McAfee introduces anti-rootkit security beyond the OS

Discussion in 'other security issues & news' started by SUPERIOR, Sep 14, 2011.

Thread Status:
Not open for further replies.
  1. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    Code:
    http://www.net-security.org/secworld.php?id=11619
    
    Code:
    http://www.mcafee.com/us/solutions/mcafee-deepsafe.aspx
    
     
  2. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    854
    I've been hoping for mainstream antivirus vendors to be able do something like this, as it just makes sense as an approach.

    If you've found yourself in a fair fight with malware, then it means you've not prepared properly. Why face these threats on even footing?

    I probably wouldn't trust McAfee programmers not to foul things up with this level of access to my PC - but it's a step in the right direction IMO and hopefully the more capable vendors will be able to follow suit.

    ITPro suggest that it'll be considered more anti-competitive behaviour from Intel if the company doesn't give other vendors the same access:
    http://www.itpro.co.uk/636106/idf-2011-intel-unveils-first-fruits-of-mcafee-acquisition

    I wonder how much of a performance hit there'll be using this.

    Presumably there'll be an update mechanism for the 'DeepSAFE' platform, so hopefully they'll secure this properly otherwise this would open up a new vector for attack.
     
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    Short, but sweet comment from Alex. Nothing ground-breaking then except perhaps McAfee might be taking the lead on this one because of their relationship with Intel. I know Alex doesn't think so.

    If this is available to all AV vendors, it shouldn't be too long before others produce similar technologies in their products if they feel it is warranted. Maybe it already does exist because I believe there are some scanners that do pre-boot scans. Perhaps those pre-boot scans already utilise the not-so-secret sauce Alex refers to.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Windows bundled with AV, and now this. Sigh, can it be at least disabled?
     
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Remember Hypersight Rootkit Detector, same approach.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Nope, will that stay free?
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
Loading...
Thread Status:
Not open for further replies.