Intel to Develop Hardware Rootkit Detection

Jack writes "ITO is running a story on Intel's latest initiative - a hardware rootkit detector: 'Intel is trying to eliminate the human factor when dealing with root-kits detection by developing a new hardware-based technique to discover and notify users when they are downloading unintentionally a root-kit to their computer.'"

Warning, Will Robinson

[ackthpt]

Warning

The application you are attempting to execute is extremely suspicious and should be discarded immediately as it has been found to contain x86-64 (AMD64) instructions.

Seriously, why don't they work with Microsoft to do some kind of checksum and bonk the load when it fails? This 'small chip' smells like something which would persistently degrade memory performance. Why would that be more acceptable than an operating system or BIOS which would block root-kits, i.e. you can only touch this file, this partition, etc, as logged in as root. Oh, right, on Windows processes may run under root authority and be co-opted.

Gee, seems like it's been 20 years since DEC fixed those bugs in RSTS/E

Re:Warning, Will Robinson

Remember what the founding fathers said: "Those who give up essential memory bandwidth for temporary safety deserve neither."

trusted computing, surely

[DaveCar]

is this not just treacherous computing by another name? "You're downloading Debian?! That's not allowed! *bleep* *bleep* illegal operation *passing details to NSA*!"

--
No, I didn't RTFA. I didn't RTFSummary either.

Re: Intel to Develop Hardware Rootkit Detection

[rbochan]

Who will watch Intel then?

Why... Sony, of course.

How to market restrictive TCPA technology to users

[Josh+Triplett]

This is simply a marketing tactic to attempt to gain acceptance for a technology designed to get humans out of the loop whether they like it or not. There is no useful purpose for a technology designed to "protect" a machine from its owner. This marketing tactic simply tries to propose the "but what if we're trying to protect the owner from their own stupidity" angle; however, that kind of thing could be done in software as well.

Article this translated use to what software?

[dfjunior]

...dealing with root-kits detection...

...monitor persistently programs that might be affected of a malicious attack...

...doesnt expect its project to replace various protect software...

The project is timidly scheduled...

Dumb idea

[obeythefist]

This has little or nothing to do with security and everything to do with Intel PR.

Intel has been smarting since AMD beat them to the punch with the NX bit.

The only thing a Rootkit will do that any other software install won't usually is over-write and modify a lot more system files than it should. Hardware can't be aware of which version of hal.dll you're supposed to be running (heck, it shouldn't even know you're running windows!). This really is something the O/S should be doing.

Which it does. If you follow best security practices, well, heck, you're not logged on with admin privelege anyway. So how is the rootkit going to overwrite your stuff anyway? Or has your system been compromised by a hacker through an open port exploit? So your firewall failed you and you haven't patched up your O/S, and if the hacker is installing the rootkit, there's no point stopping the rootkit, because he's already in and he's just installing his zombie housekeeping tools. It'll just slow him down a bit.

Re: Intel to Develop Hardware Rootkit Detection

[mslinux]

Who watches them now?