Amid growing concern for misconfigured security and smarter malware
Symantec and Intel
first discussed the issue last week at the Intel Developer Forum. As bad as things are in the home, workspace computing isn’t much better.
In a survey of IT managers, published today, the two firms found the biggest concerns for IT managers were security systems that were disabled by really smart malware, disabled by employees or not installed properly.
When the malware isn’t taking down the security, the users are. About 25 percent of IT’s time is spent fixing broken or disabled security systems, and the average PC user needs to have their security safeguards fixed about 20 times per year.
The solution for now has been a combination of multiple layers of security, strict behavior policies and external security appliances.
Now Symantec is proposing a new solution it calls a virtual appliance. The term is something of a misnomer since it conjures up images of virtualization, which it isn’t doing, and an attached security appliance like Cisco’s PIX firewalls, which it is not.
Rather, the virtual appliance would operate in a siloed layer between the operating system and the hardware, utilizing Intel’s vPro security technologies. There’s a fundamental problem when security programs have to run in an operating system that’s vulnerable to malware designed to disable that security in the first place.
“We want to get away from the Windows operating system, which has quite a few vulnerabilities within the OS itself, plus any vulnerabilities in apps installed next to us on the OS,” Gary Sabala, product manager for the Symantec virtual security appliance, told internetnews.com.
“What we’re trying to do is create this isolated silo of an execution environment that we think is much more tamper resistant to threats on the main Windows OS, but is also an isolated environment where the IT manager can have a high degree of control,” added Sabala.
Even with Microsoft hardening the kernel to outside intrusion – and Symantec is having a fit over that – there will be a need for this level of security anyway, said Roger Kay, president of Endpoint Technologies.
“You need to pretty much harden the entire perimeter. It’s helpful to have protection at all levels, including the BIOS and network and everything else. There’s not one tech that’s going to end the game,” he said.
Sabala said the company expects to have some kind of beta product out in early 2007 with a potential product release in mid-2007.