Protection paradigm is shifting from pattern recognition to behavioral techniques, says Intel Labs director of security research Sridhar Iyengar.
In our gut, we all get that hardware-based security should outstrip the traditional, software-centric approach to antivirus protection. But does that feeling stand up to a back-of-the-napkin analysis? Well, yes.
Microprocessor instruction-set extensions tuned to the needs of malware identification algorithms will speed the execution of such software. That's because task-specific instructions make it easier to write tighter programs.
The counterargument might be: If CPU time is "free," implementing new primitives in 100 lines of code, rather than on-chip, is free, too. That's "wrong" because such code takes longer to than its hardware-steeped cousins. So one can assess more threats -- i.e., perform the more detailed analysis necessitated by today's stealthier malware -- in the same about of time.
OK, so we've just stipulated that hardware-based security is an essential tool in fending off the rising tide of malware. Think cybercriminals in shady Eastern European outposts, wreaking random havoc like the aimless assassins in Taken 2. Of course, such gangs are amateurs compared with government actors -- Stuxnet, anyone?
So we have multiple reasons that hardware-based security is ascendant. Having strong engineering legs in both process and security camps, Intel is perhaps the leader in advancing this approach. Intel acquire McAfee in 2011. The security vendor continues to operate as a separate brand, and it still sells security software. But it's a key component -- providing smarts and a solid go-to-market channel -- of Intel's broader intentions to field comprehensive, new ways of protecting the difficult to protect. (Note that the McAfee play additionally verifies that packaged consumer security software isn't going away. Rather, it'll become more effective.)
Tines of the Intel and McAfee security effort.
One component of Intel's hardware approach has been to add six processor-level instructions to support the AES encryption standard. Intel says the instructions can speed encryption, which protects data sent over the network or to the cloud, by two to three times.
It's important to point out that diving into the hardware to bring security to new heights is no Kevin Mitnick come lately. Intel's been riding the hardware-security bandwagon for years.
For example, when I talked in 2009 with Intel chief technology officer Justin Rattner, who's also an Intel Senior Fellow and Director of Intel Labs, he told me the following:
Alex Wolfe: You've explored having the processor handle security. Tell us about that.
Justin Rattner: We have manageability engines (MEs), which underlie our VPro architecture. We use those both for manageability and security. Longer term, we need a general-purpose solution. We need an architectural breakthrough which allows an open platform to selectively and programmatically become closed during a secure computational phase. What we ultimately need is being able to go into stealth mode for brief periods of time and then come back into the open.
After I loaded McAfee on one of my computers, I could not get rid of it. I understand the need for security, but I refuse to turnover complete control of my system to someone else.
There are many ways in which a secure working environment can be implemented for home and business systems.
The latest McAfee approach is not one of them. I now consider their software as dangerous as any virus I ever accidentally loaded.
Just my opinion.
The computer resources devoted to fighting Malware are staggering - often greater than the time the computer spends doing "productive" work. Anything that can be done to improve security and CPU availability for the hapless human user would be much appreciated. Furthermore, current malware checking software is the cause of an inordinate number of computer lock-ups and issues. That said, the fundamental issue I see with hardware security is that it is relatively "fixed". When hackers have a stationary target, they can be devastating.
This whole security issue should be solvable. I like Intel's approach but we're up against some big issues that are designed to make commerce more convenient.
But the problem isn't convenience itself. The problem is that making the most profit out of every click, transaction, whatever, is what's turning into the PRIMARY driver of technology.