the recovery CD, and they would be none the wiser. (just don't plug it into your network afterwards...;0) )
|No it doesn't, where did you get that from? |
It does with HP.
i used to work for a small biotech company (not IT but research) and before we had security policies, i installed google desktop. i was pretty shocked to find out it had indexed research data from network drives on my local drive. so if my laptop had gotten stolen, it would have been the same as network drives being stolen. not quite the NOC list, but still pretty important stuff to us. im sure my manager would have loved that.
---why not just purchase a cheap white label PC---
RELIABLE HARDWARE IS NOT CHEAP, I dont have time running to the Harware store to get a Network Card if it Fails, and the Waranty Still not NUKED. That is not the point anyway..
I always always always wipe the drive of any new computer. Install my own software and never rely on what comes standard from dell or anyone else. Who knows what types of potential security risks there are with random software bits and who knows what types of data could be collected. Just haveing a tiny bit of spyware on machines available to the general public would be a goldmine for marketing peeps.