theweaselking | (no subject)

Quoth Eric Szulczewski:

"Memo to Fingers: Google Desktop Search has been classified as spyware because it leaves your entire system open to intruders who will have zero problem gaining access to all those documents created by or stored in those nice little programs that it interfaces with, like Outlook and Word. Google themselves recommend that you don't install it on any system used by more than one person (and these days that means "hooked up to the Net"). Do NOT install Google Desktop Search, no matter how "cute" you think it is. If you do, you're probably the type of person who loves Bonzi Buddy, and that means that you shouldn't be allowed to breed, or if you have, that your children be executed in front of you prior to your sterilization."

Despite his wonderful way of putting things, Eric is slightly wrong - the problem is that Google breaks user-account protections, meaning anyone in front of your computer can access anything on your computer, regardless of who they're logged in as. This is extremely sub-optimal on, say, a shared work computer, but probably isn't so bad on a secure one-user home PC that isn't used for anything important anyway.

Flat | Top-Level Comments Only

From:

missysedai.livejournal.com

Actually, Eric (and PC Magazine) are a lot wrong. The Desktop Search function is available to the person logged in at installation, and the person holding admin rights - at least in XP. (And really, if you're not the admin, what the hell are you doing storing "private" things on the machine without encrypting the fuck out of them?)

I installed as admin, logged off, logged back in as Guest...no Desktop Search. If you're a hardass about your computer's security, you've got nothing to worry about. If you're a 'tard who forgets to log out upon finishing up whatever and don't utilize different passwords for BIOS, system log-on and screensaver passwords, you need to obtain a small serving of Clue.

ex-cerebrate131.livejournal.com

Details:

http://weblog.arkane-systems.net/cerebrate/archive/2004/10/17/257.aspx

*sigh*

theweaselking.livejournal.com

The problem PCWorld talked about was that GDS indexed, on the public machine, all the pages and emails (and allowed access to the email accounts), of all the people using that public machine previously, none of whom have admin rights.

This seems problematic. While Eric claims it's an internet problem, it's not, and I never said it was. It does, however, seem to cause isues with the mutual privacy of multiple users using one machine - which is not, at all, what you and Alistair are talking about.

It's not if you're a hardass that's the problem, and it's not *incriminating* material, it just seems that multiple users of a shared computer might have access to each other's password-protected information without a password. This is what PCWorld is claiming.

Yeah, but they're wrong.

If your information is password-protected - the proper way, by having multiple users set up on your shared computer - then it can't happen; because GDS stores its index files in the secure per-user space.

If you are storing information in the *same* user account as another user, though, or accessing secure information through a shared account, then your information was mutually accessible by the other sharers *long* before GDS came along. (It may make it easier to find, but that's its job). But if you're doing that, you a) should know better, and b) *deserve* to suck. It's not like we-the-system-administrators haven't been telling the world in general *not* to *ever* do this for, oh, fifteen years or so.

> then it can't happen; because GDS stores its index files in the
> secure per-user space.

But I cannot, using GDS on my account, then retrieve information from other equally secure accounts? Storing the *index* files in the user space means that only the current GDS user can use GDS, but says nothing about what, exactly, GDS can see on the machine

That's what the PCWorld guy is saying, and if you've addressed that concern specifically then I've missed it.

Ah, right, sorry.

On a vanilla Windows XP installation, all user files - including user's web caches, and so forth - are stored in the user's profile, and access to the user's profile is limited to that user, and administrators. So, by default, anyone's GDS will not be able to access anyone else's files to index them, no.

(If they've deliberately opened up their "My Documents" to other users, stored files somewhere else on the system, or routinely have people using administrator accounts, of course, this doesn't apply. But if you do any of those things, your security is already nonexistent whether you use GDS or not.)

Okay, so the "problem" is that information on a *shared account* is easily visible, and administrator accounts can get at everything easily.

I don't have a problem with that - but it's still the kind of thing I'd want to know, were I sharing a computer with, say, my kids.

Not that I have kids, but I'm sure you see my point.

Well, yes.

It's just that it's not a GDS-thing, but a Windows-thing - you've got the same issues whether it's installed or not.

Well, that, and it's the sort of thing that makes me kind of twitchy when my customers, bless their capable little hearts, get all panicy about the issue - mostly because we tell them, and Microsoft put it in the manuals, and yet it still takes everyone by surprise...

zenten.livejournal.com

Ok, so you're saying that if I'm logged in with a guest account, and am able to access google search, I can see private files on someone with an admin account?

Given that most people who run google search don't know what I just said means or how to set things up so it works that way, I think you're right that it's not a big deal.

Ok, so you're saying that if I'm logged in with a guest account, and am able to access google search, I can see private files on someone with an admin account?

Google Desktop Search, which is different from Google Search, and NO, you CAN'T see private files on the machine you're using unless you're the admin on the machine. <*grumble*>

Ok, I ment to say document, I forgot to put that in.

As to the rest, that's basicly saying there is no security hole whatsoever, since you can only see files with it that you can see anyway.

Which makes me wonder what kind of crack the people bashing it are saying.

Even if you *are* the admin of the machine, short of a lot of painstaking screwing around with the system to copy the databases and make them match.

(The search results, that is, not the actual files, which of course you can see.)

wizwom.livejournal.com

I know Eric personally, and he is often more than slightly wrong.

I have seen the future.

And it doesn't make sense.

(no subject)

Navigation

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

Profile