Intel to eliminate zero-day threats, pigs to fly

Filed Under: Malware, Vulnerability

Intel's Chief Technology Officer, Justin Rattner, has been pretty gung-ho with the world's technology press in the past week. His approach seems to have worked, if even a few of the breathess headlines are to be believed.

From "Intel Technology Will Eliminate Zero-Day Threat" to "Intel Developing Zero-Day Proof Security System", you'd be forgiven for thinking that we're at the Beginning of the End of vulnerabilities and exploits.

And one might also think that all pigs are fuelled and cleared for take-off.

Applying in-chip solutions to security problems is hardly new. Intel's own 80286 processor, for example, was its first widespread desktop PC chip which provided strong memory protection.

Back in 1982, the 80286 supported byte-granularity memory management based on segments, descriptor tables and selectors. (Chip makers seem to favour extensive and expansive nomenclatures.)

In theory, the 286 would have allowed an operating system to use the CPU itself to detect and prevent any buffer overflow in any memory block in any process. Even a memory overrun by a single byte could be prevented in hardware.

In 1985, the 80386 brought memory paging as well as the selector system, making both page-granularity - usually 4KByte - and byte-granularity memory overruns automatically detectable and preventable.

By 2004, Intel had followed AMD's lead and added a no-execute bit (called XD, for Execute Disable, in Intel's terminology) to its paging system so that memory pages - but not individual bytes - could be marked as "data only", preventing memory overruns from executing untrusted code injected into data buffers.

These approaches have, collectively, helped operating system vendors to improve security, but not to perfect it. So is it likely that Intel will be able to do what has eluded it so far, and to eliminate zero-day exploits entirely through hardware? No.

A zero-day, by definition, is simply an attack of any sort which becomes known for the first time publicly before there is a fix for it. Zero-days don't always depend on buffer overflows or other deliberately-provoked misbehaviour in the management and use of memory.

Attacks sometimes involve the malevolent but unexpected use of an existing legitimate feature - a left-over design decision, perhaps, from a more innocent and trusting era. One example is the so-called WMF vulnerability - a feature in Microsoft's Windows Metafile Format which purposefully allowed remotely-delivered files to specify code to execute.

Whilst a crazy-sounding idea today, this WMF feature dated back to an era in which remotely delivering such files was simply not considered. They existed simply as a sort of local cache for recording and repeating Windows graphics operations. The exploitable code - which predated even Windows 95 - was harmlessly forgotten until rediscovered by an attacker and used for malicious purposes.

I'm sure Intel's recently-promoted innovation is going to give one more headache - hopefully a very serious headache - to the Bad Guys. But stories about eliminating attacks altogether just sound too good to be true, especially when they are shrouded in such secrecy - as in this case - that no details are revealed of how they might work.

It's a pity that Intel's work has been touted in such hyperbolic fashion. Headlines like "Intel to add new low-level layer of computer security" would, surely, have been much more meaningful.

As it is, you'd be forgiven for assuming that the need for any other security precautions will evaporate when Intel finally releases whatever-this-is.

And if you do, be sure to have your camera handy. The pigs will be overhead soon.

, , , , , , ,

You might like

6 Responses to Intel to eliminate zero-day threats, pigs to fly

  1. Marion · 1677 days ago


  2. Tony Smit · 1677 days ago

    Pigs won't be cleared for takeoff until they have lipstick.

  3. Brian · 1676 days ago

    But they PROMISED!

  4. Prapp · 1676 days ago

    Is this not the same security feature that Intel announced at last year's SAP Conf in San Fran?

  5. Glenn · 1676 days ago

    Better break out the umbrellas! Every time those pigs fly, we on the ground usually have to deal with the fall-out!

  6. Thu Win · 1675 days ago

    I guess that the new chip would prevent buffer over run vuln but it won't protect fake avs and other non buffer vuln. Also, if Intel put a security scanning software into their chip would that protect most malware?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog