Google Desktop Search: Safe Digging?

Google, the company that’s making its stockholders rich helping you find things on the Web, now wants to help you find things on your hard drive. Great idea, right? Not so fast, say some security experts, who warn that the new program comes with significant privacy and security risks.

The program, called Google Desktop Search and currently available in a beta version, can scour a user’s hard drive for files, index them and make them available via a Web interface. The program can index the full text of Microsoft Office files, AOL IM chat sessions, cached Web pages and Outlook and Outlook Express e-mail files. It can also index images, PDF files and some media files. Like many new programs, however, Google Desktop is not for everyone, though. The program will only work on Windows 2000 or Windows XP machines.

At its best, Google Desktop Search will allow users to efficiently sift through gigabytes of data and organize it without using a folder/file system. The searching experience would be much like the Google Web searching experience that users have come to know and love for its thoroughness and its ease of use.

At its worst, the program is a powerful and insidious snooping tool. In fact, just days after announcing the launch of Google Desktop, the company released a patch to prevent owners of websites from viewing searches of local hard drives.

And according to an article in PC World (a sister company to CXO media), Google Desktop Search was able to retrieve expired Web pages, such as online banking transactions. That may be meaningless if you’re using the program from your home computer, where no one else but you has access, but it’s a different story entirely for those sharing a computer at a library or Internet café.

A careless employee who walks away from his desk for a minute without locking down his computer could expose critical company data to asnooping crook looking for a quick hit.

Google has built in several security measures. For instance, certain searches can be turned off, such as those for secure Web pages (Web-based e-mail, financial transactions and so on). Also, the beta version can only be installed by one Windows user profile. So if another person logs onto the same computer with a different user profile, that person will not have access or be able to install Google Desktop Search. Still, some critics say the security falls short of secure. They would like Google to add password protection or encryption for cached files. And even those who praise the product warn users to be careful which websites they view, or what kind of information they are indexing with the tool.

Because this is just the beta release, Google has plenty of time to refine its product and add more security and privacy options. In fact, it may need to do so if the program, like IM and Web-based mail before it, hopes to move from the home to the office. What do you think? Does Google Desktop Search have any useful place in the enterprise? Or is it too great of a security risk?