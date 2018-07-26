Intel executives have recently announced plans to redesign their processors at the silicon level in order to eliminate the notorious Spectre and Meltdown vulnerabilities.

However, the company’s current efforts to safeguard computer systems aren’t isolated to this initiative alone. The IT giant is also reportedly planning to implement technologies that will fight new malware threats at the hardware level. These include the Accelerated Memory Scanning and Advanced Platform Telemetry systems. Here’s a lowdown on these new promising technologies.

GPU will help detect viruses

The first solution -- Accelerated Memory Scanning -- will allow delegating the task of detecting memory-based attacks to an integrated GPU. This tends to be done at the expense of CPU productivity at this point, which deteriorates the overall system performance. The technique in question will dramatically reduce CPU load -- according to Intel, CPU utilization dropped from 20 percent down to 2 percent in their tests. As a result, the system will perform better and consume less power.

According to the company, when malicious code resides on the hard drive it can be obfuscated or simply encrypted. Theoretically, when it ends up in memory it becomes easier to detect.

The process of scanning memory for signs of malware is maintained by an Intel driver and runs in the so-called application ring, or Ring 3. However, the capabilities of this solution can be expanded to the kernel, or Ring 0. The scan intensity can be adjusted to GPU load. For instance, if the user is playing a video game, the scan job can be postponed or assigned to spare cores of the graphics processing unit only.

Reddit users argue that this solution should enhance system productivity during games or when powerful vector graphics editors are in use. The CPU resources freed up this way can be harnessed to perform other tasks rather than focus on malware scanning.

Microsoft has already endorsed Intel’s Accelerated Memory Scanning technology, which will be added to Windows Defender Advanced Threat Protection (ATP) module. Intel is also going to partner closely with antivirus software vendors in this context.

One of Reddit residents who responded to the announcement also pointed out that Kaspersky Lab had considered using graphics processors for a similar purpose before -- in 2009, the company was able to accelerate its antivirus system using Nvidia GPU. According to the company, this technique allowed the AV system to perform at least 300 times faster.

When the antivirus found a suspicious file or document that’s not clearly malicious, it would upload that object to the Lab’s data center. Then, the server would compare this file against 50 million known-benign files and programs. Specially crafted virus and spam detection algorithms would then evaluate the risk level and inform the customer’s computer on what sort of security action to take.

Identifying telemetry anomalies via machine learning

Another security solution introduced by Intel is called Advanced Platform Telemetry. It combines telemetry tracking and cloud-based machine learning. Intel representatives state that the system will increase the accuracy of detecting advanced threats.

Rather than analyze events occurring at the operating system level, the technology by Intel will use integrated processor productivity counters in order to track anomalies in its behavior. For example, the Spectre attack may invoke a series of erroneous branch predictions. The statistics on the number of these errors will be submitted to cloud solutions that will evaluate the system’s health status.

Cisco is going to pioneer in deploying the new tools. Advanced Platform Telemetry support will be added to the Cisco Tetration platform, which is aimed at enhancing the security and productivity of data centers. The platform collects data on an organization’s IT infrastructure by means of software and hardware sensors, thereby identifying deviations from the norm in the system’s operation.

Intel is planning to combine the above-mentioned security solutions under the umbrella of Intel Security Essentials toolkit. It will also include AES-NI and SGX instructions. The former is tasked with accelerated encryption, while the latter is used by applications to set aside private regions of code and data. The company’s firmware protection technology is going to be part of Intel Security Essentials as well. The kit will be supported by Core, Xeon and Atom processors.

Photo Credit: Rawpixel.com/Shutterstock