Intel and McAfee

Intel announced on 19 Aug 2010 that it will buy McAfee for around $8bn. This has caused some surprise. Intel does not sell directly to the end-user, and it does not develop application software. It is not obvious what it achieves by acquiring a software vendor. Here’s my guess as to why Intel is doing it.

There is a complex pattern of change going on in the architecture of the server computer. As parts get cheaper and more powerful, they can be reconfigured in many ways. The basic model of one box and one chip per business function (e.g. the mail server, the domain controller) no longer exists.

Virtualisation and Cloud computing are just marketing words, but underneath is a continuous evolution and adaptation of components. The BIOS (very small bit of control code) becomes the EFI (much larger) and then the Hypervisor (even larger bit of control code). Virtualisation is not a new concept. It just signifies that the hardware has temporarily outstripped the operating system in the ability to run diverse tasks. The hardware is sitting there saying "give me more", but the OS can’t isolate them enough, so we put a thin layer in between to share the hardware. Next step is the "OS" shrinks to be task based, like Windows Server Core. Likewise cloud computing is not a new technology. It signifies that fibre optic networks are cheap enough to move servers off site, where they can share resources like cooling and power supply more easily.

One aspect of this continuous evolution and adaptation is that the security risks are changing. It used to be accepted that "inside" was inherently safer than "outside". Outside you need two factor authentication and strong encryption. Inside you can get away with the odd admin password passed over the network in the clear. Now you can’t assume this. For example on shared hardware you need to process security keys (used for disk encryption) outside of shared memory where they might be discovered by different virtual machines on the same physical host.

As a result there is a lot of work going on to improve the manageability and security of computers below the operating system layer.

  • faster and stronger encryption
  • better protection of encryption keys and passwords
  • more isolation of different virtual machines
  • detection of unexpected state changes.

For Intel this includes initiatives such as: Active Management Technology (AMT); Virtualization Technology (VT); and Trusted Execution Technology (TXT). These have also been evolving over the past five years and more. Here is a really good insight into what AMT does: AMT

So I think Intel must have acquired McAfee in order to adapt their antivirus technology for implementation in hardware. This would enable the physical host to scan virtual guests and preserve the integrity of the system. The host would be able to detect if the guest had been altered. It would also be able to detect if shared drivers for graphics and audio had been tampered with. It might even be easier to stop the AV process running away with the CPU, which happens frequently in software.

Why McAfee? I don’t know. I am not aware of any technical superiority between different AV vendors. Perhaps because they have a reasonably good name, client base and income stream. Why not invent from scratch? Only because it would take too long. These are just guesses mind you.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.