IDF: Intel demos worm cut-off technology

Intel researchers have demonstrated a new hardware system designed to rapidly and automatically quarantine PCs infected with worms of viruses.

Announced at this week’s Intel Developer Forum (IDF), the Manageability Engine technology -- internally referred to as "Circuit Breaker" -- is designed to monitor the number of connections being made by a PC, and assess the integrity of the machine’s security software.

If it detects a higher than normal number of external connections being made, and this can be related to other software anomalies, the PC is then automatically disconnected to stop it becoming a platform from which to infect further machines.

"Worms and viruses propagate so quickly that if you are not able to respond in a matter of minutes, the situation is completely out of control," said Justin Rattner, director of Intel corporate technology, who directed the on-stage demonstration of the system.

Rattner used the example of the Witty worm of 2004 to highlight the reactive limitations of current security methods. The worm spread around the world in only ten minutes and "there was not enough time for human intervention and not enough time for machine intervention," he said.

The Manageability Engine would have been able to stop such a rapidly-spreading worm before it got out of hand because protection was in the same place as the initial infection, rather than monitoring it from a distance as it spread.

"It is looking at changes in traffic pattern behaviour. It doesn't have anything to do with how the virus was coded. It also does a good job avoiding false positives. If your system was disconnected from the network because of a suspected virus on a regular basis, you would be very unhappy," Rattner was reported as saying.

The demonstration used a hardware-based add-in card that the company claimed was also able to detect previously unknown types of infection using pattern analysis. On commercial systems, the implication is that it would be added to a network interface card, most likely as a single chip.

Rattner indicated that the technology was not meant to replace security software, rather to complement it as a way of limiting the damage in the event that it had been compromised.

Recent Canadian IT Jobs

Related Content

Experts see new variants of Windows 2000 worm
Security vendors have reported several new variants of the worm infecting PCs running Microsoft Corp.'s Windows 2000 operating system. Groups of virus writers are competing to cause the most damage, according to one security company, although the worm appears less severe than some first feared.

Sobig.C getting bigger
The Sobig.C virus may only be days old but reports on Monday indicated that the latest form of the Sobig worm has already reached 84 countries.

New Microsoft support worm very unhelpful
A new mass mailing e-mail worm is spreading on the Internet, masking itself as a message from Microsoft Corp.'s support organization.