Kaspersky Patents Hardware-Based Antivirus

i don't think i'm smarter than the av developers but if that's how it seems to you then so be it. i have no control over your perception of me.

i'll answer your question with another question, however. if hardware based av is such a great idea, why has it languished for over 15 years? why hasn't someone, anyone, picked up the ball and run with it before now? to me that implies that most vendors recognize this road as a dead end.

 

"An update method of the AV databases uses a two-phase approach. First, the updates are transferred to from a trusted utility to an update sector of the AV system. Then, the updates are verified within the AV system and the AV databases are updated."
Use kaspersky currently and have got to say that this appears to be the only weak link. A AV card of some sort does seem like a idea that might actually work.

 

Also, maybe (just maybe) most vendors are thinking that hardware-based av (Although some experts say that hardware-based solutions can still be fooled by rootkits.) can be effective but can't earn as much money because:

a. If a serious security flaw is found, an update could be troublesome to make. Just imagine updating drivers on a regular basis!

b. On the other side of the coin, if hardware-based solutions alongside with software solutions became so effective there might be no need for yearly subscriptions.

c. As kwismer had said, there are more flexible, easier solutions. Customers want ease of use.

All of these are speculations and shouldn't be taken seriously

 

they just thinking of going back to the moon:-because its going to be easier nowadays than a few years back,possibly same thing applies with what kaspersky are thinking of:-its become easier because technology has advanced?

 

then i would have expected there to be a low level of interest in the idea to have been maintained over the intervening years. i saw no indication of such interest.

 

In this speculative model, the AV logic is in the H/W chip, the AI heuristic rules, the malware signatures are in the cloud.

But if we put the entire os on the chip then Intel takes out Gate's business. The variables for the os (if any) can be in the cloud as well.

 

hardware and cloud in one? ouch - to be viable the card would need it's own NIC (the whole point of putting the av on dedicated hardware is that the protected system can't be trusted, ergo it's network connectivity can't be trusted either), which means that computers using it would have 2 network connections each. that can't be right - hardware and cloud don't mix together nicely.

 

How can you make such a categoric statement?have you tried to combine the two?perhaps your knowledge and understanding of what Kaspersky are looking into is not as good as what you actually think it is?do you think that that is even a remote possibility?

 

i just explained the problem with combining the two - and you quoted it.

they could, i suppose, make their card act as a replacement NIC for the computer, so that all network traffic went over the NIC in the card instead of the computer's original NIC - but that would require a network driver for the card be installed in the host system, which would then present the attacker with an opportunity to make the card appear defective by corrupting that driver.

that being said, on re-reading the article linked to in the opening post, i think we can discount cloud involvement entirely as it would obviate the stated need for a trusted utility to transfer updates to a special sector of the av system. there would be no need for any such trusted utility if the hardware av had a direct link to the cloud. it could get it's updates directly if that were the case.

and perhaps you can find more concrete/substantive ways of casting doubt on everything i say.

 

FYI -- The full text of the patent is available here.

 

my problem is that only you in your mind seems to understand this technology and only you knows that no matter how it is implemented it will not work,I,m wondering if Kaspersky,Symantec and all the rest would not be better sacking all of their development staff and just subscribing to this and other similar forums then they could just pick the brains of you and others like you that frequent these places,they could then develop new products without the expense of paying,probably,quite a high wage bill:-sorry if you think that I am casting doubt on everything you write its just that I think that most companies involved in this field,not just Kaspersky with this product,do have far more knowledge than the forum members and I doubt very much they would follow a line of research without checking as to whether or not it had been tried before and being confident that there will be some return,either financially or in just knowledge gained to be used further down the line