Intel: rootkits have met their match
Published: 14 Dec 2005 17:10 GMT
Word that Intel is taking on rootkits came as a surprise to some last week. But researchers at the chip giant have been working on security technologies for several years.
What's more, Intel's labs aren't just looking to protect computers against rootkits, Travis Schluessler, a security architect at the chipmaker, told ZDNet UK's sister site CNET News.com. The company hopes it can also help stave off the more familiar threat of worms and viruses.
The surprise may partly be because Intel is primarily a hardware company. Security for PCs and servers has traditionally been provided by software, sold by companies such as Symantec, McAfee, Trend Micro and a slew of smaller players.
But traditional security providers have trouble keeping up with increasingly sophisticated threats. Rootkits — propelled into the mainstream by the Sony BMG copy-restriction debacle — is one example of a threat that many security software vendors are grappling with.
Intel is working on a combination of hardware and software to help protect computers, Schluessler said. He and other researchers in the chipmaker's Communications Technology Lab have devised a way to stifle sophisticated attacks by monitoring the operating system and critical applications run on a computer.
Right now the project, named System Integrity Services, is very much in development. Schluessler describes how the hardware-based approach works and how it could help keep pests off home PCs.
Q: What made Intel get involved?
A: Well, the PC faces
quite a few interesting threats. One of the things that Intel has been
looking at evolving into is this model we call "platformisation". This
is really an ability to make the components of the system into more
than the sum of their parts. We're working on this technology we call
"System Integrity Services", which is an example of this
platformisation.
Why do you believe Intel can help fight worms, viruses and rootkits?
A lot of the problems that worms and viruses are exploiting today are
problems in the memory of programs — a lot of attackers will go and
exploit vulnerabilities in memory.
One of the limitations of security software running on the CPU is that as soon as an attacker gains root-level privileges, such as via rootkit, then that level of privilege gives them the ability to compromise any software running on that system. What Intel can provide is platform hardware and firmware that is much more difficult to compromise, because it is separated from the primary OS and CPU.
You mention the problem that rootkits specifically pose, and I
guess that goes beyond the threat that worms and viruses pose to a
system?
Yes and no. The problem space is somewhat similar. Rootkits, in today's
vernacular, tend to describe payloads that are trying to hide...
For more, click here...
Previous
Did you find this article useful?
196 out of 348 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
