ZDNet UK / News and Analysis / Workspace IT / Desktop Hardware

Intel: rootkits have met their match

By Joris Evers, CNET News, 14 December, 2005 17:10

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

virus protection, rootkits, Worms, Security, Intel

...themselves from users. One of the problem spaces that our System Integrity Services is good at is detecting changes to protected programs or detecting when a protected program is stopped by something like a virus, worm or rootkit.

Can you describe in a nutshell what kind of technology Intel is working on? Is this hardware or software?
We're working on this technology we call System Integrity Services, which is a platform technology that is based on both hardware and firmware. We would add some hardware to the platform to provide an isolated execution environment, where we can run some firmware that is not tied to the host operating system and CPU.

This allows us to raise the bar as far as to what an attacker would need to do in order to compromise that isolated execution environment.

Where do you envision this technology being used?
It can be used in PCs, both at home and in the office — anywhere where we would want to detect the infiltration of a payload that a worm or a virus could carry. It would have value there.

This is very much complementary to the existing software solutions, like antivirus software. This technology is focused on detecting problems that we would not necessarily have an antivirus signature for. We can also use this technology to protect our security agents — like antivirus software or a firewall — from being shut down by these attackers.

This technology — you mentioned it includes hardware and firmware, which is software — would it need anything else to run, like a client on the desktop?
No. It really needs just cooperation from the programs that we want to protect.

What does that mean?
We'd need to make sure that the contents of the programs as they run in memory do not get changed.

In order to do that, we have to know what the initial good state of the program is. [It's] similar in concept to what driver signatures do. We need to make sure that the program, in its good state, is what is actually loaded into memory and that it stays that way.

Security threats like rootkits, viruses and worms seem to get more sophisticated by the week. Can your technology protect against future threats, or will it need some kind of an updating mechanism?
This is exactly one of the things we've designed this technology to do — to detect problems that we don't know about yet, what we call in the industry day-zero worms and viruses. Those worms and viruses that come out, and we don't know what they look like.

This technology is simply looking for changes to protected programs. It could be any kind of change — any kind of worm payload or virus payload or rootkit. As long as it changes one of those protected...

For more, click here...

Related stories

Intel parades self-defending hardware

Intel to start New Year with new chip

Apple bucks a falling PC trend in UK and France

Apple takes top PC spot from HP

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

bordero

ike fuelband is great for every healthminded person ! to work out! theres this website called textme4free.com that you can use to text anywhere in...

6 hours ago by bordero on Nike's FuelBand wristband gamifies exercise
BrownieBoy

> I'm told it's somewhat annoying when people have their Macs stolen > and Apple stores treat the thief as the owner, but there you go. Ouch,...

8 hours ago by BrownieBoy on AMD Ultrathins to challenge Intel Ultrabooks
Moley

@kevinmchapman. OK, I acknowledge that 'most' was a gratuitous throwaway comment as an afterthought and too presumptuous. As to proof, as you...

12 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
Jack Schofield

@BrownieBoy > Works really well for thieves.... >> Nice attempt to deflect the argument by tossing in a point that's totally >> irrelevant, even...

14 hours ago by Jack Schofield on AMD Ultrathins to challenge Intel Ultrabooks
raskolnikof

fantastic that the so called piracy bills have been withdrawn. however, these anti-democracy supporters are still in the shadows so lets be alert...

14 hours ago by raskolnikof on SOPA, Protect IP support wavers in face of online protest
Tony Douglas

Please God no; teach them anything you like - thinking rationally, the uses and misuses of data, what data is and what it's not - but leave the...

17 hours ago by Tony Douglas via Facebook on Kids are the future. Teach ’em to code.
BrownieBoy

@Jack, > Works really well for thieves.... Nice attempt to deflect the argument by tossing in a point that's totally irrelevant, even it were...

1 day ago by BrownieBoy on AMD Ultrathins to challenge Intel Ultrabooks
bootlegger

Make that 13 people now - I got refused today at Manchester airport. I thought I was up to date on this legislation - I knew of the EU ruling from...

1 day ago by bootlegger on UK airport body scans will not be opt out
tinycg

Don't forget to check out apps like GoodReader or SlideShark either, they're indispensible for people on the go in presentation situations. Best...

2 days ago by tinycg on Four top iPad apps for people on the move
TerryRK

Well it seems there is something a number of us agree on. Why is the Ubuntu Unity launcher so ugly? I thought perhaps it was something to do with...

2 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
Freebies202

Duplicate comments are not made intentionally. Its very good to know that now you are keeping check on this problem because sometimes a commenter...

2 days ago by Freebies202 on Microsoft fixes blog comments, speeds up blogs with open source
kevinmchapman

"the very significant number of users" and "many (most) of us" - you have no evidence for these statements. It is a fact that most users are saying...

2 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
Marg Menzies Harrison

Another grammar faux pas is the improper use of "you". When sitting down down in a restaurant, for example, I get cringe when the waitress...

3 days ago by Marg Menzies Harrison via Facebook on 10 flagrant grammar mistakes that make you look stupid
zdnetukuser

And NOW, folks, for Canonical's next trick... Kubuntu is late. Here's a pencil. Draw your own conclusions. cf.:...

3 days ago by zdnetukuser on Linux Minterface
Moley

@kevinmchapman. The discussion here reflects the very significant number of users who really do like the traditional menu system and who wish to...

3 days ago by Moley on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

Er, no... It is an efficient means of finding the application/file/setting you need in one place. The icons are a simply a fallback for when you...

3 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

Isn't the provision of a text based search an admission by the developers that the mass of icons approach does not work? I don't need to use a...

3 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

"Unity and GNOME 3 both abandon the old text-based cascading menus in favour of a graphical icon-driven system." Point truly missed. Both use a...

3 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

whs001 - Thank you, I'm glad you liked the article. I absolutely agree with you on your first point. I should perhaps have made it clearer that...

3 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
Dennis Nilsson

If we allow corporate interest to dictate the way our government circumvents due process against foreign entities then we should accept the same...

3 days ago by Dennis Nilsson via Facebook on ACTA stumbles in Germany

Latest in Desktop Hardware

Apple bucks a falling PC trend in UK and France

Apple takes top PC spot from HP

Featured white papers

10 must-read silicon.com Cheat Sheets

silicon.com

10 must-read silicon.com Cheat Sheets

This exclusive e-book covers 10 of the most important issues facing business and technology professionals today, from cloud computing to... Read more

Graphene: A guide to the future from ZDNet UK

ZDNet UK

Graphene: A guide to the future from ZDNet UK

What is graphene? How is graphene made? And why isn't a graphite pencil worth thousands of pounds? Explore this strange material with ZDNet UK's guide to... Read more

Tech breakthroughs to watch in 2012

ZDNet UK

Tech breakthroughs to watch in 2012

From invisibility cloaks to virtual atom smashing, from Cern to Nasa, this ZDNet UK guide presents the discoveries to watch in... Read more

Inside ZDNet UK

HP Slate 2

HP Slate 2

Getting to the enterprise with WOA

Getting to the enterprise with WOA

How to handle data replication

How to handle data replication

Ten flawed products that derail productivity

Ten flawed products that derail productivity

NASA video shows dark side of the moon

NASA video shows dark side of the moon

HTC Explorer: First Take

HTC Explorer: First Take

How fast is your broadband?

How fast is your broadband?