Andy Payne WholeSecurity, Inc.
Oliver Schmelzle WholeSecurity, Inc.
Desktop search is quickly becoming a core operating system component. Local search engines provide a holistic view of all files, email and other resources on a given desktop machine.
Combined with extensibility APIs these search engines could provide a powerful development platform for endpoint security products. For example, both Google Desktop Search and Apple's Spotlight technology in OS X can be extended through a public API. Using these APIs, executable files could be scanned for malicious signatures. Email inboxes could be searched for patterns related to spam and automatically filtered.
We discuss the details of desktop search engines that have APIs and compare their capabilities as platforms for malware scanning. We also present a prototype of an application that leverages a desktop search engine to perform scans of media that could contain malicious content. We compare this to traditional malware scanning approaches. Finally, we summarise our experience with the prototype and its feasibility for real-world products.
