Intel/McAfee: It’s Not About PC Anti-Virus

If Intel wanted anti-virus, it would have licensed McAfee. This deal is about something much bigger, says Wayne Rash

To most observers, McAfee means antivirus software. It’s one of the big AV companies that have been around since the birth of malware, and it competes well against market leader Symantec.

For people who think computer security is really just about this topic, the acquisition of McAfee by Intel doesn’t make a lot of sense. But in reality, Intel didn’t buy McAfee just so it could have its own PC-based security software. If that’s all Intel wanted, it could simply license it.

The big hole: devices which aren’t PCs

But what most analysts are missing is that there’s a huge, and rapidly growing, universe of network-connected devices that are quite simply unprotected: a wide range of products from network-connected printers to Internet-aware security systems in buildings. These devices can be cell-phone switching systems, power grid controllers and HVAC systems, and they can also be network-equipped television sets, DVD players and DVRs. There are even network-equipped kitchen appliances. And we haven’t gotten to the mobile devices that people carry around, such as iPods, smartphones and GPS receivers.

At first glance, it’s hard to see how these network-attached devices could threaten your enterprise, but on further inspection, networked devices are perhaps the single greatest area of risk in security today. Perhaps more importantly, their presence is growing very quickly. They are, in a sense, a fallow field just waiting for a crop of malware.

I was reminded of the nature of this threat when I was at Best Buy a couple of weeks ago shopping for a new television set. My old rear-projection set had given up the ghost (that’s a technical term for “being broken”) and rather than spend more than it was worth getting it fixed, I decided that the time had come for something bigger, better and without the complexity of older high-definition technology.

What I hadn’t expected was the flood of new consumer electronics that has reached the market lately boasting network connectivity. Every major vendor of televisions featured 802.11n wireless connectivity on some models, and some had wired Ethernet as well. There were network-aware Blu-ray players in all price ranges. Each of these devices included the ability to browse for video content, which of course meant that each contained a Web browser. None, as far as I could tell, included any sort of security.

The same thing is true of network-aware devices in the office. Nearly every printer intended for the business environment is network-capable. Fax machines come with Ethernet connections these days. And of course employees at all levels are using their office computers to charge and sync their mobile devices. Almost none of these has any sort of security. The only reason I can think of that these devices haven’t been used as malware vectors is that the criminals who create malware haven’t gotten around to it. But there will come a time when some devices reach a critical mass, and—because of the unique vulnerability of these devices—start serving up attacks against your network or someone else’s.

Networked devices – the hidden danger

This unique vulnerability of network devices doesn’t lie so much in their design as in how they’re used. Ask yourself whether you’d even notice if your Blu-ray player were flooding the Internet with malware packets. And if you noticed strange activity, would you know what to do about it? In some ways the threat posed by mobile devices is even worse since they have a more direct connection to the Internet. Would you know if your iPhone were acting as a zombie on a botnet? The most you might notice would be somewhat shorter battery life. And of course you’d notice the huge AT&T bill for data use, but by then it would be too late.

And if you think the picture is bad now, think about next year and the year after. As time passes, network-equipped devices will begin to multiply. In a year or two they will be ubiquitous. In addition to being ubiquitous, they will be unprotected. This is the future that Intel sees, and it’s why the company bought McAfee.

As nice as it might be to have a profitable business selling AV software, it will be a lot nicer for Intel to have the in-house expertise to create hardware-based security for as many of those network-equipped devices as it can supply network interfaces for. And remember that one of Intel’s big products is a line of wired and wireless Ethernet interfaces. Providing an interface with built-in security would be a real differentiating factor that could help Intel gain market share in the non-PC world, and this is the part of the industry that’s growing the fastest.

Now imagine one more step. Once there’s a vast universe of hardware-based security, there needs to be a way to update that security, since a static solution won’t be useful for long. Because these devices are already connected, all Intel and McAfee need to do is create an ecosystem of device updating and reporting that not only keeps the protection current but also reports on emerging threats, much as McAfee’s current computer security products do.

Once this happens, you’ve got a subscription model that’s groundbreaking, while also providing a significant level of protection for the Internet at large.