Intel: Viruses to be a thing of the Past

Intel believes that malacious codes, viruses and other security threats may become a worry of the past. Inte's R&D team is currently working on Trusted Execution Technlogy, previously known as LaGrande. Trusted Execution Technology or TXT will use hardware keys and subsystems to control what part of a computer's resources can be accessed and who or what will be granted or denied access.

Going beyond the NX bit, or the Non-execution bit that is currently enabled inside recent processors from both AMD and Intel, TXT will bring a whole new dimension of security to PCs. TXT will also be able to work in a virtualized environment on systems with Intel's VT technology. Guest operating systems will be able to take advantage of features on a TXT-enabled platform.
Intel will also provide a mechanism called Attestation for TXT, which is a self-monitoring component that ensures that the TXT system was enabled properly. Attestation will provide monitoring, as well as applications running in protected space.

Processors will have split execution spaces called partitions, similar to the concept of partitions on a hard drive. These partitions can be labeled as protected or non-protected. Standard partitions, those that are not protected, are now referred to as "legacy" partitions. A TXT-enabled processor will be able to have both a legacy and protected partition coexist together. Chipsets will also be designed with TXT technology. According to Intel, every part of a TXT-enabled platform will have the technology built in so that every pathway that is traversed by data will be able to offer a high level of security. With TXT, Intel is taking a no-compromise approach to securing data. All components of a system will be protected:

  • Processor execution memory
  • Processor event handling
  • System memory
  • Memory and chipset paths
  • Storage subsystems
  • Human input devices
  • Graphics output
Currently close to being finished, Intel will demonstrate the first working implementations of TXT technology sometime in 2007 on Intel vPro platforms. To view TXT's list of executions, read the rest of the article... News source: DailyTech


Starting fromthe use of more advanced Trusted Platform Module (TPM) chips and addingnew hardware extensions to both processors and chipsets, TXT canperform the following:

Protected Execution:This feature allows an application that has the ability to execute inan isolated environment, to be shielded from other software running onthe same platform. No other software may monitor or compromise the dataor the application in the protected environment. Plus, each applicationrunning in PE mode has its own physically dedicated resources from boththe processor and system chipset.

Sealed Storage:The new advanced TPM chips are able to store and encrypt keys inhardware. Only the same system that the TPM is integrated into candecrypt the keys. Any attempts at copying data out of the TPM willresult in scrambling.

Protected Input: Intel isdeveloping mechanisms that will prevent unauthorized monitoring ofhuman input devices such as mouse clicks and keyboard strokes. Not onlywill traditional input devices be encrypted, but data traversing theUSB bus will also be encrypted too.

Protected Graphics:applications that are running in the PE environment will have itsgraphics path encrypted. Data being sent to a graphics card's framebuffer from an application will be encrypted and cannot be observed byunauthorized code. For example, a particular notice box popping up canbe encrypted, while other windows remain unprotected.

Protected Launch:this part of TXT will control and protect critical parts of theoperating system and other system related components from beingcompromised during launch. OS kernel components for example areprotected during and after launch.

Report a problem with article
Previous Story

More Intel "Tigerton" Demonstrations

Next Story

Microsoft: 10 Vista Activations

34 Comments

Commenting is disabled on this article.

Now I can see McAfee, Symantec, Kaspersky crying out laugh becuase INTEL take they job into the trash. Time to clean some other 'windows' somewhere else AV companies :P

Oh btw, this is just an "excuse" to make the DRM something common. Remember that

I think most computer security issues could be resovled by educating people. As long as there are idiots that download anything they want and click ok to everything, we will have these sorts of problems.

theres a spelling mistake in thier, 1st line on the main page and 2nd line on this one ... It hould say intel and not inte

sry for being a grammer whatever...

Quote - badazzEVO8 said @ #19.1
maybe you should learn to spell before correcting others.....

'their'? 'hould'? 'sry'? 'grammer'?

wow, do i look even remotely bothered about my spelling or grammer, i dont give a toss, and i dont have to do anything, maybe you should just keep comments to yourself that have nothing to relate to this posting.

Quote - Noveed said @ #19.2
wow, do i look even remotely bothered about my spelling or grammer, i dont give a toss, and i dont have to do anything, maybe you should just keep comments to yourself that have nothing to relate to this posting.
LMAO
"Comment of the Week" material, there!

Post an error-filled complaint about the article's errors, then post that golden reply.

Quote - markjensen said @ #19.4
LMAO
"Comment of the Week" material, there!

Post an error-filled complaint about the article's errors, then post that golden reply. :laugh:


lol ya know

Oh, and this allows Intel to sell these chips for every device made, from keyboards to CPUs, of course.

And I'm sure the government under Bush is just going to love the idea of not being able to use keyloggers, etc., on us. Or, am I naive in assuming that this whole thing won't have a backdoor for their "exclusive" (until the codes are leaked) use?

This is only about one thing and one thing only...

DRM

You can tell how afraid they are of this by not even mentioning DRM as one of the advantages/target applications.

Ahem.

As long as we can turn it off if we want to (from the BIOS probably) I'm all for it. I can see this being abused though, DRM and the such.

exactly, same sentiments for the TPM chip. just aslong as it is not expoited for the selfish gain (DRM) of the Music/Movie Industry.

"Trusted Execution Technology" sounds a hell of alot like TCPA, which we all hate, right? I just hope I'm missing something here :P

Back to the story, sounds a good idea, but I'm guessing all software will need recoding to take proper advantage of this. Unsure how it would work otherwise.

Windows security can be beefed up simply by the 'average joe' not running with administrator priviledges. That's what Linux does and where it's security comes from. And yes I know Windows still has holes even when the user is running with a limited account, but it's a big improvement and that's the point - changing the behaviour of the 'typical' user; if all Linux distros put the user as root admin, were used by the uneducated, and were more popular then they'd be big trouble there!

That's a pretty bold statement! I think someone should remind/tell them that nothing is perfect, there will always be a way.

Obviously there are alot of benefits from technology like this, but let's face it, someone can still write a virus or spyware that relies on nothing beyond stupidity to get itself installed, that's probably what most of the current active viruses are based on -- foolish users.
If you'll excuse me I have some funny joke exe files that someone forwarded me which I need to open.

Quote - hapbt said @ #2
... that's probably what most of the current active viruses are based on -- foolish users.
If you'll excuse me I have some funny joke exe files that someone forwarded me which I need to open.

This is why there will always be viruses, because people are stupid. Every time you make something idiot proof, the world comes up with a better idiot. Windows sold out security to be both relatively easy, and widely used. If 90% of the world uses Windows, do you realise how many quasi-brain dead people are included in that tally? Apple is easy, and secure for the most part, but not widely used. It's easy to be secure when your company controls all the hardware and OS and a lot of the software. But then that will get you 4% market share. Notice now that Apple has switched to Intel and is gaining, it is having growing pains? *NIX is secure, but not even close to easy, and thus not widespread.

Because of the nature of people, you can't have all three - market share, security and ease of use. MS chose the way that would ensure it made the most money. Nothing much Intel can do but add a level of complexity. Might mean more security in theory, but the people with sense already know how to keep their machine secure. What of the people who don't even know how to change their wallpaper? To quote Ron White, "You can't fix stupid."