....."and in the long run to push security down below the operating system kernel, where it belongs."
Right. Single point of failure and a security monoculture is an absolutely spiffing idea, isn't it?
Chip maker and now software player Intel tried on Tuesday to explain the finer points of its $7.7bn acquisition of security software maker McAfee, which closed at the end of February after jumping some European Commission regulatory hurdles. In a conference call with Wall Street analysts, Renée James, an Intel senior vice …
"Intel should have bought something that can actually detect viruses."
McAfee detects and hobbles Windows, doesn't it?
I seriously hope Intel means well and makes an open API to their on-chip AV links, so the likes of Avast, NOD32, et al, can take advantage of this hardware acceleration (or at least lower-than-kernel hooks). It would make AMD processors less desirable in the workplace. If Intel pulls a 666 and embeds a VM micro-McAfee filter that nannies your kernel (be it Windows, Linux, or Mac), it will be the day that regardless of the performance boost of Intel CPUs, I'll be buying AMD 100%. Why hobble your hardware when you tend not to pick up virii anyway? Reminds me of the scare days of putting DRM in your HDD controllers....and your CPU, and northbridge, and southbridge, and.... well you get the idea.
"What's more, Chipzilla has gained access to valuable intellectual property." .... Ah yes, the prime product spin-off in the Great Gaming of the Great Game, Crazy Ideas which Work Sublimely to EMPower SMART PC Project Engineers and AEIOU Non-State Actors with Programs which Virtual Machines and Cloud Crowd Command and Control of CHAOS and Havok are able to present with the SMARTer Enabling Development of Future Reality Scapes for Replacement Presents/Manufactured Realities with Myriad Derivative Options for Seamless Placement in Media and Live Operational Virtual Environments with ITs Virtual Remote Control of the Universal Intellectual Property Space ....... and CyberIntelAIgent Terrain with XSSXXXXStreams Teamed with Novel Energy and Quantum Control of the Virtual Operating System.
And if that is not what Intel is all about, then do they have a) another swift and chaotic mega purchase to make and/or b) competitive viable opposition with overwhelming stealth advantage and/or c) hostile and alien take-over market conditions for havoc in chaos situations. And that is not to suggest that Havok is a CHAOS** mole and SMARTer Great Anonymous Game Trojan, although in Worlds where Nothing is Impossible, is it always Possible, and whenever Possible and Advantageous, is it ever more likely in IT to be Probable and a Definite Fact rather than a Dubious Fiction.
*Astute Entities Invisibly Operating Universally
** Clouds Hosting Advanced Operating Systems
Of course, what is to say that such a fruity, spicy source is not a fine sauce developed for HP and the Orient and hardware marketplaces too.
I never wanted McAfee products on a PC even if you paid me to run them, and now Intel's going to cram them into the silicon anyway. Woohoo for progress, now a little bit of every intel chip I pay for goes towards this acquisition. On a positive note, maybe the day will come where they shut down McAfee's software development so we don't have systems with both on it. Hardly seems likely though, now it'll be in the driver pack.
Sounds like a good reason for Intel's embedded competitors to start sticking "ARM inside" stickers on every piece of kit they sell. I honestly can't see how the McAfee that every Windows admin has learned to hate has anything to teach Intel about embedded security.
I have noticed Kaspersky 2011 have already put svchost.exe of Windows to stock ignore list. It is kinda funny to see it end up there because it acts like a virus itself, messing up real antiviruses (not mcafee) heuristic ai code.
Of course they must have coded a seperate module to watch it.
One gotta wonder how many millions of lines had to be written because windows internals act pretty much like a virus.
Space is at a *premium* on chip layouts, how the hell's that going to work?
"Today, Intel introduced their new Core Duo + McAfee security chip... Coming in a 42,924 pin package on a chip the size of a medium lasagne, it represents a new triumph(*) for wafer-scale integration. A spokesman for Intel today denied that 98% of the die was in fact occupied by 'empty, vacuous-but-pretty-looking bloat'".
(*) - In the Lewis Page sense of the word.
While pushing the anti-virus below the OS layer might sound like an awesome idea on paper, it's going to give malware authors a fixed height bar they need to jump.
As it stands, trying to hide malware from a single, or a few anti-virus packages is feasible but not all anti-virus products work the same way so the malware does get found. Each anti-virus package has it's own bar height the malware authors need to jump in order to hide from detection.
If you go putting the detection engine into silicon, the speed that the detection takes place will be blistering and when the silicon is released the malware won't have anywhere to hide, but with the ingenuity and ability of some of these malware authors it will be a matter of weeks before new malware will start coming out that is able to hide from the hardware detection engine.
Once the malware is able to hide from the onboard detection, it becomes useless until you release updated silicon and ship new mainboards, which for customers is expensive and annoying but for intel and the mainboard manufacturers is a profitable affair!
While that is true, you will already have paid a premium to the mainboard manufacturer for the inclusion of the anti-virus silicon, which is really more money down the drain, not only in licensing of the silicon, but power consumption to run not only the useless silicon anti-virus but the additional CPU load of the secondary AV.
To me, it's all a waste of money, current AV methods are pretty effective if you keep on top of the updates and use safe browsing habits.
So what happens when it's database needs updating? Flash it to the chip? or have the chip look for a (Hopefully) encrypted file somewhere on a drive or flash chip in the machine?
And how fast will this get cracked and used to introduce viruses and malware that completely bypasses whatever OS, EFI or bios the machine is running?
> McAfee has an installed base of over 300 million endpoints, and has amassed 500 patents as it built its products and the systems that keep its security products in step with malware.
How about designing computers that don't ever run malware. Keeping an ever growing whitelist of malware is bound to fail.
> Wind River has 200 OEM partners, and they crank out about a billion new devices a year. That's a lot of McAfee licenses ..
All serious av companies (e.g. Not mcafee) with white list scheme includes de-listing in their products via definition updates.
I really suspect anything rather than file integrity is white listed in case of adobe flash plugin. I am sure of other companies but not using mcafee products since 1998 where it failed to detect its own cih infected exe.
"Chip maker and now software player Intel tried on Tuesday to explain the finer points of its $7.7bn acquisition of security software maker McAfee, which closed at the end of February after jumping some European Commission regulatory hurdles."
Of course, such seemingly incompatible technological marriages [a chip maker and dodgy malware pimping crack security software house .... a chalk and cheese amalgam] have got nothing to do with the "Keeping the Share Markets and Stock Traders Alive and Ticking in a Collapsing Ponzi Capitalist Great Game", is it. Oh no, most definitely not . The arranged marriage makes perfect sense and is a fab union made in heaven.
I'm confused. Intel slipped security into silicon when they produced the 286 (at Microsoft's behest). I'm not aware of any holes in the resulting 4-ring model, despite about 3 decades of time to find them. (Hmm, KISS anyone?)
Is this a case of some senior exec not knowing the first thing about his company's own products?
I'm even more confused. McCrappy's product relies on being internet connected to update an open-ended database of signatures. You can't bake "open-ended" into hardware, and certainly not on the "hundreds of megabytes" scale used by this particular brand.
So is this also a case of that senior exec not knowing the first thing about his acquisition's products either?
They could ask why Thunderbyte (TBAV) moved to software giving up dedicated card back in 90s. Operating systems, especially windows post vista are amazingly complex or we would never have to update av software at first place.
They spent billions for Trusted computing where even most lame mainboard maker disables in bios defaults. This will be another feature disabled by default or, another "clean registry" tip among pc newbie sites.
If MS wasn't greedy and coded an antivirus API instead, just like defrag API?
Perhaps few remember the "LOADALL" hole in the 286 security model, which I believe _was_ exploited.
And the unfortunate hole (between segments and pages) that was plugged most recently by the "NX bit", although if things had gone all Multics-like (as the 286 clearly intended) rather than all Windows/POSIX-like that hole would not have been there.
Not that I disagree with the basic argument that security in hardware should be more simple, not less. The complexity is where the faults hide.