How dangerous is Google Desktop?

[Math Is Hard]

This makes me nervous. Some of our users might download this program and unwittingly put confidential documents in a potentially vulnerable position. Anyone else got concerns about this?
I'd really like to hear your opinions. Thanks.

http://www.eweek.com/article2/0,1895,1925064,00.asp

A high-profile privacy watchdog group has a terse warning for business and consumers: Do not use the new version of Google Desktop.

The nonprofit Electronic Frontier Foundation said a new feature added to Google Desktop on Feb. 9 is a serious privacy and security risk because of the way a user's data is stored on Google's servers.

The new "Share Across Computers" feature stores Web browsing history, Microsoft Office documents, PDF and text files on Google's servers to allow a user to run remote searches from multiple computers, but, according to the EFF, this presents a lucrative target to malicious hackers.

 

[Anttech]

Intresting, as with the older version, just disable the options you do not want.
In a corporate enviroment, users should not be using applications that are not in compliance with your corporate standards. As long as you are admining your desktops correctly users won't be able to install applications (dont give them admin rights!).

 

[PerennialII]

In a corporate enviroment, users should not be using applications that are not in compliance with your corporate standards. As long as you are admining your desktops correctly users won't be able to install applications (dont give them admin rights!).

... at times it's so difficult and time consuming to stay ahead of corp admins & work around various policies (lucky am in a non-profit non-confidential branch though).

 

[Anttech]

... at times it's so difficult and time consuming to stay ahead of corp admins & work around various policies (lucky am in a non-profit non-confidential branch though).

heh... No need to qualify your statement

 

[Math Is Hard]

We are currently managing about 400 users in Active Directory. The way it is set up now is that we add them to a group to allow them to be able to install applications (but I don't have a good understanding of the policies behind this). We have to do this for practically every new user because we have proprietary applications that everyone needs to install, and then occasionally they need to install upgrades to these apps. I am curious if there is a way in AD to prohibit installation of particular applications like Google Desktop, without taking away all their installation rights. Right now, I think the solution being talked about is to communicate to everyone that they should not install Google Desktop, and to periodically scan the machines to see if anyone has it.

 

[dduardo]

I got the solution: Tell the employee's that they'll get canned if you find out they installed Google Desktop.

 

[Anttech]

We are currently managing about 400 users in Active Directory. The way it is set up now is that we add them to a group to allow them to be able to install applications (but I don't have a good understanding of the policies behind this). We have to do this for practically every new user because we have proprietary applications that everyone needs to install, and then occasionally they need to install upgrades to these apps. I am curious if there is a way in AD to prohibit installation of particular applications like Google Desktop, without taking away all their installation rights. Right now, I think the solution being talked about is to communicate to everyone that they should not install Google Desktop, and to periodically scan the machines to see if anyone has it.

I fail to see any reason why you would need to allow users to install applications. In the AD you can publish or assign software. You can also "run as" on a local desktop. We use Altiris on top of AD to deploy software. The Altiris agent runs as a service on the local desktop. It allows us to install software via scripts and files shares to any desktop, without the problem of giving endusers admin rights.

XP is supposed to be a "Multiuser" OS so people should use it like one, you will find a lot less security risks if you do

 

[Math Is Hard]

Thanks for your feedback, Anttech. Now you've got me really curious why we don't manage users' applications this way. It seems like it would be easy enough to push updates to our applications and deploy any new applications remotely. I will have to ask our IT gurus.

This is my first experience working in an organization where the users are not all software developers and database managers. I have always worked for small development companies prior to this, so there was not a lot of need for restriction. Everyone was pretty savvy. In my current situation, we have many more users who are prone to install the fun toolbars and screensavers, etc. that come loaded with spyware and adware junk and occasionally, viruses. It can be a burden when we have to clean this stuff out, and occasionally reformat machines entirely.

 

[Math Is Hard]

I got the solution: Tell the employee's that they'll get canned if you find out they installed Google Desktop.

It hasn't gotten quite that drastic yet, but our director did send an email out to the organization asking everyone not to install Google Desktop until IT staff has had a chance to investigate some more.