Check Point Introduces New CPU-Level Threat Prevention

An anonymous reader writes: After buying Israeli startup company Hyperwise earlier this year, Check Point Software Technologies (Nasdaq: CHKP) now unveils its newest solution for defeating malware. Their new offering called SandBlast includes CPU-Level Threat Emulation that was developed in Hyperwise which is able to defeat exploits faster and more accurately than any other solution by leveraging CPU deubgging instruction set in Intel Haswell, unlike known anti-exploitation solutions like kBouncer or ROPecker which use older instruction sets and are therefore bypassable. SandBlast also features Threat Extraction — the ability to extract susceptible parts from incoming documents.

Re:Excited about what deubging Instructions are

[AmiMoJo]

Those instructions are privileged. If normal software tries to execute them it will simply crash (remember those privileged instruction errors when running old software on Windows 95, Mr. Gates?)

To execute these instructions the code needs to ask the OS to run it at the highest privilege level, normally reserved for the core OS and certain drivers that need to do some tricky hardware stuff. If a virus can get to that level you are screwed anyway.