Intel is working on software that will immediately notify PC users if they inadvertently download a rootkit like the XCP (extended copy protection) software found on certain music CDs shipped by Sony.
Intel was speaking a little about its vision of the future of computing. That future involves relieving humans from serving as the gatekeepers for reams of information flowing between computers and people, said David Tennenhouse, vice president of Intel's Technology Group and director of research at the company.
The silicon agenda
"We need to connect the computers directly to the data, so the human beings don't have to be the I/O channel, and elevate the role of the human being to a more supervisory role," Tennenhouse said.
One interesting project involves placing a small chip on a PC's motherboard to constantly monitor programs for modifications that might be the result of a malicious attack, said Travis Schluessler, a researcher with Intel.
Sony's XCP software implemented copy-protection policies with rootkit software. Security experts say malicious hackers might have used Sony's rootkit software to launch undetectable attacks.
Sun sets on Sony BMG
The idea behind the Intel project is to protect systems from malicious programs that make their way onto a system and attack application software running in the system's memory, Schluessler said. Many modern worms and viruses, such as the Slammer and Blaster worms, attempt to disable programs running in memory or alter those programs to run the attacker's code and then propagate themselves across a network, he said.
The succinctly named "OS Independent Run-Time System Integrity Services" project attempts to limit memory-resident attacks by detecting changes in application code as they happen, allowing IT administrators to take immediate action, Schluessler said.
For example, an infected PC could be set to immediately detach from the network when an alert is triggered, preventing the worm or attack from spreading beyond that PC, Schluessler said.
Intel doesn't expect its project to take the place of antivirus or antispyware software, but believes it could supplement them, Schluessler said.
The project is tentatively scheduled to become part of Intel's products around 2008 or 2009, Schluessler said.