I’m eager to learn the outcome from Intel’s biggest acquisition ever, McAfee. As company representatives have said in a conference call with Wall Street analysts, they plan to push functionality down from userland to the die chip, just below the OS. And that is a really bizarre rationalization for this acquisition, since antivirus are memory and I/O bound processes, not CPU-bound applications (see “Characterizing Antivirus Workload Execution” for more information), that’s why significant speed-ups aren’t likely to be attained. And all improvements Intel is going to put into the chips should be also offered to other antivirus companies, otherwise they risk facing antitrust action as the EU has forewarned, coincidentally the same reason Microsoft hasn’t be able to make a good antivirus even if everybody would benefit from a development like that (ironically, the last one being a case of a public bad from public intervention).
Security on a chip should be as simple as possible. I still remember the security fiasco within the Intel 286 ring model caused by an undocumented instruction, LOADALL, which rendered it useless. In my opinion, progress will be more in the vein of current virtualization offerings, seeking to improve performance with multiple virtual machines within a host.
Finally, note that EBITDA margins aren’t exactly attractive, in particular for a company like Intel:
[trefis_forecast ticker=“INTC” driver=“1318”]
First off, thanks for linking to my blog. Like the article you linked to, there is a HUGE reason for moving the AV out of user-space and lower in the stack. When you put the AV below the OS (as in down in the processor level) you strip the ability of malware to disable or otherwise circumvent the AV. This is the same principle behind the vShield Endpoint with VMware. Putting the AV outside of the environment that is being scanned does not allow malware to touch or affect the AV.As you also noted, AV is mainly Memory and I/O bound, and both of those have to go through the processor at some point. The logical place to put AV in a system, below user-space and in the hardware, is then the processor. Great to hear that Intel is looking into this.