DeepSAFE Unique Hardware-Assisted Malware Protection

New security solution has been introduced today by MacAfee, DeepSAFE is security platform comes to control and block malwares at the lowest level. According to the company, the platform will provide antivirus under the operating system, in the virtuale layer that makes use of the VT hardware-assisted virtualization.

Rootkit have been changing their code and technique to infect as much as possible victims with hiding their presence and the main battle with operating system are who get loaded first. These challenges made antivirus companies look into hardware component such as your PC’s BIOS, graphics card, and expansion ROMs like the PXE booting capabilities of enterprise NIC cards, as they offer a perfect place where rootkit code can be stored safely away from security software based detection tools.

With the rollout of DeepSAFE, McAfee delivers:

  • A technology platform for future security solutions
  • A trusted view of system events beyond the operating system
  • A new method to block sophisticated advanced persistent threats (APTs) and stealth techniques in real time, before they have a chance to hide
  • The ability to uncover threats that traditional operating system-based security does not detect

If security companies are going to provide security by using virtualization, than we can expect an increase in the new age VM aware malware with three classes:

  • VAM (Virtualization Aware Malware) this type of malware are able to detect the virtual environment and behave differently (terminate, stall) or attack the VM itself.
  • VMBR (Virtual Machine Based Rootkits) this is a well-known rootkit that infect native OS inside a VM without its knowledge by modifying existing virtualization software.
  • HVMR (Hypervisor Virtual Machine Rootkits) this rootkit leverages hardware virtualization support to replace the underlying hypervisor completely with its own custom hypervisor and then envelope the currently running operating systems (hosts and guests) on-the-fly.

Customization of rootkits requires new ways of security, DeepSAFE is the first and uniquely capable to deliver hardware-assisted security under the Security Connected framework from McAfee, providing protection never before possible from software-only solutions.

References:

(1) http://www.mcafee.com/us/solutions/mcafee-deepsafe.aspx

(2) “Hacking exposed malware & rootkits” by Michael A. Davis, Sean Bodmer, and Aaron LeMasters.

Share