Intel announced some new innovations in anti-virus technology that leverage GPUs and AI to enhance malware protection. The company calls it Intel Threat Detection Technology (TDT), and it consists of two technologies that are meant to speed up virus scans on consumer computers and enhance real-time threat detection in data centers.
Memory Scanning Sped Up With GPU Power
The first part (and most relevant for most users) of TDT is called Accelerated Memory Scanning. Memory scanning is a part of antivirus scans that checks for suspicious patterns in memory access. The idea is that checking the memory footprint of all currently running processes might reveal a malware whose code is well disguised enough that it managed to slip by the file-checking part of the scan. (The latter just checks every file on your disk to find executables that resemble known viruses, whereas the former is meant to catch viruses in execution.)
Running the memory scan is traditionally a CPU-intensive task, but Intel’s new method offloads it onto the GPU. The massively parallel nature of GPUs is well-suited to the task and, according to Intel, can bring the CPU usage of a memory scan down to 20% from 100%. This both speeds up the scan and leaves a computer usable while the scan is running. Intel said that Microsoft will soon integrate Advanced Memory Scanning into Windows Defender, which is Window’s built-in antivirus. There, it will speed up Full scans, which are currently run manually in the Advanced scan section of Windows Defender Security Center.
Intel processors from the 6th-gen (Skylake) and beyond will be able to perform Advanced Memory Scanning. The speedup will hopefully allow Full scans to be run more often and possibly even automatically. Currently, Windows 10 only runs Quick scans, which only does file scanning and basic memory scanning, automatically.
Real-Time Threat Recognition With AI
The second part of TDT is probably less relevant to consumers, but it’s interesting nonetheless. It’s called Intel Advanced Platform Telemetry, and it’s targeted at data centers and cloud-computing farms. It uses machine learning to analyze telemetry data of running computer systems.
“Telemetry data” here probably means any number of data points that Intel can snoop from its processors to characterize their activity. Intel didn’t expand on specifics, but we imagine that these could include cache misses and branch target misses, which are at the center of the Spectre and Meltdown vulnerabilities. The idea is that AI will be able to better recognize when processors are behaving abnormally, which could signify that they’re executing malware.
Whether TDT is a sign that Intel is truly sticking to its commitment of putting security first is up for debate, but it’s good to see the company leveraging its broad adoption in the market to improve security for both corporate and regular consumers.