Solved

Are there commercial chips on the market which protect against malware?

Posted on 2006-07-09
11
381 Views
Last Modified: 2010-08-05
Hi Everyone:

       A friend of mine within the computer industry mentioned that Intel has designed a processor or chip which has built-in instructions to protect the pc against malware.  It does this by placing the malware within a non-executable area of RAM.  I believe most computers availabe on the market do not have such a processor, thus, malware getting placed into executable areas of RAM and being transferred to folders, files, and the registry.  The company name which is suppose to have such a chip is Intel and I believe the name of the chip is Vive.

       This is an interesting technological shift because malware has and continues to be handled through software intervention (e.g. SpyBot Search & Destroy, HiJack This, AdAware, McAfee Anti-Virus).  Now, as I understand it, we are starting to see hardware protection against malware coming upon the scene.

        With these points in mind, I am interested in reading any thoughts from experts on EE regarding this exciting possiblity.  While there may be a chip which does protection, there will probably need to be a special motherboard to support it.

        In any case, I look forward to reading everyone's insights into this matter.

       Thank you

       George
0
Comment
Question by:GMartin
11 Comments
 
LVL 70

Accepted Solution

by:
garycase earned 250 total points
ID: 17070374
Hi George,

I think your friend has confused the Data Execution Prevention features of many Intel chips with the new Intel Viiv specification, which is an Intel initiative to improve the multimedia capabilities of computers.   Viiv systems have to use specified Intel chipsets, CPU's, and certain other technologies.

Data Execution Prevention (DEP) is an existing capability of many CPU's that, if enabled (the Operating System can control it) will prevent the execution of instructions from within the data areas of a process.   As you may know, it is a good programming practice to keep your code separate from your data;  but in the past many programmers would write "self-modifying" code.   So the code and data would be mixed -- which allowed some "tight" code, but made modification and maintenance difficult.   If DEP is enabled, nothing can be executed from within the data area -- which enforces good programming practice; and also eliminates one very common method of getting malware and virus code into a system (by disguising it as data; and later employing one of several tricks to get it to execute).   DEP, along with properly controlled privilege levels (which OS's can employ to not allow untrusted programs to directly access hardware control registers and I/O devices -- otherwise an untrusted program could, for example, turn off DEP and then execute code from a data page), can allow OS's to become much more secure.

Both Intel and AMD support Data Execution Prevention.  On Intel chips, be sure they have the Execute Disable bit (XD) feature;  on AMD chips, you need the no-execute page-protection (NX) feature.   There's a good discussion of this here:  http://support.microsoft.com/kb/875352

The Viiv initiative is very well described here:  http://www.pcpro.co.uk/features/82952/intel-viiv-technology/page1.html

One other thing Intel is doing that WILL provide better malware protection is adding hardware support, known as VT-x,  for virtualization (technologies such as Virtual Server, Virtual PC, and VMWare).   Virtualized systems can be MUCH better protected from malware, as they are totally isolated from the "real" environment of the machine.  I've used Virtual PC for a couple of years to maintain a "browsing machine" that I can use to safely browse the internet without endangering my "real" machine -- it's "on" this same computer, but it's effectively its own machine ==> if it got "hit" with a nasty virus or malware it would have NO impact on this computer;  I could simply delete the file that represents the virtual hard drive; and restore it from an earlier copy -- 2 minutes work !!   The VT-x technolgies will allow these virtualized machines to run much faster, as it will allow much of the virtualization to be done in hardware.   This MAY be what your friend was referring to.
0
 
LVL 91

Assisted Solution

by:nobus
nobus earned 50 total points
ID: 17070894
Hi George :
The reborn card says it does :

www.lenten.com/
0
 
LVL 47

Assisted Solution

by:dbrunton
dbrunton earned 50 total points
ID: 17071010
And

http://www.hddguarder.com/

What this card does is to give you the ability to roll the machine back to a previous date/state.  However doing that wipes everything else out that was created after the date/state.  It is possible to update the machine and then reset the rollback date/state if you want to.

However if you use something like this save the data on an external drive.
0
 
LVL 70

Expert Comment

by:garycase
ID: 17072889
The Reborn card, HDDGuarder, etc. all provide a means of restoring to a previous state by maintaining an image of that state.   This isn't providing real-time protection against malware;  it's simply providing an easy way to recovery to a previous malware-free state.   The same thing you can easily do by maintaining up-to-date images, etc.
0
 
LVL 7

Assisted Solution

by:computerfixins
computerfixins earned 50 total points
ID: 17076161
Well the idea of hardware geting smarter kind of scares me.  Driving away from the hardware being a "hardware level" objects and blurring the lines bewtreen software/hardware is never a good thing.  

Take the cable box for example....

The propritary hardware operating systems is a scary glimpse of the future.  All sorts of nasties surpirses can lurk in the hardware if we open this "box".  
 
Things like, needing 15 license along with 30 activation numbers just to boot your computer.

DRM on hardware devices... (already seeing this on mp3players)

Serial / mac id registration.

Hardware Copyright protection (anyone who has been un-lucky enoungh to buy a starforce protected game)

My fear is that the computer will become a leased thing in which your not allowed to tinker, modifiy or build, install, etc.  Everything will come pre-loaded, all software / applicaitons ./ games will be streamed off the internet, you will have a global account that you log-in to access whateve programs you have rights too...

I say leave the software on the software level...  

0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 70

Expert Comment

by:garycase
ID: 17076208
... Your fears of the computer becoming a "leased thing" aren't unfounded ==> but that's not limited to hardware.  Micro$oft is working hard on the "software as a service" paradigm, which will essentially turn applications (Word, Excel, etc.) into "leased" applications that you use from within your web browser.   The selling point (and it's not all wrong) is that it will make upgrades, etc. unnecessary -- since everyone will be using the same versions -- and allow the software to be more reliable (since there won't be hundreds of different configurations to contend with).   But don't misread the tea leaves -- the bottom line is it's MUCH more profitable if they can move everyone to that concept.
0
 
LVL 44

Assisted Solution

by:scrathcyboy
scrathcyboy earned 100 total points
ID: 17078590
George, this technology, of "virus detect at the CPU level" is not only slated for all new processors by Intel, but also AMD.  They will be coming out next year, and by the end of next year, you probably will not be able to buy a CPU without this built-in virus detect technology.  It is "come late" features by the main CPU makers after many cries for them to help fight the onslaught of viruses.

Fundamentally, the software on a system cannot protect the computer at the SYSTEM level, it can only fix the software, which is dependent on the OS boot, so if viruses can install before the software runs, there is no way the software can find them, they are already hiding when the software runs !!

"Now, as I understand it, we are starting to see hardware protection against malware coming upon the scene."

This is necessary to thwart the serious viruses that circumvent all software detection, and it has been too long coming.  I doubt it will be designed to invade privacy, the CPU makers have too much to lose by doing this .. but as with all these innovations, only time will tell ...

www.internetnews.com/dev-news/article.php/3317901
ecoustics-cnet.com.com/AMD,+Intel+put+antivirus+tech+into+chips/2100-7355_3-5137832.html
www.networkcomputing.com/showitem.jhtml?docid=1513buzz3
it.slashdot.org/article.pl?sid=05/09/07/2347210
techreport.com/reviews/2006q2/core-duo/index.x?pg=1

That core DUO is the first to come out with it, but AMD is biting their heels --
http://www.amd.com/us-en/Processors/ProductInformation/0,,30_118_9331_12862%5e13301,00.html?redir=CPGWV01
www.amdboard.com/amd_virus_protection.html
www.networkcomputing.com/showitem.jhtml?docid=1513buzz3
0
 
LVL 7

Expert Comment

by:computerfixins
ID: 17078674
its kind of funny, i've been running linux for about 5 years now, never had any malware or virri...

Why does windows need hardware protection and linux doesnt?  And you cant really say that no one uses linux, considering 75%+ of all web pages / routers / internet backbones are now using some flavor of linux...
0
 
LVL 70

Assisted Solution

by:garycase
garycase earned 250 total points
ID: 17078712
Read the details carefully -- the protection is being implemented by the OS's by taking advantage of the DEP capabilities of the chips.   There are a few instructions being added to help make implementation of this easier -- but the chips themselves don't really do the protection -- they simply provide the hardware features that let the OS do it more easily and securely.
0
 

Author Comment

by:GMartin
ID: 17134288
Hi Everyone:

        Thanks so much for the well-thought out followups to this intriguing question.  I found each comment along with the links provided very helpful for twofold reasons.  First, this information helped me to gain a greater understanding behind current technologies being used to help protect against malware.  From what I gather, this is still primarily handled at the software level and not the hardware level.  And, secondly, thanks Gary for correcting my misconceptions of this entire situation.  At first, I thought Intel had developed a chip that would be a "magic bullet" fix for the plaque of malware.  After reviewing everyone, I realize this is wrong and not an accurate depiction.  

         In closing, great job everyone on this post.  I learned much from it.

        George
0
 
LVL 70

Expert Comment

by:garycase
ID: 17134318
As always, You're most welcome.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

In this article you will get to know about pros and cons of storage drives HDD, SSD and SSHD.
What do we know about Legacy Video Conferencing? - Full IT support needed! - Complicated systems at outrageous prices! - Intense training required! Highfive believes we need to embrace a new alternative.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now