January 19, 2017

Intel and McAfee Unveil DeepSAFE

(LiveHacking.Com) – As part of the Intel Developer Forum in San Francisco, Intel and McAfee have unveiled DeepSAFE, a new technology that is sandwiched between the OS and the CPU allowing anti-malware programs to gain an additional vantage point in the computing stack to better protect systems.

With DeepSAFE, McAfee and Intel are working to combine the power of hardware and software to create more sophisticated ways to prevent attacks. The new technology was demonstrated on stage. A system running the DeepSAFE technology was able to detect and stop a zero-day (i.e. a previously unknown) rootkit called Agony from infecting a system in real time. This technology is expected to launch in products later in 2011.

Todd Gebhart, co-president of McAfee said:

“This is a tremendous shift for McAfee and one of the biggest innovations in the security industry’s history. McAfee DeepSAFE uses hardware features already in the Intel processors to provide security beyond the OS. From this unique vantage point, DeepSAFE can apply new techniques to deliver a whole new generation of protection in real time to prevent malicious activity and not just detect infections.”

YGN Ethical Hacker Group Claims McAfee Web Site Has Cross-Site Scripting Vulnerabilities

The YGN Ethical Hacker Group (YEHG), a small group of ethical hackers from Myanmar, has posted details of cross-site scripting (XSS) vulnerabilities it has found on McAfee.com. As a group of ethical hackers they first informed McAfee of these problems nearly six weeks ago on February 10th 2011. However, since McAfee had not fully resolved the issues, they felt compelled to expose the problems to the public on the full disclosure mailing list.

These revelations are quite embarrassing to Intel, who paid $7.7 billion for the company in August 2010, as McAfee offers a service called McAfee Secure which certifies that sites are free from just these kinds of vulnerabilities.

YEHG has found three types of problem on the McAfee web site.

  1. XSS vulnerabilities. Cross site scripting can allow attackers to inject client-side script into web pages viewed by other users.
  2. Internal hostname disclosure.
  3. Source code disclosure.

Since the revelation, it seems that McAfee has started to remedy the problems as all the source code disclosure URLs given by YEHG have been fixed.

Intel Developing New Hardware to Stop Zero-day Attacks

Intel have dropped a few hints about what it calls game changing ideas about defending PCs, smartphones and tablets against malware. Talking to Computerworld Justin Rattner, Intel’s chief technology officer, says that the new, radically different, technology will be hardware based (with a possible software component) and won’t use signatures.

“I think we have some real breakthrough ideas about changing the game in terms of malware,” Rattner said. “We’re going to see a quantum jump in the ability of future devices, be them PCs or phones or tablets or smart TVs, to defend themselves against attacks.”

Traditional anti-malware depends on signatures and if a particular attack hasn’t been previously seen and studied, the anti-malware software is blind to it. But Rattner says that Intel has found a new approach that will even stop zero-day exploits (meaning vulnerabilities that are unknown with the ‘zero’ referring to the number of days that the software or OS developers have known about the problem).

Clearly if Intel’s new ideas are effective against malware and zero-day exploits than this will be a great leap forward in security and will give Intel a good competitive edge over AMD and ARM. If you have to choose between a Windows PC that has hardware protection against malware and one that doesn’t, I guess consumers will go for the Intel chip. The distinction might not be so clear cut for smartphones or tablets due to the relatively small amount of malware which targets those platforms.