One of the biggest fears in IT security is that hackers know how to evade current operating systems-based security and can install their poisoned payloads outside the operating system.
McAfee was showing off the workings of its new McAfee DeepSAFE technology at the Intel Developer Forum.
Co-developed with Intel, it allows McAfee to develop hardware-assisted security products which do not need the OS to run.
For a while we have been suggesting that this was the goal of Intel writing a big cheque for McAfee as it can tout its chips as “super secure”.
The press release reads like the opening credits of Torchwood. DeepSafe “sits beyond the operating system and close to the silicon, and by operating beyond the OS” it tells us.
The software provides a direct view of system memory and processor activity, allowing McAfee products to gain an additional vantage point in the computing stack to better protect systems.
It can proactively detect and prevent stealthy advanced persistent threats and malware, or so McAfee claims.
McAfee showed the conference how a system running the technology was able to detect and stop a zero-day Agony rootkit from infecting a system in real time.
DeepSAFE has the advantage over traditional OS security gear. Traditionally software can only detect and remove a rootkit after it has been installed and has a chance to hide or propagate malware.
McAfee DeepSAFE claims to identify, block and remediate in real-time. Among the threats that it detects are Stuxnet, SpyEye, the TDSS rootkit family and the NTRootkit.
McAfee claims the product will be in the shops this year. If it works as well as it says, you can expect cries of protest from other security vendors.
We expect to hear the cry that Intel has committed an anti-trust violation by giving its McAfee subsidiary access to hardware which they don’t have.