Intel’s security game-changer. Uh-oh!
On 26 January, ComputerWorld published details of an interview with Justin Rattner, CTO at Intel. Rattner described a new hardware-based solution to malware:
“Right now, anti-malware depends on signatures, so if you haven’t seen the attack before, it goes right past you unnoticed,” said Rattner, who called the technology “radically different”.
“We’ve found a new approach that stops the most virulent attacks. It will stop zero-day scenarios. Even if we’ve never seen it, we can stop it dead in its tracks,” he said.
Intel developing security ‘game-changer’
Rattner didn’t really give much away – except that he hopes the technology will be available this year. So what is it?
Alan Bentley, SVP International of endpoint security firm, Lumension, clearly believes that Intel’s solution is some form of whitelisting (allowing only known good things and stopping everything else) rather than our current blacklisting approach (allowing everything by default, but using AV to stop known bad things).
“A shift in security thinking needs to happen to keep malware off our devices and away from our critical data,” he explained. Trying to shut malware out with signature-based security technologies is like herding jelly. Signature-based security was not designed to protect against the volumes of malware that we are seeing today. If you think that known malware signatures exceed 30,000 each day, the concept of protecting against unidentified malware is more than difficult, especially if you are trying to predict what malware might look like. With this approach, it is of little surprise that malware has a habit of falling through the cracks.
“If you flip security on its head and only allow the known good onto a device or a computer network, malware protection is significantly improved.”
In the interview, Rattner seems to indicate that McAfee (which it bought for $7.7bn last year) is not really involved in this project.
Rattner said Intel researchers were working on the new security technology before the company moved to buy security software maker McAfee. However, he said that doesn’t mean that McAfee might not somehow be involved.
But if this technology predates the McAfee acquisition, then it is most likely to be at chip level rather than the software level. And that rather suggests that it is to do with the Trusted Computing Platform (TCP). The biggest problem with TCP is that it involves one person or organisation imposing its own views on others. Now, if that’s a company controlling how its own computers are used, well there’s not too much wrong with that. But if it’s Intel or Microsoft – or government – controlling what can be run on privately owned computers, then that’s highly dangerous.
Lumension’s CEO, Pat Clawson, has worries along these lines, suggesting that a “pressing concern is whether it is socially acceptable for Intel to impose security on the device. Whilst it might make sense in the consumer mobility space, governments and enterprises will surely want to make their own security decisions, not have it forced on them at the chip level.” But it is indeed the consumer level – that’s you and me, by the way – that is possibly under the greatest threat. “It makes sense,” he adds, “for its focus to be on the consumer market, which represents a significant portion of both Intel and McAfee’s revenues.
“Security innovation on the mobile device would certainly be an interesting and most likely welcome addition to the consumer handset market. With current security models proving ineffective, new levels of intelligence and a change in mindset are needed to protect today’s IT environment.”
What worries me is that this vision seems to be exactly what Scott Charney was proposing with his ‘internet health certificate’; that is, we will not be allowed to access the internet unless we can prove our computers are clean – and one way to prove they are clean is with Intel controlling what can run on them. Was Charney playing John the Baptist to Rattner’s Christ: a voice crying in the wilderness, but preparing the way for our security saviour?