Intel bought McAfee so it could bring antivirus and intrusion detection closer to the chip, and with DeepSafe – a technology that CEO Paul Otellini previewed at Intel Developer Forum in San Francisco this week – the company will be making good on that promise. DeepSafe will put some of the antivirus code underneath the operating …
Here we go again
If virtualisation was the answer, malware would have been killed off when PC operating systems started using protected mode to confine apps within user space. Experimentally, this does not appear to have been the case.
Expect a new generation of "virtual rootkit" to appear in a year or so's time.
That will be fun
A vector that (if they don't design it correctly) could allow the rootkit to be undetectable to all OS's installed later, on supposedly bare metal. Now who would benefit from that, crooks, spys, OS vendors with few scruples.
Could we be on the brink of one of the most momentous shot self in foot moments, in IT history? Opps let me correct that, shoot end user.
Ohhh now I get it.
... Here we go again
They don't get it ... unless they get "lower than the BIOS" and STAY THAT WAY they are just wasting time.
no macho DeepSafe ... Its Two orphans to get rid of ... MeeGo and $7.7-bn McAfee
This is no macho DeepSafe Mumbo Jumbo
Its Two orphans to get rid of ... MeeGo and $7.7-bn McAfee
When people were just not getting out of narrow thinking that McAfee was for intel cpus. I kept shouting that McAfee was for MeeGo cuz most viruses are x86 native, Android though x86 comaptible is running only on intel-TV x86 hardware. so MeeGo if ran on x86-Atom smartphones.. x86-viruses will bleed it like a slaughtered pig. Now intel has two products to get rid of ... MeeGo and $7.7-bn McAfee. This DeepSafe Mumbo Jumbo is to keep ppl's attention away... and btw how will this macho hardwired DeepSafe will keep pace to identify ever new arriving threats/definitions !?!
Embed DeepSafe within KVM ?
1 - How in this world ?
2 - What for ?
Sorry for you, Intel guys, but there is a limit on what you can do with those damn herbs.
> "DeepSafe will be the foundation of a number of different enterprise security products that the McAfee unit will roll out"
I may be missing a point here, but at first glance does it seem that to get maximum benefit from the DeepSafe protection, a user would need to run the McAfee security / AV / whatever / software, thereby excluding other AV vendors?
McAfee bloatware would infect my machine from the firmware up, not merely from Windows registry on up.
I suppose I'll be learning all about EFI scripting and programming and runlevels.
Not that I *want* to.
I cannot understand why Intel would give a damn about this kind of security - Intel makes processors... other people (mebbe that Blue Pill lady) can come up with better virt sol'ns than spamming McAfee into the firmware.
"1,200 new rootkits per day"
I think that's rooted machines
Not new rootkits.
Although, technically a BIOS is a rootkit, isnt' it?
I thought the same. Perhaps they meant to say 1200 new rootkit infections per day.
BIOS is pretty hard to program . (U)EFI however is programmable in C using widely available docs and static link libraries. So Intel sees a way to save us from it's processors, which (U)EFI legs are spread wide, inviting penetration.
I worked on DEC Alpha boxes once. They had a 'BIOS' with capabilities exceeding (U)EFI. But not just anyone could slip into the (U)EFI, it was held in some protection.
If I can go into the BIOS or (U)EFI and enable or disable this, than I guess I don't mind. But really... you know... whatever.
...now my next Intel CPU is going to start 'shaking me down' for $60 a year in 'protection money'.
How about non-Windows users? Will this adversely affect our systems (Speed, stability.....)
Did you take the red or blue pill ?
But how will this magic software know it's not already running atop a compromised machine, and is in fact on the bare metal as the first 'visor in the stack ? And why wont the same 'force self to the bottom' technique work for malware ?
QubesOS has a much better approach...
This has potential
Intel just want to sell more new chips.
But this does give users a hope to better security, only if done right. If they manage to keep the hypervisor tiny it will be much more difficult to attack. Just as it would be more difficult to find vulnerability in a Hello World program comparing to Flash.
Some related researches if you are interested.
- http://www.eecs.umich.edu/virtual/papers/king06.pdf: first idea of crafting virtualized rootkit
- http://en.wikipedia.org/wiki/Blue_Pill_(malware): implementation of the idea
- http://sourceforge.net/projects/mavmm/: tiny VMM to remain hidden to malware running above