|
U-M Recommended Security Settings for Google Desktop
Google Desktop, free software provided by Google, can make information on your computer vulnerable to theft. U-M's Information Technology Security Services (ITSS) Office and ITCS recommend that people who store sensitive University information on their computers not install Google Desktop and that users who do install it use the security settings described in this document.
Table of Contents
What Is Google Desktop?
Google Desktop is a search application that lets you search all the material on your computer, as well as information on the web and more. It can only be installed on computers running Windows XP or Windows 2000 with Service Pack 3+.
If your e-mail is stored on your computer, Google Desktop can search it, as well as your conversations in AOL Instant Messenger, your music files, and more.
For complete information about Google Desktop, see the Google Desktop web site.
Who Should Not Install Google Desktop
If you meet any of these criteria, you should not install Google Desktop on your computer:
- Your computer contains or processes sensitive University data (as defined in U-M Standard Practice Guide 601.12).
IMPORTANT! We strongly recommend Google Desktop not be deployed on workstations that process sensitive or human subjects research data. This could be a violation of privacy laws and University policies, specifically, HIPAA, FERPA, GLBA, and SPG 601.12.
- You use your computer to access e-mail from a provider outside the University. (This is because Google must "open" each message to index it, and if a message contains a virus, it may be activated by this.)
- You do not keep up with all operating system, anti-virus software, and security updates.
- You use an instant messaging service that is not provided by the University.
In general, we recommend that you not install Google Desktop
unless you have a strong need for it. If you do install it, we recommend that you use the settings desribed in this document to reduce the security risk.
IMPORTANT! Before installing Google Desktop yourself, check with your departmental computer support staff. If your computer is departmentally managed, your support staff may prefer to install a preconfigured version of Google Desktop for you—or a different search solution.
Setting Your Preferences
If you do install Google Desktop on your computer, please read Google's Privacy Policy and make the settings described below. Note that the screen shots in this document were made using Google Desktop 4.2006.306.1208-en.
During Installation/Setup
- During installation of Google Desktop, your web browser will open this page. Make sure the Search Gmail and my other computers using my Google Account is not checked.
- Scroll down that page to the bottom, then click Set Preferences and Continue.
- At the Enable Advanced Features window, we recommend that you click the Disable Advanced Features button. This is the most secure setting. If you have a strong need to enable Advanced Features, please read Google's Privacy Policy first so you understand the ramifications of this choice.
- Indexing will then begin. You can close your web browser if you wish. Next, you will need to make a preference change from within Google Desktop.
After Installation/Setup
- In the upper right corner of your desktop, pull down Google Desktop's Options menu and select Preferences.
- Your web browser will open a Preferences window. In that Preferences window, click the Display tab.
- Scroll down to the bottom of the window. Uncheck the Google Integration checkbox, then click the Save Preferences button.
- You will see confirmation that your changes have been saved. You can close your web browser if you wish.
Additional Resources
Download and read the Information Technology Security Services (ITSS) white paper, Security Considerations of Google Desktop (192 KB PDF file).
Visit ITCS's
Information System to obtain ITCS computer documentation
and other resources.
Visit the ITSS web site for information technology security information.
We welcome your comments; please send e-mail.
ITCS's Online Help Desk provides a variety of computing help resources.
Appendix: Tips for System Administrators
General Settings Recommended
In summary, here are the things you need to do to reduce (but not eliminate) the security and privacy risks.
- Disable searching across computers.
- Disable Google integration.
- Disable network drive indexing.
- Disable indexing of secure web pages.
- Disable indexing of instant messages.
The Google integration feature essentially ties the confidentiality of your local data to the security of an external web site (google.com). This is an unacceptable security risk, which is why we recommend disabling this feature. We recommend disabling indexing of network drives, secure web pages, and instant messages to further reduce your exposure to security/privacy breaches.
WARNING! Opening web pages, e-mail messages, applications, or documents that contain scripts (malware in particular) could result in changes to your Google Desktop settings. You may want to check the settings from time to time to ensure that they are still set the way you want them to be.
Regarding Managed Windows Environments
Google Desktop should not be deployed
- As part of a standard build that is available to all users. (Only those who really need it should have it on their machines.)
- On workstations that process or store sensitive data.
- In Terminal Server environments. (The improperly ACL'd global system objects represent a significant threat.)
- On workstations that do not follow common security best practices such as automatic operating system and anti-virus updates.
If you must make Google Desktop available to users, we recommend you use the enterprise version. You can then enforce the recommended settings for all users with the Group Policy feature.
If you install Google Desktop centrally for your users, be prepared to shut it down if an exploit is discovered for which no patch is available. We expect such exploits will be discovered from time to time, and you will need to be aware of and prepared for this.
|