04:29
ADITYA
Nearly seven months after Intel shelled out US$7.68 billion for antivirus vendor McAfee, the two companies are offering a glimpse of their future.
At the Intel Developer Forum in San Francisco Tuesday, McAfee will
provide an early look of its new effort to build security protections
outside of the OS, using Intel's chip-level hooks that allow McAfee's
Endpoint Protection Software to get a better look at malicious software
such as rootkits.
Called DeepSafe,
the software is something new for the antivirus industry, said Candace
Worley, senior vice president and general manager of McAfee Endpoint
Security. "This level of technology has never existed before," she said.
"It's brand new; it's been jointly developed between the two
companies."
DeepSafe is McAfee's answer to advanced hacking technologies, such
as rootkits, that seem to be getting better and better at slipping
malicious software onto PCs unnoticed.
"Most antivirus products today reside at the same level in the
system as the operating system," Worley said. "What we're finding is a
lot of the antivirus is simply not seeing a rootkit that's installed at
that level of the system."
Rootkits use all kinds of sneaky tricks to cover their tracks,
rewriting file names, and even modifying data in system monitoring tools
so that everything seems normal.
In fact, it's somewhat of an open secret in the security industry
that determined cyberattackers can skirt antivirus detection almost at
will. Some victims go years without detecting so-called advanced
persistent threat (APT) infections, even with their antivirus software
up-to-date.
That's left vendors such as McAfee scrambling to make things harder for the bad guys
Worley describes DeepSafe as a "technology foundation," for future
products. The first of these products will be an add-on to McAfee
Endpoint Protection that will focus on rootkit detection for the
enterprise. That's who's most interested in this kind of technology
right now, Worley said. The product, yet unnamed, will be launched at McAfee's Focus conference in Las Vegas next month, "and as time progresses we will migrate this to the consumer space," she said.
McAfee was vague about how DeepSafe will actually work, but the
company started working on the technology prior to the Intel
acquisition, Worley said.
The product will work in VMware installations, but Microsoft and
Citrix customers will have to wait a bit longer. "We're still working
out how this system will work with those technologies over time," Worley
said.
Although McAfee will be the first major antivirus vendor out of the
gate with this type of technology, it isn't the only company going in
this direction, said Lawrence Pingree, a Gartner research director.
"What's going to happen is they're going to release this and then others
are going to follow suit," he said.
DeepSafe is interesting, but it still isn't the kind of
breakthrough technology that will justify McAfee's multibillion dollar
price tag. "We're still waiting for real hard technology to come out of
this merger that will really be a big innovation," 
Posted in: SECURITY NEWS
0 comments:
Post a Comment