Intel used the Intel Developer Forum (IDF) in San Francisco earlier this week to announce DeepSAFE, a new PC security technology developed in conjunction with McAfee, which Intel purchased for $7.68 billion earlier this year. According to McAfee and Intel, the new technology leverages hardware features of the latest Intel processors to work below the computer OS to create a new hardware-assisted approach to PC security.
According to McAfee, elements of DeepSAFE technology sit just below the OS and above PC hardware, a unique position that Intel and McAfee claim will provide a "direct view of system memory and processor activity that other solutions can access." A McAfee DeepSAFE FAQ provides more detail on how the technology will help defend PC systems against rootkits and other security threats (from the DeepSAFE Technology FAQ):
McAfee DeepSAFE technology exposes the kernal mode rootkit behavior that easily hides malware from OS-based security. Kernel mode rootkits are some of the most insidious and hard to detect. DeepSAFE is designed to detect and block suspicious behaviors that are characteristic of many of those rootkits in real-time before they have a chance to spread and hide malware and APTs.
According to comments made at IDF by Candace Worley, McAfee's senior vice president and general manager of endpoint security, enterprise products with DeepSAFE functionality should ship in late 2011. DeepSAFE is currently designed to work with Windows 7, but McAfee anticipates that DeepSAFE will work with Windows 8 upon release and is evaluating the possibility of bring the technology to Android mobile devices as well. Although the technology has been developed by Intel and McAfee, the DeepSAFE implementation uses Intel VTx technology that ships with Intel vPro and Core i3/i5/i7 processors, so other security vendors should conceivably be able to leverage DeepSAFE technology with their own software security products.