Jump to content

[UPDATED] Intel is offloading virus scanning to its Integrated GPU

Ryujin2003
Quote

Intel is planning to allow virus scanners to use its integrated graphics chipsets to scan for malicious attacks. The change could see performance and battery life improve on some systems. “With Accelerated Memory Scanning, the scanning is handled by Intel’s integrated graphics processor, enabling more scanning, while reducing the impact on performance and power consumption,” explains Rick Echevarria, Intel’s platform security division VP. “Early benchmarking on Intel test systems show CPU utilization dropped from 20 percent to as little as 2 percent.”

 

Intel’s Threat Detection Technology will be available on 6th, 7th, and 8th generation Intel processors, allowing a variety of machines to take advantage of moving some virus scanning activity to the GPU instead of the CPU. Virus scanners currently use the CPU to detect against memory-based attacks, but a machine takes a performance hit as a result. Intel hopes by moving this way from the CPU that performance and power consumption will improve, as typical machines do not fully utilize onboard graphics cards most of the time.

 

Intel is partnering with Microsoft to support this initially, with the change coming to Windows Defender Advanced Protection Threat (ATP) this month. Intel is also working with other antivirus vendors so others can take advantage of this silicon-level change.

This is rather cool. Always thought there could be better optimization between workloads; however, I never would have thought that Inte's threat protection would be something to offload. And it makes sense. If this was used for all AV scanners, it would definitely be something amazing. Being able to offload some workloads to the GPU would help make some of those more entry point electronics feel a bit snappier and less overburdened with tasks that should be routine.

 

I like how it goes back to 6th Gen, so I'm assuming this is more internal chipset or instruction update and not a hardware fix? If the goal is to increase security, especially due to issues like Spectre and Meltdown, would this type of fix actually resolve the issues? I didn't think the integrated GPU had access to as much system resources as the CPU does. So if this works, would it then be possible to use the integrated GPU as an attack vector in the future?

 

Quote

Intel revealed last month that it’s redesigning its processors to protect against a future Spectre-like attack, and it’s detailing some of those silicon changes today. Intel Security Essentials includes secure boot and hardware protections to protect applications from being attacked. These changes, integrated directly into the silicon, are designed to “minimize the impact of security on performance,” according to Intel.

 

Existing Spectre security updates have, in some cases, impacted performance, but that shouldn’t be the case for future processors. “As we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical,” said Intel CEO Brian Krzanich last month. “Our goal is to offer not only the best performance, but also the best secure performance.”

 

Now, the original article's title makes it sound like multiple GPUs, so would this be something that would also be done on a discrete card? I'm sure some people would be unhappy playing Fortnite to then have their GPU also run a full virus scan....  But the added benefits of battery life seems pretty cool. I didn't think the integrated GPU used that much less power than a task on the CPU. (If anyone knows why this would be, please enlighten me).

 

[UPDATE]:

 

Leave it to ArsTechnica to get some good info:

Quote

The company is announcing two specific TDT features. The first is "Advanced Memory Scanning." In an effort to evade file-based anti-virus software, certain kinds of malware refrain from writing anything to disk. This has can have downsides for the malware—it can't persistently infect a machine and, instead, has to reinfect the machine each time it is rebooted—but makes it harder to spot and analyze. To counter this, anti-malware software can scan system memory to look for anything untoward. This, however, comes at a performance cost, with Intel claiming it can cause processor loads of as much as 20 percent.

 

This is where Advanced Memory Scanning comes into effect: instead of using the CPU to scan through memory for any telltale malware signatures, the task is offloaded to the GPU. In typical desktop applications, the GPU sits there only lightly loaded, with abundant unused processing capacity. Intel says that moving the memory scanning to the GPU cuts the processor load to about two percent.

 

Intel is positioning Advanced Memory Scanning as a feature for third parties to use. Later this month, Microsoft Windows Defender Advanced Threat Protection (ATP) will add the GPU-based memory scanning, and in principle, other software could add it, too.

So a little grain of salt in the performance stats. The first source said it can reduce CPU utilization from 20% to as low as 2%; whereas Ars states that this 20% is from the CPU doing these tasks. So, it's definitely event specific; however, if these events are being run and monitored very often, the payoff could be pretty decent.

 

But wait, there's MOAR:

Quote

Next up is Advanced Platform Telemetry. We've seen an increase in the use of cloud-based machine learning combined with endpoint data collection in the anti-malware space. Windows Defender ATP is an example of this: it tracks machine behavior to find usage patterns that seem anomalous, even if they're not known to belong to any specific piece of malware. Windows Defender ATP might notice operating system-level activity such as cryptolocker ransomware opening and overwriting every data file one after the other, for example, and it can highlight that pattern as suspicious, even if the ransomware is hitherto undiscovered.

 

Advanced Platform Telemetry is an Intel-specific twist on this same basic idea. Instead of using operating system-level events, Intel's telemetry uses things like the processor's integrated performance counters to spot unusual processor activity. For example, malware using the Spectre attack might cause the number of speculative branch mispredictions to change in a particular way. The processor actually keeps track of the number of mispredictions, creating data that can be fed into some cloud systems and used to make inferences about system health. Intel says that this will be integrated into Cisco Tetration at some point.

The APT looks pretty cool, and seems like something that would kick in before any type of OS level reaction, which would be very beneficial. Had to Google it, but Cisco Tetration is for analysis at Data Centers, a place where this type of security requirement would be very important. It's nice to see that Intel is able to come up with this; however, there isn't any statement as to which generation processors this will apply to.  Is this something current chips will be able to do, or is this for the next gen CPUs?

 

 

Quote

Intel is also creating some new branding for existing technology. Over the years, the company has added a huge number of security features to its processors and chipsets; there are special instructions, like AES-NI for accelerated encryption, and SGX for creating protected regions of encrypted memory; and there are platform features such as Platform Trust Technology, which provides an integrated TPM, and Platform Firmware Resilience, which protects against firmware corruption.

 

The company is placing a number of these disparate features under a single umbrella term, "Security Essentials." Security Essentials will represent a common set of hardware security features, firmware to enable them, and software libraries to make use of them. Certain Atom, Core, and Xeon-branded hardware will support the Security Essentials platform, so any software running on them will have access to the same range of hardware-based security capabilities.

Glad to see Intel and Microsoft swapping branding terms. I have a feeling that although the GPU scanning can be backwards compatible for processors, the rest of the security fixes will not be functional with preexisting hardware. Since there was no statement as to which generations of processors will support Security Essentials and such, then I think it's safe to assume that you'll have to upgrade if you want the benefits of security...

 

But, at least Intel has addressed some of the bigger issues. Hopefully we will see a statement as to when we can actually see this stuff being implemented.

 

What are your thoughts on this? Do you thing it's great? Do you think there are some unforeseen issues that might arise in the future?

 

 

I wonder if Microsoft's support for this was the issue with the latest botched Windows release that @AluminiumTech?

 

Original source:

https://www.theverge.com/2018/4/16/17244996/intel-virus-scanning-integrated-gpus-memory

https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, TrigrH said:

can't wait for my 6th generation xeon to get no use out of this.

That's why I didn't like the initial article not stating if this is something that would be handed off to a discrete unit or not.

Link to comment
Share on other sites

Link to post
Share on other sites

Good because doing full system scans are resource hogs. I’m guessing Windows Defender and McAfee/Intel Security would be the first ones to implement this followed by others. 

There is more that meets the eye
I see the soul that is inside

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Virus scans (thankfully) no longer make the system completely useless in process of performing said scan, thanks to both multi-core CPUs and SSDs. Back in the dark years of single-core, the system was completely useless for anything during a scan.

 

While the iGPU can be fairly power hungry itself, it is fast enough to crunch data that it is significantly more efficient than using the cpu, assuming one can even get the task to utilize the many execution cores of a gpu.

My eyes see the past…

My camera lens sees the present…

Link to comment
Share on other sites

Link to post
Share on other sites

7 minutes ago, captain_to_fire said:

Good because doing full system scans are resource hogs. I’m guessing Windows Defender and McAfee/Intel Security would be the first ones to implement this followed by others. 

Might be something Intel uses as a sales pitch. Their AV is more efficient and more secure since it's specifically designed for their hardware?

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Ryujin2003 said:

Might be something Intel uses as a sales pitch. Their AV is more efficient and more secure since it's specifically designed for their hardware?

Ain’t gonna buy McAfee antivirus no matter what happens. ?

There is more that meets the eye
I see the soul that is inside

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

When I help friends with their slow laptops I sometimes find them using enterprise grade virus guards for personal use, often with ridiculous and gimmicky levels of protection checking every single action you do. It kills your computing experience .

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Humbug said:

When I help friends with their slow laptops I sometimes find them using enterprise grade virus guards for personal use, often with ridiculous and gimmicky levels of protection checking every single action you do. It kills your computing experience .

I wish I found that. I always have friends with stupid crap like IO Bits and "Super Fast HDD Cleaner"... Maybe we should trade friends.

Link to comment
Share on other sites

Link to post
Share on other sites

8 minutes ago, Ryujin2003 said:

I wish I found that. I always have friends with stupid crap like IO Bits and "Super Fast HDD Cleaner"... Maybe we should trade friends.

LOL

 

What you find is that most people take these programs at face value and assume that all these extra programs do good...

 

"oh look, it says it will optimize my PC, it says it will send every link for checking, this can't be bad" 

 

Whereas when you are Tech savvy you understand that these are just cash grabs and in reality windows/linux manages almost everything just fine on it's own. So you need only a minimal amount of properly selected other utilities..

Link to comment
Share on other sites

Link to post
Share on other sites

uBlock and passive Windows Defender on my PC

UBlock and a manual Malwarebytes scan whenever I do something sketchy on my Mac. (Don't ask what I do on my Mac)

 

Net benefit with this news? None. 4690k is too old (also I think I disabled the iGPU)and MacBook doesn't have to worry about it xD

Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD)
Link to comment
Share on other sites

Link to post
Share on other sites

Not really a big deal for me personally, my 4790K doesn't struggle at all with virus scans. In fact the only computer in the entire house that does is a laptop with a quad core "pentium" (aka a very slightly less shit Atom) and a very very slow 4200RPM HDD.

"We also blind small animals with cosmetics.
We do not sell cosmetics. We just blind animals."

 

"Please don't mistake us for Equifax. Those fuckers are evil"

 

This PSA brought to you by Equifacks.
PMSL

Link to comment
Share on other sites

Link to post
Share on other sites

I wonder if being a gpu they would be able to increase the scope of heuristic scans. I like the idea of using the gpu given in most systems with a dGPU it lies idle on the die.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites

Link to post
Share on other sites

It seems like a good thing in general. Cool.

 

We will see how much, if any difference it makes in practice.

LINK-> Kurald Galain:  The Night Eternal 

Top 5820k, 980ti SLI Build in the World*

CPU: i7-5820k // GPU: SLI MSI 980ti Gaming 6G // Cooling: Full Custom WC //  Mobo: ASUS X99 Sabertooth // Ram: 32GB Crucial Ballistic Sport // Boot SSD: Samsung 850 EVO 500GB

Mass SSD: Crucial M500 960GB  // PSU: EVGA Supernova 850G2 // Case: Fractal Design Define S Windowed // OS: Windows 10 // Mouse: Razer Naga Chroma // Keyboard: Corsair k70 Cherry MX Reds

Headset: Senn RS185 // Monitor: ASUS PG348Q // Devices: Note 10+ - Surface Book 2 15"

LINK-> Ainulindale: Music of the Ainur 

Prosumer DYI FreeNAS

CPU: Xeon E3-1231v3  // Cooling: Noctua L9x65 //  Mobo: AsRock E3C224D2I // Ram: 16GB Kingston ECC DDR3-1333

HDDs: 4x HGST Deskstar NAS 3TB  // PSU: EVGA 650GQ // Case: Fractal Design Node 304 // OS: FreeNAS

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

5 hours ago, VegetableStu said:

if it does, crypto rigs are going to be converted to virus cleaners soon

 

amirite pc building simulator

virus cleaning... on a blockchain.

"If a Lobster is a fish because it moves by jumping, then a kangaroo is a bird" - Admiral Paulo de Castro Moreira da Silva

"There is nothing more difficult than fixing something that isn't all the way broken yet." - Author Unknown

Spoiler

Intel Core i7-3960X @ 4.6 GHz - Asus P9X79WS/IPMI - 12GB DDR3-1600 quad-channel - EVGA GTX 1080ti SC - Fractal Design Define R5 - 500GB Crucial MX200 - NH-D15 - Logitech G710+ - Mionix Naos 7000 - Sennheiser PC350 w/Topping VX-1

Link to comment
Share on other sites

Link to post
Share on other sites

16 hours ago, Zodiark1593 said:

Back in the dark years of single-core, the system was completely useless for anything during a scan

Not even that old, my i3-330M was murdered by McAfee scans.

Quote or tag me( @Crunchy Dragon) if you want me to see your reply

If a post solved your problem/answered your question, please consider marking it as "solved"

Community Standards // Join Floatplane!

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×