New Intel Processor Fights Rootkits, Virtualization Threats

But experts say new features still aren't true anti-rootkit technologies

Intel today rolled out a new desktop processor for business machines with hardware-based security features that it says can help prevent stealth malware attacks and better secure virtual machines.

The new vPro 2007 Platform, which was code-named Weybridge by Intel, also comes with an upgraded feature that better tracks and logs network traffic for malicious patterns, as well as support for 802.1x and Cisco NAC platforms so that if the operating system is down, you can still manage the endpoints because network security credentials are stored in hardware. Intel's new vPro platform also comes with new built-in management and energy-efficiency features.

Mike Ferrin-Jones, Intel's director of digital office platform marketing, says attackers increasingly are writing stealthier malware that evades detection by software-based tools, and some that even disable them: "That gives them free rein over the system." That has held some enterprises back from going with virtualization technology, he says.

Intel's new processor -- via its so-called Trusted Execution Technology (TXT) and Intel Virtualization Technology for Directed I/O features -- can better protect virtualized software from these kinds of attacks by detecting any changes to the virtual machine monitor; restricting memory access by unauthorized software or hardware; and protecting virtual machines from memory-snooping software, according to the company.

Stealth malware expert Joanna Rutkowska, founder of Invisible Things Lab, says Intel's new Trusted Execution Technology (TXT) and Intel Virtualization Technology for Directed I/O features sound like a step in the right direction for protecting against stealth malware attacks, as are AMD's SKINIT and External Access Protection features, which were released last year.

"I don't believe we can address some problems like kernel rootkits and especially virtualization-based rootkits, without help from the hardware vendors," she says.

Rutkowska says based on what she could surmise from the press materials provided to her, Intel's Virtualization for Directed I/O appears "to let you create more secure hypervisors and deploy secure micro kernel-based OSes, she says.

Still, these technologies aren't true anti-rootkit technologies, she says. "They are, rather, technologies that [for example] would allow [you] to build better OSes, not prone that much to rootkit infections as the OSes we have today [are]."

The key, Rutkowska says, is for OS and software vendors to use Intel's new hardware-based security, as well as AMD's in its new Barcelona processors. "It's all in the hands of software and OS vendors now," she says. "If they don't redesign their products to make use of those new technologies in a proper way, those new technologies will be pretty useless."

Intel's Ferrin-Jones says hardware-based security in the new platform, based on Intel's Core 2 Duo processor and Q35 Express chipset, help where software-based security cannot. "Most security applications run inside the OS," he says. "For the systems to be protected and secured, those apps have to be up and running, as does the OS." Features such as "remote wakeup" capabilities aren't secure or available if the OS goes down.

Meanwhile, major computer makers and resellers are now selling desktops with the new vPro processor, according to Intel, including Dell, HP, and Lenovo, and the company says 350 organizations have already deployed it.

Intel is also currently working with virtual machine monitor and security software vendors to enable their products to work with the new platform, Ferrin-Jones says

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights