Linked by David Adams on Wed 14th Sep 2011 14:18 UTC, submitted by Discott
Privacy, Security, Encryption McAfee demonstrated the workings of its new McAfee DeepSAFE technology at the Intel Developer Forum on Tuesday. It sits beyond the operating system and close to the silicon, and by operating beyond the OS, it provides a direct view of system memory and processor activity. Among the threats that it detects are Stuxnet, SpyEye, the TDSS roorkit family and the NTRootkit.
Thread beginning with comment 489643
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: premature negativism
by pgeorgi on Thu 15th Sep 2011 06:20 UTC in reply to "RE[3]: premature negativism"
pgeorgi
Member since:
2010-02-18

and even if you can modify it (due to firmware manufacturer's failure) you'd need different code for every different motherboard. For both of these reasons it's a massive nightmare to use for anything (except its intended purpose).

I guess the intent is to deliver DeepFried (err.. DeepSafe) with the board (remember McAfee is part of Intel now). And SMM code isn't _that_ mainboard specific, either. At least it doesn't have to be.

With coreboot, we split the SMM code into chipset specific, board specific and generic code (though there's few generic code right now).
I guess a "malware scanner" would consist of a large generic chunk with tiny hooks to get it to run on each chipset (with no regard for board specifics)

Reply Parent Score: 2

RE[5]: premature negativism
by Alfman on Thu 15th Sep 2011 07:58 in reply to "RE[4]: premature negativism"
Alfman Member since:
2011-01-28

pgeorgi,


I've always had an itch to toy with the bios code, but never had the courage to do it and risk my motherboard. Writing bootloaders is in my expertise, and I know the bios is within reach, but as I don't have source code for my bios I have no starting point. I've researched the OSS bios projects, but I never knew if they'd be compatible.

My interest wouldn't lie in initializing the hardware myself, but rather continuing where the bios leaves off (and before the bios chains off to the bootloader). I already have a small static distro which helps remotely manage the primary OS on the PC. This way, if the primary OS gets corrupted, I need only reboot the PC and the minidistro can automatically redeploy the main OS.

This works, however I've always wished that this remote access distro existed in the bios instead of being a circumventable bootloader.

Reply Parent Score: 2