McAfee introduces anti-rootkit security beyond the OS

SUPERIOR · Sep 14, 2011

Cybercriminals know how to evade current operating systems-based security, demanding a new paradigm – security beyond the operating system.

On that note, McAfee demonstrated the workings of its new McAfee DeepSAFE technology at the Intel Developer Forum on Tuesday. Co-developed with Intel, it allows McAfee to develop hardware-assisted security products to take advantage of a “deeper” security footprint.
Click to expand...
Code:
http://www.net-security.org/secworld.php?id=11619
Code:
http://www.mcafee.com/us/solutions/mcafee-deepsafe.aspx

RJK3 · Sep 14, 2011

I've been hoping for mainstream antivirus vendors to be able do something like this, as it just makes sense as an approach.

If you've found yourself in a fair fight with malware, then it means you've not prepared properly. Why face these threats on even footing?

I probably wouldn't trust McAfee programmers not to foul things up with this level of access to my PC - but it's a step in the right direction IMO and hopefully the more capable vendors will be able to follow suit.

ITPro suggest that it'll be considered more anti-competitive behaviour from Intel if the company doesn't give other vendors the same access:
http://www.itpro.co.uk/636106/idf-2011-intel-unveils-first-fruits-of-mcafee-acquisition

For Intel, the biggest issue it has to worry about is that whatever it does at the silicon level with McAfee has to be open and something that others can also do otherwise the DoJ will jump down its throat on an anti-compete charge."
Click to expand...

I wonder how much of a performance hit there'll be using this.

Presumably there'll be an update mechanism for the 'DeepSAFE' platform, so hopefully they'll secure this properly otherwise this would open up a new vector for attack.

Dermot7 · Sep 16, 2011

"I keep getting asked for comments on McAfee/Intel’s new Deepsafe. So what the heck, here goes." : http://sunbeltblog.blogspot.com/2011/09/deepsafe.html

TonyW · Sep 16, 2011

Dermot7 said:

"I keep getting asked for comments on McAfee/Intel’s new Deepsafe. So what the heck, here goes." : http://sunbeltblog.blogspot.com/2011/09/deepsafe.html
Click to expand...

Short, but sweet comment from Alex. Nothing ground-breaking then except perhaps McAfee might be taking the lead on this one because of their relationship with Intel. I know Alex doesn't think so.

If this is available to all AV vendors, it shouldn't be too long before others produce similar technologies in their products if they feel it is warranted. Maybe it already does exist because I believe there are some scanners that do pre-boot scans. Perhaps those pre-boot scans already utilise the not-so-secret sauce Alex refers to.

J_L · Sep 16, 2011

Windows bundled with AV, and now this. Sigh, can it be at least disabled?

Meriadoc · Sep 17, 2011

Remember Hypersight Rootkit Detector, same approach.

J_L · Sep 17, 2011

Nope, will that stay free?

CloneRanger · Sep 17, 2011

RE - Hypersight Rootkit Detector

@ Meriadoc

Good point

Hi, yes i do it & i still have it somewhere It was just one of Many ARK's etc featured in here http://forum.sysinternals.com/forum...Hypersight&title=rootkit-detection-prevention

It's still available http://northsecuritylabs.com along with other Apps etc. If someone could install it & try it out =

Log in or Sign up

McAfee introduces anti-rootkit security beyond the OS

SUPERIOR Registered Member

RJK3 Registered Member

Dermot7 Registered Member

TonyW Registered Member

J_L Registered Member

Meriadoc Registered Member

J_L Registered Member

CloneRanger Registered Member

Log in or Sign up

McAfee introduces anti-rootkit security beyond the OS

SUPERIOR Registered Member

RJK3 Registered Member

Dermot7 Registered Member

TonyW Registered Member

J_L Registered Member

Meriadoc Registered Member

J_L Registered Member

CloneRanger Registered Member

Useful Searches