Researchers Set To Work On Malware-Detecting CPUs (helpnetsecurity.com) 40
Orome1 quotes a report from Help Net Security: Adding hardware protections to software ones in order to block the ever increasing onslaught of computer malware seems like a solid idea, and a group of researchers have just been given a $275,000 grant from the National Science Foundation to help them work on a possible solution: malware-detecting CPUs. This project, titled "Practical Hardware-Assisted Always-On Malware Detection," will be trying out a new approach: they will modify a computer's CPU chip to feature logic checks for anomalies that can crop up while software is running. "The modified microprocessor will have the ability to detect malware as programs execute by analyzing the execution statistics over a window of execution," Ponomarev noted. "Since the hardware detector is not 100-percent accurate, the alarm will trigger the execution of a heavy-weight software detector to carefully inspect suspicious programs. The software detector will make the final decision. The hardware guides the operation of the software; without the hardware the software will be too slow to work on all programs all the time."
Re: (Score:2)
You can't make a useful OS completely secure. How would you defend against things like the RowHammer attack? Only run interpreted code in a VM maybe, but it would be slow. That's where this malware detecting CPU comes in.
Anyway, since no one and no software is perfect, the best way to secure a system is in layers. Every extra one helps.
Re: (Score:2)
What do you mean? Cake layers or onion layers?
Re: (Score:3)
Not a panacea (hardware issues, e.g., row-hammer, can still cause problems), but proof carrying code [wikipedia.org] would be a great step forward.
Re: (Score:2)
Every boot would load up gov malware that the OS and AV would give a free pass to. Recall the US keystroke logging software.
https://en.wikipedia.org/wiki/... [wikipedia.org] efforts.
made in China (Score:2)
Re: (Score:2)
Neat, oh wait what (Score:1)
The software will make the final decision... oh so you mean just like it already does, got it.
No Way (Score:2)
In no way is this a good idea. No software is perfect, doubly so for security software. That includes the microcode this hardware is based on. Go ahead, implement it in hardware, which by definition cannot be upgraded or patched. Soon enough someone will find a vulnerability, and then an exploit, and there's nothing you can do to mitigate it beyond just buying newer hardware.
Re: (Score:2)
Not the first (Score:4, Interesting)
Re: (Score:2)
Anybody know enough to explain how this is different?
fool's errand (Score:5, Insightful)
The second you make hardware look for a pattern, they will design malware to violate that pattern and go undetected. This is a fool's errand.
Re: (Score:1)
2. Have the program do malwary stuff if the CPU says it's not malware, and do benign stuff otherwise.
3. Profit! (Or laugh.)
Re: (Score:2)
In the early days of SElinux on Fedora I got alerts all the time, but it's never been a problem on RHEL7. They seem to have fixed the misbehaving tools and problematic policies some time in between. (I still think SElinix is a horrible hack - adding a layer to fake role-based privileges with massive black/whitelists. It all comes back to POSIX permissions being far too couarse-grained for what they're forced to protect.)
Now this is good (Score:2)
This is the sort of stuff Intel should have developed with their McAfee acquisition.
Companies seem to think innovation starts and ends with 'identifying potential synergies', 'acquisition', then "....profit!!!".
For instance, eBay + Skype. They could have done something snazzy -- say, eBay seller webminars with combining web video+VoIP (downstream), and landline/mobile audio (conversation/questions sent upstream asynchronously. So the landline carries part of the audio spectrum). Instead, they just went 'BAU
Back to a cartridge system (Score:2)
Fast, protected and total over view of all the hardware and software of the computer, network and OS.
Display checksums of every upgradable part of the hardware and software.
Re: (Score:2)
I presume websites will be replaced with mail order catalogs from which appropriate site cartridges will arrive in 4-6 weeks?
Kill it with fire (Score:1)
This idea has everything to do with vendor lock-in & DRM; don't let it get outta the gate.
No it doesn't (Score:2)
No it doesn't. Fix the real problem
Re: (Score:2)
So are you asserting that Microsoft will never get Windows to run on this CPU ?