Feeds

Desktop search and malware: friend or foe?

Double-edged sword

Top 5 reasons to deploy VMware with Tegile

Anti-virus experts are experimenting with desktop search as a way of scanning for viral code. Both Google Search and Apple's Spotlight technology come with programming hooks (APIs) that allow their functions to be extended. Using these APIs, executable files might be scanned for malicious signatures.

Andy Payne and Oliver Oliver Schmelzle of security firm WholeSecurity have developed a prototype malware scanner based on Google Desktop Search. In a presentation at last week's Virus Bulletin conference in Dublin, the duo demonstrated the prototype. Admittedly, this is more of an experiment into what's possible than a serious product development project: a lack of full file indexing and kernel system access makes the approach impractical at present.

Conventional anti-virus scanning tools are much more thorough and faster. But as desktop search becomes a core operating system component the potential to use it for security applications increases. Payne said desktop search could be applied to other applications such as searching email inboxes for spam and filtering it automatically. It is unclear if this approach would prove any better than email plug-ins such as SpamBayes - this was beyond the scope of WholeSecurity's research - but it is an interesting idea. As desktop search becomes more pervasive it could be applied to more security functions such as auditing and compliance tools or within anti-phishing technology.

Desktop search also carries potential security risks. Search events might be used to trigger adware pop-ups or virus writers might create malicious indexer plug-ins, making it easier to harvest data from compromised machines, Payne warned. Sidebar user interface interference might also possible, as least theoretically. "Malware could be created that infects as it indexes. What's good for finding might be good for infecting too," he said.

The two sides of desktop search mirror the use of Google queries by both penetration testers and hackers to search for security holes in online systems. Google hacking, as it has become known, has been around for at least two years or more and security researchers are now beginning to grapple with the same sorts of issues on the desktop. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.