Marketing gimmick or real deal?

May 2, 2021 3 Comments

How much of this is a marketing gimmick? Having worked on hardware myself, i know it is very hard to isolate events that cryptominers generate from say some other process like 7zip or dropbox calculating hashes of the files they upload etc, or games even.

https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/

13 PARTICIPANTS SELECT ONLY ONE ANSWER
VOTE VIEW RESULT

comments

Want to comment? LOG IN or SIGN UP
TOP 3 Comments
  • Apple
    testexpert

    Go to company page Apple

    testexpert
    I’m not a hw nerd but what is a “PMU”?

    “Intel TDT applies machine learning to low-level hardware telemetry sourced directly from the CPU performance monitoring unit (PMU) to detect the malware code execution “fingerprint” at runtime with minimal overhead.”

    From a little Googling the “PMU” just seems like better “top” data for CPU utilization. https://software.intel.com/content/www/us/en/develop/articles/intel-performance-counter-monitor.html

    So the real technology here must be the “machine learning” part, which is ill-defined in this context but also where the real “magic” may exist.
    May 2, 2021 2
    • Apple
      Eat it

      Go to company page Apple

      Eat it
      Total crap. Intel perfmon is just a counter for uarch events on a CPU. This "protection" is a watermark on certain counters. There is no chance of this being able to distinguish a real attack from otherwise innocuous code with similar characteristics. Conversely, the malicious coder merely needs to alter the code slightly to bypass this scheme.

      Tossing in "machine learning" as a buzzword to get attention just makes the claim even more disingenuous.
      May 2, 2021
    • Apple
      testexpert

      Go to company page Apple

      testexpert
      Yeah that’s what it seems like..
      May 2, 2021