[Infowarrior] - Intel's VPro to boost security

Tue Apr 25 07:54:39 EDT 2006

Intel's VPro to boost security

By Joris Evers
http://news.com.com/Intels+VPro+to+boost+security/2100-7355_3-6064609.html

Story last modified Tue Apr 25 03:51:58 PDT 2006

advertisement

SAN FRANCISCO--A killer application for Intel's upcoming VPro business PCs?
Security, the chip giant said Monday.

VPro systems, due to be broadly available in the third quarter, will be able
to run security software in an environment isolated from the main operating
system, making it tamper proof, Intel and security specialist Symantec said
at an event here unveiling the VPro brand.

"It's perfect," Enrique Salem, senior vice president at Symantec, said in an
interview. "You can't disable security. Not only can't the end-user disable
it, malware can't disable it. Hardware is helping us enforce that nobody can
access the bits in this sealed space."

Salem compared running security software in its own space on a PC to
installing a dedicated security appliance. It will run on its own operating
system with access granted only for updates to the security features. This
should foil common attempts by Trojan horses that try to disable security
software on PCs, for example.

Cordoning off the security software is possible through Intel Virtualization
Technology (VT), new hardware support for virtualization. This allows for
the creation of a secure partition on the PC, which can be used to run
applications such as a firewall, intrusion prevention, antivirus and other
security software, Intel and Symantec said.

"This application is very specifically endorsing virtualization at the
client level," Thomas Kilroy, vice president and general manager of Intel's
Digital Enterprise Group, said in an interview. "It is a killer application,
if you will...Now you are able to deliver a level of manageability and
security transparent to the user."

The industry has made several attempts at building hardware to support
security. Perhaps the highest-profile attempt was four years ago, when
Microsoft unveiled Palladium, later renamed Next-Generation Secure Computing
Base. NGSCB also promised to isolate parts of a computer from malicious
code. In addition, it would foil attacks that use logging devices by
encrypting data as it moves between hardware components in a PC.

Today, NGSCB appears to have been put on the back burner. Instead, Microsoft
is adding support for another, more common hardware-based security
technology to Windows Vista: the Trusted Platform Module, or TPM, which
offers protected storage of encryption keys, passwords and digital
certificates.

But Intel is bringing something new to the PC. Virtualization is almost
unknown on client systems. It is common on high-end servers to consolidate
jobs otherwise handled by a group of servers onto a single system.

VPro PCs will allow a single "service partition" that can be host to a
single product. The virtualization technology is operating-system agnostic.
Software makers can include any operating system they like to run their
product on. Companies including Symantec already sell security appliances
that run Linux, for example.

The limitation to the service partition is intentional; it will prevent any
compatibility clashes between software products. "Because nothing else is
happening in this virtual space, any compatibility issues go away," Salem
said. "Administrators are going to be more confident in deploying updates
quickly."

Several software makers are developing products to take advantage of the
technology. These include Symantec, Trend Micro, CA, Altiris and LANDesk,
according to information from Intel and the software companies.

VPro stickers will start appearing during the next few months on PCs that
contain Intel's Conroe processor, a new chipset and an Intel networking
chip, Intel CEO Paul Otellini said at the event.

VPro systems with the virtualization feature are designed for business
users, not consumers, Intel stressed at the event. Symantec, however,
predicts the technology, or something similar, will make it to consumer PCs
at some point.

"Today we use it on business platforms," Salem said. "I expect
virtualization will become a standard part of computing over time,
everywhere."