Symantec offers security for Pentium III

Anti-virus software firm Symantec is providing "detection and elimination" of the Pentium III hack on its Web site, where users can download it. The patch will also be available with the regular weekly virus definitions, the company said.

Even before Intel released its Pentium III processor, hackers were itching to prove that the processor serial number hard-wired into each chip could be retrieved without a user's knowledge, despite Intel's software utility which is designed to turn the ability to read the number off.

The Pentium III's controversial processor serial number has turned into something of a public-relations nightmare. The serial number gives each computer a unique form of identification. Although Intel says it included the code to provide an extra layer of security for e-commerce transactions, among other uses, privacy advocates have said the features exposes users' Web behavior to unscrupulous types. Programmers, meanwhile, have turned the undermining of Intel's security effort into a popular pastime.

After a German technology publication announced it had come up with a theoretical method of retrieving the identification information, a Canadian security firm, Zero-Knowledge Systems, last week announced it had developed an actual ActiveX control which tricks a user into restarting the computer, and then grabs the serial code before the Intel utility can disable it.

Essentially, Symantec has disabled the control which disables Intel's software utility, a utility which was made to "turn off" the Pentium III serial code. Where will it end? Who knows, but the latest move has taken place on the chessboard.

"If they say it's hack-proof, they throw down the gauntlet," said Rob Enderle, an analyst with Giga Information Group. "Anything that exists in software is breakable."

"People love to show that something can be done," said Carey Nachenberg, chief researcher for Symantec. "And once they've shown it can be done, they move onto something else."

Don't expect privacy groups, which are so up in arms about the inclusion of identifying information on the processor that many have called for a boycott of Intel, to be mollified by Symantec's solution.

"This is symptomatic of the privacy arms race that consumers who want to protect their privacy have to start fighting," said Jason Catlett, president of Junkbusters, a privacy group which has called for a boycott of Intel and is supporting a complaint to the Federal Trade Commission about the serial code. "The consumer is expected to keep spending more and more money on taking evasive action and using technology to protect their privacy."

Catlett called the Pentium III "an obvious target of attack for attackers," because of Intel's prominence.

While the Symantec patch provides an immediate fix, "Intel can fix this problem completely and reliably by removing the Pentium III Serial Number feature permanently," he said. "That's what they should do, instead of having a stream of vulnerabilities found and then patched."

"I doubt that Intel is going to capitulate," Enderle said.

Symantec offered a definition of the ActiveX control for its users, Nachenberg said, noting that the so-called "Trojan horse," probably poses no real harm to users. ActiveX and Java controls that trick users into certain behavior are "sociological, not technological," viruses, which are easy to develop but difficult to actually implement.

"There's so many other things you can do with an ActiveX control--reformat a hard drive, steal quarterly numbers, ship a spreadsheet to Bulgaria-- this is minor," he said.

Intel has reiterated this sentiment, insisting that anyone capable of writing this type of malicious code can wreak much worse damage on a user's system. "Obviously, Symantec is doing what they're good at, which is helping prevent malicious code," said George Alfs, an Intel spokesman, recommending that all PC users install similar antivirus software.