Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Intel Security Software IT Technology

Anti-Rootkit Security Beyond the OS 176

Posted by samzenpus from the building-a-better-wall dept.
Orome1 writes "Cybercriminals know how to evade current operating systems-based security, demanding a new paradigm – security beyond the operating system. On that note, McAfee demonstrated the workings of its new McAfee DeepSAFE technology at the Intel Developer Forum on Tuesday. Co-developed with Intel, it allows McAfee to develop hardware-assisted security products to take advantage of a 'deeper' security footprint. It sits beyond the operating system and close to the silicon, and by operating beyond the OS, it provides a direct view of system memory and processor activity."
This discussion has been archived. No new comments can be posted.

Anti-Rootkit Security Beyond the OS More

Anti-Rootkit Security Beyond the OS

Comments Filter:

  • We're heading for the days of DRM everything... (Score:5, Interesting)

    by garcia ( 6573 ) on Wednesday September 14, 2011 @08:32PM (#37405328)

    Beginning back in 2003 [slashdot.org] I talked about the future of computing which will include DRM in the BIOS. I have posted numerous times about it and even once noted DRM'd BIOSs will eventually be required to connect to the "safe" Internet [slashdot.org].

    We're one step closer now with this... Oh looky, we have the perfect way to stop this from happening. A totally secure DRM'd BIOS. Just use our product and the secure Internet won't have any spyware/malware/etc.

    Oh, and in order to do online banking, pay the electric bill, connect to webmail from Google, etc will all require you to have a DRM-enabled BIOS.

    IPs may not point to an individual computer but the DRM'd BIOS sure will.

  • Pre-Boot Antivirus (Score:4, Interesting)

    by a_nonamiss ( 743253 ) on Wednesday September 14, 2011 @09:17PM (#37405596)
    I use an Ubuntu USB drive that I created for the specific purpose of scanning systems before they boot into the OS. It won't detect malware in real-time, but it should, in theory, catch a root kit that's well hidden from being detected within the OS. What I don't understand is why there's not something commercial out there that does this. With my home-made drive, I can boot, mount a truecrypt volume (all our computers are truecrypted) and scan a Windows file system with several different free tools. The only problem is, since they are free, they tend to be not very good. I scanned a system I was working with yesterday, and ClamAV, Avast!, BitDefender and AVG all missed a boot sector virus. The system was clearly infected, judging by all the BSODs and other strange behavior, but all these tools came up clean. They were also slow as hell. Each scan took hours. Finally, I attached the hard drive to a Windows machine and ESET picked up the virus right away, although it wasn't able to clean it. Had to download a separate tool from Kaspersky to do that.

    What I'm saying is most of the stuff I did is not accessible to the unwashed masses. On top of that, I would actually pay good money for a tool that I could use and not have to screw with 5 different immature anti-virus platforms that could be used to remove rootkits. Nothing about this virus was particularly fancy, once you got it outside of the OS. (It loaded kernel mode drivers to prevent it from being seen within Windows.) Why don't one of the major players start looking into something like this? Bootable, able to update definitions over the Internet and fast. I, and probably my company, would pay really good money for that.

Slashdot Top Deals

Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse

Close