Intel Corp. and Symantec Corp. plan to release a firmware-based PC security product in the first half of 2007 to stop hackers from disabling virus shields.
This "virtual security solution" will run beneath the OS of a PC using Intel's vPro business bundle, such as Hewlett-Packard Co.'s Compaq dc7700 or Lenovo Group Ltd.'s ThinkCentre M55p desktops.
The product could help to slow the trend of viruses and malware attacks that succeed only because the target PC has already lowered its defenses, either because of a well-meaning user or a malicious earlier hack, said Leo Cohen, vice president of the security technology group at Symantec.
"The trend is for the disabling or misconfiguring of security safeguards, so we will move security out of the user and operator environment," he said Wednesday at the Intel Developer Forum in San Francisco.
"This is something Symantec takes seriously: How do you make your security solutions tamper-resistant? We're working with Intel to put security in the hardware, in the firmware," Cohen said.
Security experts increasingly say that a PC's biggest weakness is its own user, not a faulty firewall or defective virus shield. No matter how much security policies and tools improve, they are worthless unless they're enforced by the IT department, said Malcolm Harkins, general manager of Intel's information risk and security division.
The HP spy scandal has shown how easy it is for hackers to use "social engineering" tactics to breach defenses, whether they are obtaining private phone records by pretending to be account holders, or planting tracking software on a reporter's PC by embedding it in an e-mail with a fake news tip.
Likewise, companies have learned from battling viruses like Code Red, Slammer and Nimda to use networked controls to push patches out to 95 percent of their PCs immediately. But they could spend just as much time and money patching the last five percent, and they can't rely on users to apply the updates themselves, Harkins said.
"If you're using real-time antivirus, desktop firewall, data encryption and weekly hard drive scans, that could slow your system, so some end-users will turn that off," said Harkins.
"People say the perimeter is vanishing, with extranets and mobile computing. But it's not vanishing, it's just just shifted to the people, and they can forget to update their antivirus or talk too loudly on a cell phone in an airport. If you ignore that component, that's going to be the thing that gets you every time."
Indeed, IT administrators say that 28 percent of malicious attacks work because of compromised security, according to an August survey commissioned by Symantec. Whether that security is misconfigured because of employees, poorly-written OS and application patches, or hackers themselves, the trend is increasing, the survey said.