news computer tutorial phone cell software

In the future, you may not have to buy antivirus software for your laptops and mobile devices if Intel is able to live up to the promise of integrating technology from acquisition target McAfee, experts said on Thursday.

In announcing its plans to acquire security company McAfee for $7.68 billion, Intel executives said they see security as being as critical to computing as performance and connectivity and that they plan to combine security with its hardware and expand further into the mobile market.

While Intel has been pushing more and more functionality down into the chips, a marriage with McAfee will mark a shift away from the security firm’s traditional product strategy, experts told CNET.

“Delivering security in Intel products and platforms is a huge departure from the way McAfee has delivered security technology in the past, as an add-on software product to an insecure platform,” said Chris Wysopal, chief technology officer at Veracode. “This is where security needs to be, baked in.”

The strategy dovetails nicely with the fast adoption of mobile devices and the more guarded move to cloud computing, where data is stored on remote servers instead of on local computers and accessed over the Internet, he said.

“I think this acquisition shows the critical importance of security in our now mobile, increasingly cloud-based, everything-always-connected world,” he added. “Everyone building hardware and software needs to be thinking about the security of those products from the very beginning of their design, and customers are going to demand it. Anything less is not going to cut it in the computing environment of today.”

For businesses in the mobile security market, the deal is seen as further validation that they are on the right track.

“Intel’s acquisition of McAfee signals to the industry that smartphones and other connected devices are joining the web of devices we trust with critical data and that these devices need to be protected,” said John Hering, chief executive of Lookout. “We have seen threats rising across the major mobile platforms and expect this trend to increase as mobile devices continue to become the dominant computing platform.”

Don’t expect to see security software hardwired onto the chip, said Tim Bajarin, president of analyst company Creative Strategies. Rather, there will likely be a bridge on the core CPU (central processing unit) to a security element, much like there are bridges to additional graphics chips and modems, he said.

“This particular deal allows Intel and McAfee to work together to tie future generations of software security to the processor via some sort of SOC (system-on-a-chip) solution,” Bajarin said. “Today if a hacker wants to come into a system it almost always is done through software. But Intel and McAfee are capable of adding even another level of security, which would make a hacker have to break the hardware code as well as the software code.”

McAfee will still sell antivirus and other security software, but their work with Intel could change the technology landscape fundamentally down the road, according to Bajarin.

“Intel becomes their strategic partner for them to innovate with on next-generation security software that can go all the way down to the chip level, and that has not been done yet by anybody,” he said. “It will be fascinating to watch not only how they innovate, but how they go about securing everything from servers and PCs to wireless devices. That will be their challenge.”

Marc Maiffret, chief technology officer at eEye Digital Security, predicted Intel would add the security in hardware at the device level but not necessarily at the chip level, while eventually phasing out McAfee’s software-based products.

“TVs and other devices and cars continue to have more and more embedded Internet connectivity and really are becoming computers, and Intel sees the opportunity to bring McAfee’s intrusion prevention and antivirus across all the devices,” he said. “Intel was in the antivirus security market in the late ’90s with the LANDesk product, but they sold it off to Symantec, so they definitely are not going to be getting back into that classic security software business.”

Several analysts questioned why Intel executives felt they need to acquire McAfee to get the security enhancements in future products when they already have development partnerships with McAfee and others.

“I think it’s going to be more of a chipset assist than embedding everything in the chip,” said Josh Corman, research director for enterprise security at The 451 Group. “And many of those opportunities will be open to McAfee’s competitors…and have been happening with joint development. They are going to continue to have multiplatform support.”

Peter Firstbrook of Gartner was similarly skeptical.

“If Intel creates some firmware hooks for McAfee to exploit, then other security vendors can exploit those APIs as well,” he said. “Most significantly, all the antimalware vendors have had security products for cell phones for years, but nobody has been willing to pay for it because the threat environment has been relatively benign and the ISPs or device manufactures are building security into the network or the device.”

The shift to “baked-in” security and the focus on integration that the deal will require will definitely impact McAfee’s existing business, Chris Silva, a senior vice president of research and service delivery for research firm IANS, predicted in a blog post.

“We’ll see a stagnation of innovation for McAfee’s existing product line and a drain of talent who leave the company seeking greener pastures at smaller, more-focused vendors that are iterating on a product and security approach,” he said.

Microsoft issued an advisory on Monday about a security issue that could leave many Windows applications vulnerable to attack.

The advisory deals with a type of attack mechanism known as DLL preloading, or binary planting. Although the attack mechanism is not new or entirely unique to Windows, Microsoft acknowledged that there appears to be a new remote-attack vector that could allow more systems to be attacked quickly.

Two researchers at the University of California at Davis published a paper earlier this year on how programs that were vulnerable could be automatically detected. In recent days, security expert and Metasploit creator HD Moore published more information about this issue and is adding the vulnerability to his Metasploit program.

Moore said he did so in an effort to both make customers aware and encourage vendors to patch their applications, and he noted that he opted not to publicly list all the affected programs, though he did release a tool that helps users uncover which of their software could be vulnerable.

“As a compromise between releasing the full list of affected products and not saying anything at all, I decided to push a generic exploit module to the Metasploit Framework and release an audit kit that can be used to identify affected applications on a particular system,” Moore said in a blog post.” The audit kit should make it easier for other folks to identify vulnerable applications and hopefully have them addressed by the vendor.”

The existence of such proof-of-concept code makes it likely that an attack could appear in the wild soon, according to Joshua Talbot, a senior intelligence manager for Symantec security response. “Attackers then look at that and try to adapt it for their own uses,” he said.

Last Thursday, security research firm Acros Security warned that iTunes was vulnerable to such an attack. However, Moore and others point out that the vulnerability appears to affect far more than just iTunes, with potentially dozens of Windows programs similarly open to attack.

In the past, such attacks have required a malicious library to be implanted onto a local system. However, new research shows how the malicious code could also be planted on a network share, potentially making it much easier to attack vulnerable systems.

In its advisory on Monday, Microsoft said it has also issued guidance to developers on how to avoid the vulnerability and that it is checking its own code to see if any Microsoft products are at risk.

“We are currently conducting a thorough investigation into how this new vector may affect Microsoft products,” Microsoft said in a blog post.

Microsoft said it has also released a software tool that “allows system administrators to mitigate the risk of the vulnerability in question by altering the library-loading behavior for the operating system or for specific applications.”

Attacks using such libraries have been growing, as Windows and other operating systems have become more hardened to attacks that exploit memory corruption flaws, Talbot said.

Talbot recommended that users look at a mitigation suggested by Microsoft that involves changing a registry key setting so that libraries cannot be loaded over a network. Talbot also suggested that users take other steps, such as being cautious when clicking links or visiting unknown sites and also to make sure that their antivirus software is up-to-date.

Current antivirus software won’t necessarily stop a vulnerability from being exploited, Talbot said, but the software can sometimes detect the payloads that an attacker might try to install on a vulnerable system.

Facebook on Friday afternoon was investigating what appeared to be a new spam scheme that results in users getting messages from friends over Facebook chat that have malicious links.

The messages say “LOL is this you?” and are accompanied by a link that looks like it leads to a video on Facebook, one victim told CNET. In his case, clicking the link directed to a Web page with a “404-Page Not Found” error message and his account sent the spam out to at least one of his friends, he said.

The spam was also reported on Twitter, but at this point the outbreak seems to be minor.

A Facebook spokesman said the company is looking into the matter.