Hardware-assisted security kills drive to create malware

Hardware-assisted security kills drive to create malware

Summary: Malware typically created to steal passwords via keystrokes or mouse gestures, but security factored into hardware will rid these attack vectors, argues McAfee's worldwide CTO.

SHARE:

Despite criticisms from the industry, the Intel-McAfee merger will result in "faster and better" security by riding on hardware to complement, not eliminate, software-based security, according to a McAfee executive.

As threats migrate from targeting applications and operating systems to the hypervisor level, including hardware, security, too, must be driven down the technology stack, George Kurtz, McAfee's executive vice president and worldwide CTO, told ZDNet Asia in an interview here Tuesday.

The "proof point" is in the development of virtualization, said Kurtz. While initially challenging in 1999, with the arrival of hypervisors and later Intel's introduction of VT (Virtualization Technology) into its chips, virtualization evolved to be "datacenter-ready", he noted.

Similarly, that is the approach in security, he said.

"It's really hardware-assisted security, just like virtualization," he added. "If you could take a lot of the things that we would normally do in software and…leverage the silicon to do that, it basically makes [security] faster and better--[and that means] faster performance and better efficacy in being able to protect our customers."

In the context of mitigating threats, hardware-assisted security would aid in the prevention of malware execution, which is an important step in a system getting infected, said Kurtz. This boosts contemporary whitelisting efforts, which essentially determines acceptable behavior.

"With Intel, we have the ability to enhance our software with additional hardware capabilities to help in the whitelisting process, and to help prevent things from being executed in memory, which is what malware tries to do--it tries to redirect the flow and it tries to execute," he explained. "By being able to tie the software that we already have to hardware-assisted components, we can strengthen our whitelisting technology and make it faster and better--less prone to errors or being compromised by the bad guys. If you have a hardware component to it, it's much harder for the bad guys to tamper with."

For instance, he noted that malware on an infected computer will attempt to capture the user's keystrokes or mouse gestures as he enters his password at a banking site.

Kurtz said: "By creating what we call a root of trust that ties back to the silicon, we can still operate and pass these sensitive pieces of information through to your end target--your bank server--without the bad guys being able to intercept them, and the only way you can do that is to be able to leverage hardware."

Making it impossible for cybercriminals to obtain data that they can exploit for monetary gain, will result in a lack of motivation to create malware, he said.

"Slowly we're trying to eliminate the vectors of attack that the bad guys have used to be able to monetize the sensitive information, which has really been one of the main drivers why we're seeing so much malware. It's so easy to create malware that will get on the system and ultimately, capture sensitive information and push it out to an ecosystem where there is a very well-defined dollar amount for every piece of data that's out there," he added.

The Intel-McAfee marriage will focus on the notion of compartmentalizing or isolating an infection, such that the infected device can still carry out sensitive transactions without compromising data, added Kurtz. "If you have an infection at the operating system, you still want to be able to operate even though there's a potential issue."

"[So] if you were trying to log into your banking site, and you had a piece of malware, what we're really focused on here…is how can we allow the user and the PC to still interact with that Web site and still have a secure interaction," he said.

However, with Intel's acquisition of McAfee only just completed at the end of February, he noted that the two companies are "just starting to work on things" and the fruits of labor will not emerge that soon.

Asked about criticisms of the merger as well as the shift toward hardware-based security, Kurtz said the company's ultimate goal is to better protect users. He also stressed that McAfee's software products will not be phased out. "I would ask any critic if they would like better security, better efficacy and faster security, and let me know the names of people who say 'No' to either one of those."

"Intel has had a lot of security technologies on their chips, but…they haven't had a platform to help drive the adoption of these technologies," he said. "[With McAfee in the picture,] we think we can help set the standard so that other people can follow and then ultimately, we'll get better security for all the customers that are out there, Intel or otherwise."

Topics: Networking, Apps, Data Management, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion