Linked by David Adams on Wed 14th Sep 2011 14:18 UTC, submitted by Discott
Privacy, Security, Encryption McAfee demonstrated the workings of its new McAfee DeepSAFE technology at the Intel Developer Forum on Tuesday. It sits beyond the operating system and close to the silicon, and by operating beyond the OS, it provides a direct view of system memory and processor activity. Among the threats that it detects are Stuxnet, SpyEye, the TDSS roorkit family and the NTRootkit.
Thread beginning with comment 489565
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: premature negativism
by Soulbender on Wed 14th Sep 2011 19:29 UTC in reply to "premature negativism"
Soulbender
Member since:
2005-08-18

This strikes me as a whole new aspect of operating systems theory and implementation.


Only if you never have heard about virtualization and hypervisors before.

Reply Parent Score: 4

RE[2]: premature negativism
by helf on Wed 14th Sep 2011 23:36 in reply to "RE: premature negativism"
helf Member since:
2005-07-06

Yeah. This doesn't seem like anything particularly new or really even that interesting. I refuse to have anything by McAfee or Nortons on my machines much less under the OS like that.

Reply Parent Score: 2

RE[2]: premature negativism
by Alfman on Thu 15th Sep 2011 03:25 in reply to "RE: premature negativism"
Alfman Member since:
2011-01-28

Soulbender,

"Only if you never have heard about virtualization and hypervisors before."

Of course virtualization is not new, but I wonder if it's using virtualization at all. It could be implemented using SMM (system management mode), which was available since the pentium era. SMM is not typically available to normal operating systems, only the bios.

Examples of it's use is putting the system to sleep and handling some special laptop buttons. SMM enables the bios to handle these without any consideration of OS compatibility.

As I have no idea what McAfee Deepsafe actually does this is pure speculation. My first thought was virtualization also.

Edited 2011-09-15 03:26 UTC

Reply Parent Score: 3

RE[3]: premature negativism
by Brendan on Thu 15th Sep 2011 04:05 in reply to "RE[2]: premature negativism"
Brendan Member since:
2005-11-16

Hi,

Virtualization isn't new, but normally when virtualization is used for security it's used as a sandbox (e.g. to protect the host from the guest). What is new is using virtualization to protect a guest from itself.

It could be implemented using SMM (system management mode), which was available since the pentium era. SMM is not typically available to normal operating systems, only the bios.


I can almost guarantee "DeepSAFE" isn't using SMM. SMM is hidden in a special area of RAM (often underneath the legacy video display area) and then locked via. the chipset to prevent access; and even if you can modify it (due to firmware manufacturer's failure) you'd need different code for every different motherboard. For both of these reasons it's a massive nightmare to use for anything (except its intended purpose).

- Brendan

Reply Parent Score: 3