Desktop search: a new platform for malware scanning?

Andy Payne WholeSecurity, Inc.
Oliver Schmelzle WholeSecurity, Inc.

Desktop search is quickly becoming a core operating system component. Local search engines provide a holistic view of all files, email and other resources on a given desktop machine.

Combined with extensibility APIs these search engines could provide a powerful development platform for endpoint security products. For example, both Google Desktop Search and Apple's Spotlight technology in OS X can be extended through a public API. Using these APIs, executable files could be scanned for malicious signatures. Email inboxes could be searched for patterns related to spam and automatically filtered.

We discuss the details of desktop search engines that have APIs and compare their capabilities as platforms for malware scanning. We also present a prototype of an application that leverages a desktop search engine to perform scans of media that could contain malicious content. We compare this to traditional malware scanning approaches. Finally, we summarise our experience with the prototype and its feasibility for real-world products.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.