News - EU gives conditional approval to Intel acquisition of McAfee

[HEXUS]

Intel can buy McAfee so long as it promises to play nice with other security software companies.

Read more.

[aidanjt]

Kinda agree, but then if AV solutions are incorporated into ucode, then it becomes a hardware solution rather than a software solution, no?

[miniyazz]

Exactly. If McAfee became bundled into the silicon, it's no longer McAfee as we know it.. it would be a totally new beast. And, incidentally, probably good for consumers, although I remain to be convinced by this hardware AV idea - surely with hardware AV, malicious code writers only have to find a single bug in the implementation and they can use it for the lifespan of the chip, given that it's hardware and can't be updated? Or am I just exposing my ignorance at how it might work?!

[aidanjt]

Yeah, information theory doesn't exactly support the notion of a HW AV. How is a CPU to know whether a piece of code is malicious or not? All instructions are equally valid, otherwise they wouldn't have been added, even looking at a handful of instructions in sequence doesn't exactly say "HEY IM A VIRUS YOU PROBABLY SHOULD'NT RUN ME!", without some kind of database to pattern match against. Until there's more details on the methods involved, I'll remain sceptical.

[Bob Crabtree]

Not at all sure what Intel is letting itself in for!

McAfee is probably my fave anti-nasties app but only because I see so many infected PCs come into my lab with McAfee supposedly protecting them - and that earns me money.

I disinfect these PCs (can be a lengthy business), install something that works (most usually Kaspersky Internet Security Suite - different versions of KISS on different Windows OSs) and grab a wad of money from the owners who are grateful to get back machines that now work normally - and better than they did when they bought them (I do a LOT of optimisations, too, of course).

I'm also reminded of this story I wrote a good while back when most of my time was spent on HEXUS.lifestyle:

Digital You or Digital Poo? McAfee's Mangled Museum Metaphors

Bob

[aidanjt]

Digital You or Digital Poo? McAfee's Mangled Museum Metaphors

Well written, Bob, you should author more pieces, there's plenty more to rant about with modern IT, too.

[crossy]

Yeah, information theory doesn't exactly support the notion of a HW AV. How is a CPU to know whether a piece of code is malicious or not? All instructions are equally valid, otherwise they wouldn't have been added, even looking at a handful of instructions in sequence doesn't exactly say "HEY IM A VIRUS YOU PROBABLY SHOULD'NT RUN ME!", without some kind of database to pattern match against. Until there's more details on the methods involved, I'll remain sceptical.

Folks here saying pretty much the same - there's few, if any, viruses that aren't locked to a particular OS and so a Windows HWAV is a bit useless if you're running Ubuntu for example. Or, maybe a HWAV that's targeted at Windows 7 won't be that useful for Windows 8.

Consensus here is that Intel will do something similar to what VIA did with AES crypto - embed firmware in the chip that offloads some of the cpu load of doing AV from the main cpu, perhaps with extra support in the bridge chips. So your OS-resident AV scanner then just handles the interface,reporting,updating duties and the cpu part handles everything else, leaving more cpu power for you to use to get on with other things.

Personally, if this comes to pass then I'm glad they bought McAfee rather than Norton. The thought of having an embedded NIS engine fills me with dread ... Although I'm cynical enough to think that there's no such article as a "best" AV scanner - merely one that's less crappy for your particular setup. (And yes, I use McAfee at the moment).

I'll be interested to see how this pans out - e.g. if Intel do this what are AMD going to do?

[aidanjt]

And even that wont halt zero-day exploits, as Intel's CTO claimed.