Intel improves PC security with vPro upgrade

Intel Corp. released an upgrade to its vPro bundle of automated PC management features on Monday, saying the new package delivers better IT security than the original product launched last year.

IT administrators who manage computers containing the new "Weybridge" processor and chipset bundle can improve security by automatically sending software patches to thousands of corporate PCs, Intel said. They can also save money on the electric bill by instructing those PCs to enter a sleep state, or save time by diagnosing a broken computer remotely.

PC vendors Hewlett-Packard Co., Dell Inc. and Lenovo Group Ltd. all announced new desktops based on vPro in conjunction with Intel's announcement, officially called Intel vPro Processor Technology for 2007.

To qualify for the vPro label, a desktop must use Intel's Core 2 Duo processor of the E6550 level or better, a Q35 Express chipset, and other hardware-based networking and virtualization technologies from Intel, said Greg Bryant, general manager of Intel's digital office platform division, during a briefing in Boston.

Although Intel is launching the new vPro bundle in a desktop configuration, it plans to launch a version for notebooks by the first half of 2008, when it upgrades its current "Santa Rosa" Centrino Pro product to a new version called "Montevina."

Compared to the original "Averill" vPro platform launched in September 2006, those upgraded components will make it easier for administrators to manage large fleets of computers. But perhaps the biggest improvement will be in security, Bryant said.

The new vPro system uses virtualization to run certain security software in a protected section of the hard drive, uses time-based filters to detect the patterns of an attack by a virus or hacker, and uses on-chip memory to store network security credentials in hardware instead of vulnerable software.

Those features will not replace conventional software security applications, but are designed to work alongside products from Symantec Corp. and other providers. As security threats have grown more sophisticated, administrators need a combination of software and hardware to defeat them, he said.

"Much security today is based on threats running in software on the OS, which has to be working for them to be effective," Bryant said. "Some things, like how memory is accessed, is controlled by the chipset. So if we don't do it, who is going to do it?"

Compared to the existing vPro product, Weybridge includes enough improvements to attract new corporate buyers, though it will be less useful for small and medium-sized businesses, one analyst said.

"You're not going to see SMBs using this, with one guy reviewing the management console each night. But in the enterprise environment, this kind of thing is pretty critical to keeping costs down," said Dean McCarron, an analyst with Mercury Research. "The last thing you want to do is go out and visit the desktops when you've got 5,000 of them."

Reducing physical desktop visits was one of the primary reasons that Sutter Health, a nonprofit network of health-care providers in northern California, adopted desktops with vPro 2006.