1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Kaspersky patents hardware-based AV

Discussion in 'Article Discussion' started by Sifter3000, 19 Feb 2010.

  1. Sifter3000

    Sifter3000 I used to be somebody

    Joined:
    11 Jul 2006
    Posts:
    1,766
    Likes Received:
    26
  2. Tulatin

    Tulatin The Froggy Poster

    Joined:
    16 Oct 2003
    Posts:
    3,161
    Likes Received:
    7
    I worry somewhat about the difficulty of disinfecting/infecting the hardware device if it gets hit.
     
  3. Denis_iii

    Denis_iii New Member

    Joined:
    1 Jan 2007
    Posts:
    1,224
    Likes Received:
    14
    aye, i think if it ever becomes standard the virus coders will seek to compromise the hardware device first
     
  4. fodder

    fodder Member

    Joined:
    20 Feb 2009
    Posts:
    162
    Likes Received:
    3
    Queue a pop up stating "your AV firmware is out of date, click ok to auto update..." with malicious firmware.

    No matter how clever they think their protection is, someone somewhere will crack it.
     
  5. l3v1ck

    l3v1ck Fueling the world, one oil well at a time.

    Joined:
    23 Apr 2009
    Posts:
    12,945
    Likes Received:
    17
    Would an extra layer of hardware between your motherboards and SSD affect the drives performance at all?
     
  6. alpaca

    alpaca llama eats dremel

    Joined:
    27 Jan 2009
    Posts:
    1,132
    Likes Received:
    45
    as said before; i don't really see why this is such a really good thing: it'll bottleneck(even with it's own dedicated little computer, it's still another step data has to take before being written to the disk) it will have to have a kind of updateable library (and most probably firmware too) where 'haX0RZ' are going to find their way in and it says you still have to use a 'normal' antivirus.

    so, the point please?
     
  7. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    I think it will be mighty secure against malicious firmware - a simple hash of the firmware encrypted with a private key can then be decrypted in the hardware using the corresponding public key and compared to the hash calculated in the hardware. If the hardware insists on doing this before allowing the firmware to be updated, it protects against corrupt downloads of firmware and (so long as the hashing algorithm, encryption algorithm and private key remain uncompromised) malicious firmware.

    Using SHA-1 hashing together with RSA public key encryption with a suitably long key (2,048+ bits) is pretty much unassailable (based on current cracking techniques) using current hardware.
     
  8. Bauul

    Bauul Sir Bongaminge

    Joined:
    7 Apr 2007
    Posts:
    2,173
    Likes Received:
    38
    I can see this becoming a reality in corporations where hardware performance is about 30 steps down the chain of importance from security. For the average home power user though it's less of a logical step when a good software AV and common sense usually prevails.
     
  9. 13eightyfour

    13eightyfour Formerly Titanium Angel

    Joined:
    9 Sep 2003
    Posts:
    3,393
    Likes Received:
    108
    Agreed it'll be aimed at business rather than home users, people can install a software AV themselves, but average joe wouldnt want to install hardware for it imo.
     
  10. RichCreedy

    RichCreedy Hey What Who

    Joined:
    24 Apr 2009
    Posts:
    4,699
    Likes Received:
    172
    get a netgear utm, should stop things coming in before it even get to puter
     
  11. dworvos

    dworvos New Member

    Joined:
    21 Jun 2008
    Posts:
    6
    Likes Received:
    1
    How about if the company issued an update which creates false positives on OS files? I certainly hope then there's a way to fix the firmware from say a USB key instead of requiring an OS to do it....
     
  12. brave758

    brave758 New Member

    Joined:
    16 Apr 2009
    Posts:
    1,142
    Likes Received:
    29
    Sounds like a good idea.
     
  13. Farfalho

    Farfalho New Member

    Joined:
    27 Nov 2009
    Posts:
    424
    Likes Received:
    2
    Sounds good but how much will we be charged for it? Since Kaspersky is a company and as every company, they want profit. We have to pay for this hardware some sort of way. I use kis and i'm very happy with it. About another intermediate between hdd/sdd and the motherboard I think they have thought it through.
     
  14. Jenny_Y8S

    Jenny_Y8S Guest

    Until the private key gets leaked like it's bound to and then suddenly you've got hardware that can't be patched safely!

    LOL

    I don't think I'll be buying one just yet!
     
  15. LucusLoC

    LucusLoC New Member

    Joined:
    28 Nov 2006
    Posts:
    91
    Likes Received:
    3
    i think this is an interesting idea, but i want to know what the safeguards are. i still think the best way to prevent mot malicious code is to simply protect the RAM. eliminate the buffer overflow problem and the only possible attack left is social engineering based. i think we need to build that memory protection into the os, or perhaps even the hardware. programs should never be allowed to access memory that they have not requested, and should doubly not be able to access memory from another program or the OS. signature based AV, while it has its place, should not be the first line of defense.
     
  16. Kronenbourg1664

    Kronenbourg1664 New Member

    Joined:
    29 Sep 2002
    Posts:
    373
    Likes Received:
    1
    Presumably a striped raid array would make the device useless?
     
  17. AstralWanderer

    AstralWanderer New Member

    Joined:
    17 Apr 2009
    Posts:
    749
    Likes Received:
    34
    Any signature-based technology is going to be limited by the use of encryption/obfuscation/compression to disguise malware - Kaspersky's hardware, as described above, would have to handle every algorithm (including all versions of Zip, RAR, ACE, 7-Zip, UPX, etc), detect self-modifying code (to deal with custom compression routines), detect application exploits (like malicious PDFs or JPGs) and be able to understand every feature of every file system (NTFS and FAT32 for Windows; Reiser, ext2/3, JFS for Linux, etc) if intercepting hard-disk traffic.

    Kaspersky's software scanner currently does much, but not all, of the above (it also includes an option to scan for known vulnerabilities in any installed software). Doing the same in hardware would make it critically reliant on updates (e.g. to handle file-system changes introduced in a new Service Pack) and failure could result in significant data corruption, or even an unusable system.

    A more certain option would be to restrict certain actions (most rootkits require a reboot for example) and to ask the user first (e.g. "Did you just ask your computer to restart? If not, then program X is trying to do so without your consent - should it be quarantined instead?"). There are some programs that provide similar features (sadly, the one I use, System Safety Monitor, is no longer commercially available since the company closed down) but they then rely on users making the correct choice. This approach can't be handled easily by hardware (aside from restarts) since it requires access to operating system internal data (running processes, etc).

    As a result, many companies, including Kaspersky, seem to be using the "whitelist" approach (building up lists of legitimate programs). This is probably where the future of anti-malware programs will be - especially for companies and NGOs which (for commercial or political reasons) may face attack with custom malware, undetected by any scanner.
     
  18. metarinka

    metarinka New Member

    Joined:
    9 Feb 2003
    Posts:
    1,844
    Likes Received:
    3
    I liked the idea, if only for the fact that it would catch more virii with high level access, such as the infamous rootkits on usb keys and the likes.

    I'm guessing you would update it via usb or someother such thing below the OS level, and while no system is impossible to hack. it would be much harder to bypass and infect a piece of hardware built on a custom platform than to hack a software AV system.
     
  19. ssj12

    ssj12 Member

    Joined:
    12 Sep 2007
    Posts:
    686
    Likes Received:
    1
    i wonder, if someone installed this on an infected PC, would it scan the PC before the OS loads killing a virus.

    if it did something like this, it would have massive uses.
     
  20. Tulatin

    Tulatin The Froggy Poster

    Joined:
    16 Oct 2003
    Posts:
    3,161
    Likes Received:
    7
    I think it would need some sort of boot CD in order to function that way, but it's a neat idea. That said, an automated cleanup mode would be a mixed bag; after all, it would be terrible for a bad set of updates to flag a few critical system files as infected, and have the device delete them. Granted, that's not to say that little nasties like virut don't already infect critical .exes.
     
Tags: Add Tags

Share This Page