The devil is in the DeepSAFE detail


There was something of a media feeding frenzy over the announcement from McAfee during the FOCUS 2011 conference in Las Vegas yesterday that it has, with a little help and a lot of cash from Intel, developed the technology to stop and remediate the kind of advanced stealth behaviour executed by rootkits.

Having spent the last 20 years of my professional life emerged in IT security issues, one way or another, I am perhaps a tad more skeptical than most when it comes to such announcements.

Indeed, I tend to adopt the MRDA approach. MRDA, or Mandy Rice-Davies Applies, refers to The Profumo Affair back in the 1960s and specifically a quote from one of the prostitutes at the centre of the case (the Mandy Rice-Davies in question) who responded to the prosecution stating that Lord Astor had denied having an affair with her by saying "well, he would, wouldn't he?"

In the slightly less salacious case of McAfee/Intel's claim they've produced a rootkit killer, well, they would say that wouldn't they?

There are a few caveats when you look past the hyperbole and somewhat predictable slapping of own backs within the McAfee marketing machine.

Ever since Intel completed the acquisition of McAfee at the start of the year, I have been waiting for the 'next big thing in infosec.' DeepSAFE was a dead cert given both the financial clout that the McAfee/Intel combination has and the unprecedented access to the workings of the hardware inside most of the world's computers it brings with it.

McAfee refers to this as a "new approach" to security and talks about "transforming the security industry" by combining hardware and software to more effectively prevent attacks. Let's get one thing straight right from the get-go, I am not suggesting that the DeepSAFE technology based Deep Defender product announced yesterday isn't a good thing.

It is a given that anything which makes life harder for those who would compromise your systems and steal your data is to be applauded. DeepSAFE technology is designed to sit between the processor and the OS, providing protection to system software in physical memory and enabling an otherwise unseen view of drivers in real time.

This low level visibility into real-time memory and CPU activity, bringing an ability to block or deny potentially dangerous actions, means that prior knowledge of a rootkit is not required in order to detect it at and destroy it. That's great stuff, especially as rootkits are one of the main weapons of those bad guys who have jumped on the Advanced Persistent Threat (APT) cybercrime bandwagon.

Or is it? There are a few caveats when you look past the hyperbole and somewhat predictable slapping of own backs within the McAfee marketing machine. For a start there's the small matter of whether your average enterprise is going to be sold on the idea enough to implement it. While the technology is undoubtedly clever, a quick voxpop polling of a handful of infosec admins at the smaller end of the SME spectrum this morning suggests to me that there is no great appetite to make a move to hardware-based security just yet.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at