Last week I had dinner with the CEO of a very successful software company. He told me that 30% of all downtime for his products was caused by anti-virus software.
Given the sophistication of today's malware, it's clear that a new approach is needed to anti-virus software.
Intel introduced a virtualization component to their chipset a few years ago. When they acquired anti-virus company McAfee, they collaborated to leverage their "VT-x" chipset to catch advanced persistent threats and root kits, both of which run at the same privileged level as the typical anti-virus products. The VT-x chip enables a security monitoring process which runs at a low level in a very highly privileged status in the chip. It can monitor CPU and memory state changes and flag, quarantine or stop anything it sees as suspicious. All new Intel-based, Windows 7 machines include this capabilities. Here's a white paper about it.
For those of us who live in the trenches of information technology, malware and root kits are the bane of our desktop management staff because they cannot be cleaned with existing standard antivirus software and require re--imaging the machines.
Anti-virus on a chip that cannot be disabled by malware. That's cool!