Intel to Take PCs Virtual

Company aims to upgrade machines with virtual apps

Intel is eyeing a plan to use software to boost a PCs ability to fight hackers, talk on the phone and even capture television programs in the future.

The chip maker, which launched its security- and manageability-focused vPro brand on April 24, is contemplating a standard method for adding virtual appliances—purpose-built software applications that run on top of their own miniature operating systems inside virtualized partitions—to PCs, an Intel executive said.

The effort could change how PCs use virtualization—technology that can divide up computer resources to run different software—by allowing manufacturers, as well as businesses and consumers, to add one or more virtual appliances to their PCs to boost security or to add communications capabilities or even entertainment features.

The approach could speed up the adoption of virtualization in the PC space. Today, the machines have little in the way of virtualization software available to them. "The way were setting it up is youd just go to one vendor … and they would provide you everything youd need" for an appliance to do a job such as enhancing security, said Mike Ferron-Jones, director of Intels Digital Office Platform Division, in Santa Clara, Calif.

vPro desktops, due next quarter, will be able to handle virtualization software such as VMwares VMware Workstation or XenSources Xen.

The first security and manageability appliances targeted at vPro PCs will come from Symantec and Altiris, Intel officials said.

Security software maker Astaro and PC maker Lenovo Group also have crafted virtual management and security appliances. Astaro introduced on May 10 its Security Gateway for VMware, which it claims is the worlds first network virtual security appliance.

Lenovo, for its part, is nearing the introduction of a virtualization-appliance-like software module designed to augment its Rescue and Recovery software. Rescue and Recovery 3.1, like its predecessors, will back up a PCs data and then restore it upon a crash or after a malware attack.

A feature called Antidote Delivery Manager, which works to patch software before its restored on a PC to ensure that a machine wont become reinfected, will gain a virtualization module, said Lee Highsmith, program manager for ThinkVantage Technologies at Lenovo, in Raleigh, N.C.

The module will turn Antidote Delivery Manager into a virtual appliance of sorts, allowing the application to reside in its own partition, making it more resistant to crashes and ensuring it can still be reached by IT managers even if the PCs operating system has been compromised, Highsmith said.

But not everyone is sold on virtual appliances yet. While Intels work around virtualization could provide major benefits for security, theres still some question about whether the appliance approach couldnt be exploited as an entry point for hackers, said one analyst.

"If someone did breach the device on this level, theyd have fresh access to the processor, and theres a good chance that you might never know that someone has gotten in there," said Andrew Braunberg, an analyst for Current Analysis, based in Port Washington, N.Y.

Building the virtual appliance

* Goal Replace separate, hardware-based appliances or add new features to PCs

* Goal Replace separate, hardware-based appliances or add new features to PCs

* Benefits Improved security, greater manageability and improvements in applications such as VOIP (voice over IP); developers can create custom applications that live within a virtual partition and are both harder to defeat and often more capable than software that runs on top of an operating system