The desktops they are a-changin'

Patrick Gray talks to Intel about the company's pending vPro hardware virtualisation features, and the effect they will have on PC security.

Intel's vPro hardware virtualisation features will have a dramatic impact on the functionality and security of desktop computers within the next three to five years, the company's Sydney-based business development manager Sean Casey has declared.

"We've grown up in a world where we think 'this is the operating system I run on my PC', and in the next three to five years that could change," he says. "I might start to choose a work environment, and then I'll have my personal environment, and I'll have my entertainment environment and those could all be running on the same system."

The impact on security will be significant also, with companies like Symantec already designing security software that runs on its own operating system stack in a virtualised environment.

While Casey was unfamiliar with reports Symantec is having trouble licensing Windows CE from Microsoft to run its software on, he says these sorts of problems tend to iron themselves out over time. "I can't speak on their licensing, but as these models emerge the industry will figure it out. We had a similar problem when we brought out multicore. How do I do licensing now I have two or four processors in a single socket?" Casey says.

Casey says Intel has invested great effort in building security features into its products, including content inspection capabilities and Trojan and malware detection features utilising a Trusted Platform Module chip. "If someone tried to attach a virus on to a virtual machine... we can check (when it boots, using the Trusted Platform Module) to make sure that hasn't been tampered with and we can lock that out if it has or just refuse the boot process," Casey says.

Intel's security features will also be network manageable, Casey says. "With vPro we're building in things like 802.1x and Cisco NAC to make sure that the vPro management engine can talk encrypted and authorised to the rest of the network," he says.

Content inspection is set to get a lot closer to silicon, too, with Intel's firmware shipping with basic attack detection capabilities. "At a firmware level we've introduced some system defence filters... at the NIC (Network Interface Card) they look at network traffic," Casey says. "If we see funny patterns we can cut it off at the NIC level."

Despite vPro now being in its third generation, Casey says he's unsurprised by the seemingly slow adoption. "This is not an uncommon thing. If you look at the adoption of technology, hardware leads software development," he says. "I remember when we shipped the first USB ports. The reality is we probably had USB for about a year and a half before you had the operating system support and the device support."

Read more on Endpoint security