Linked by David Adams on Wed 14th Sep 2011 14:18 UTC, submitted by Discott
Privacy, Security, Encryption McAfee demonstrated the workings of its new McAfee DeepSAFE technology at the Intel Developer Forum on Tuesday. It sits beyond the operating system and close to the silicon, and by operating beyond the OS, it provides a direct view of system memory and processor activity. Among the threats that it detects are Stuxnet, SpyEye, the TDSS roorkit family and the NTRootkit.
Permalink for comment 489643
To read all comments associated with this story, please click here.
RE[4]: premature negativism
by pgeorgi on Thu 15th Sep 2011 06:20 UTC in reply to "RE[3]: premature negativism"
pgeorgi
Member since:
2010-02-18

and even if you can modify it (due to firmware manufacturer's failure) you'd need different code for every different motherboard. For both of these reasons it's a massive nightmare to use for anything (except its intended purpose).

I guess the intent is to deliver DeepFried (err.. DeepSafe) with the board (remember McAfee is part of Intel now). And SMM code isn't _that_ mainboard specific, either. At least it doesn't have to be.

With coreboot, we split the SMM code into chipset specific, board specific and generic code (though there's few generic code right now).
I guess a "malware scanner" would consist of a large generic chunk with tiny hooks to get it to run on each chipset (with no regard for board specifics)

Reply Parent Score: 2