Desktop Search Demystified

There's been a lot of talk lately over new desktop search tools and the risk they pose to the enterprise. The worry is that while these nifty little apps—such as Google Desktop Search and a host of other similar programs—can help you find that long-lost e-mail or proposal draft you've been searching for, they can also reveal data you might not want discovered, such as confidential memos or personal files. The search engine will locally cache content viewed by a PC, which can be accessed by another user of the same PC, or even by Internet hackers who gain electronic access to the PC. Because of this, some analysts warn companies to restrict these programs from being installed, especially if the computers are shared among different employees.

But the security threat is not caused by the search tools themselves—which have been downloaded by the thousands, often under the radar of the CIO. In fact, desktop search tools do not cause any security vulnerabilities whatsoever, says security expert Bruce Schneier, founder and CTO of Counterpane Internet Security Inc. Rather, "They tell you about vulnerabilities you already have," he says. "Desktop search programs don't magically make files findable. All they're doing is searching, which is exactly what they're supposed to do."