Monday, September 13, 2010

Recent Microsoft and Intel primers on Internet Explorer 9's accelerated graphics point to snappier Web browsing.

Microsoft will launch the beta of the upcoming Internet Explorer browser on Wednesday at an event in San Francisco as competition from Chrome, Firefox, and Safari has spurred Redmond to beef up its graphics acceleration, among other improvements. And Intel is slated to introduce its Sandy Bridge chip architecture, with features enhanced graphics silicon, at the Intel Developer Forum, which begins on Monday.

In a blog posted on Friday, Microsoft spelled out what it says are the merits of "full vs. partial acceleration," while Intel, in a new video, is claiming IE9 acceleration on its Core i series of chips--which will include new Sandy Bridge processors.

Graphics chip-based acceleration (Microsoft calls it "hardware acceleration") shifts some tasks from the main processor (CPU) to the graphics processor (GPU). Mainstream GPUs pack in dozens or even hundreds of processing cores. While each GPU core delivers a tiny fraction of the processing power of a CPU core, combined, they can tackle certain tasks much more quickly and efficiently than a CPU. Intel, for its part, has improved the built-in graphics on its Core i series of processors and will integrate its fastest graphics function yet onto the CPU in its upcoming Sandy Bridge processor.
Microsoft says 'full hardware acceleration' will be implemented in IE 9.

Microsoft says 'full hardware acceleration' will be implemented in IE 9.
(Credit: Microsoft)

In the Microsoft blog, Ted Johnson, program manager lead for Web graphics at Microsoft, explained the merits of a "fully-hardware accelerated display pipeline that runs from their markup to the screen."

In March, Johnson explains, Microsoft released the first IE9 Platform Preview with GPU-powered HTML5 turned on by default, enabling hardware acceleration on "everything on every Web page" including text, images, backgrounds, borders, SVG (scalable vector graphics) content, and HTML5 video and audio. And with Platform Preview 3 in July, IE 9 introduced a hardware-accelerated HTML5 canvas.

Johnson claims that full hardware acceleration is achieved in three steps: Content Rendering (common HTML elements), Page Composition (image-intensive scenarios), and Desktop Composition (composition of final screen display). As a result, IE9 doesn't sacrifice performance for cross-platform compatibility. "When there is a desire to run across multiple platforms, developers introduce abstraction layers and inevitably make trade-offs, which ultimately impact performance and reduce the ability of a browser to achieve 'native' performance" (on the GPU) Johnson writes.

He also cites a demo Microsoft did running HTML5 video on a Netbook running IE9: Microsoft played two HD-encoded, 720p videos using "very little of the CPU" while "another browser maxed out the CPU while dropping frames playing only one of the videos," Johnson writes.

But others are quick to point out that it may not be that cut and dried. "Microsoft marketing is making noises about IE9 having a monopoly on 'full hardware acceleration.' They're wrong; Firefox 4 has all the three levels of acceleration they describe," according to a blog posted Sunday at MozillaZine, an independent Mozilla news, community, and advocacy site.

Intel, on the other hand, is addressing acceleration from the hardware side. The chipmaker released a video Friday showing IE9 running on a Core i5 processor, claiming that "Internet Explorer 9 is hardware accelerated on any piece of graphics hardware that supports DirectX 9."

"The Intel Core i5 processor is calculating the movement of these images and then the built-in HD graphics is actually rendering these images on the screen," said Erik Lorhammer, Sandy Bridge graphics marketing manager, in the video.

Trend Micro redone security suites for 2011 introduce new names for their products and a new emphasis on cloud-based protection. Trend Micro Antivirus+, Trend Micro Titanium Internet Security, and Trend Micro Maximum Security include the overhauled cloud-based Smart Protection Network proprietary engine to protect against viruses, malware, phishing attacks, and other threats.

The suites are notable for the heavy reliance on cloud-based technology and Trend Micro's emphasis on its Smart Scan tech. According to the company, this works by constantly scanning for threats when connected to the Internet, and utilizing locally-cached databases when working offline. The offline database includes protections against viruses and malware that are known to spread by USB keys.

Unlike many of its competitors, Trend Micro does not offer a firewall component, instead relying on the default Windows firewall.

The products differ similarly to many of Trend Micro's competitors. Trend Micro Titanium Antivirus+ 2011 program offers the most basic protection, including antivirus and anti-malware guards, drive-by download protection, and the ability to block links to malicious sites and downloads in instant messages and e-mails. It retails for $39.95 for one PC.

Trend Micro Titanium Internet Security 2011 protects against the same as Titanium Antivirus+, as well as offering protection against unauthorized changes to your already-installed programs, spam blocking, Windows firewall optimization, parental controls and data theft guards. It retails for $69.95 for one computer.

Trend Micro Titanium Maximum Security 2011 includes the same as Titanium Internet Security, in addition to Wi-Fi hotspot authentication, Department of Defense-rated file shredding, remote locking of files and folders in case of theft, a system optimizer, and 10 GB of online backup. Titanium Maximum Security retails for $79.95 for one computer.

While Titanium Antivirus+ is in the mid-range for its category, Titanium Internet Security 2011 and Titanium Maximum Security 2011 are at the high end for their respective feature sets.

Correction: Pricing information has been corrected from an earlier version of this story.

Intel's walled garden plan to put A/V vendors out of business

In describing the motivation behind Intel's recent purchase of McAfee for a packed-out audience at the Intel Developer Forum, Intel's Paul Otellini framed it as an effort to move the way the company approaches security "from a known-bad model to a known-good model." Otellini went on to briefly describe the shift in a way that sounded innocuous enough--current A/V efforts focus on building up a library of known threats against which they protect a user, but Intel would live to move to a world where only code from known and trusted parties runs on x86 systems. It sounds sensible enough, so what could be objectionable about that?

Depending how enamored you are of Apple's App Store model, where only Apple-approved code gets to run on your iPhone, you may or may not be happy in Intel's planned utopia. Because, in a nutshell, the App Store model is more or less what Intel is describing. Regardless of what you think of the idea, its success would have at least two unmitigated upsides: 1) everyone will get vPro by default (i.e., it seems hard to imagine that Intel will still charge for security as an added feature), and 2) it would put every security company (except McAfee, of course), out of business. (The second one is of course a downside for security vendors, but it's an upside for users who despise intrusive A/V software.)
From a jungle to an ecosystem of walled gardens

For a company that made its fortune on the back of the x86 ISA, the shift that Intel envisions is nothing less than tectonic. x86 became the world's most popular ISA in part because anything and everything could (and eventually would) run on it. And don't forget Microsoft's role in all of this--remember the "Wintel" duopoly of years gone by? Like x86, Windows ended up being the default OS for the desktop software market, and everything else was niche. And, like x86, Windows spread because everyone who wanted it could get it and run anything they wanted on it.

The fact that x86 was so popular and open gave rise to today's A/V industry, where security companies spend 100 percent of their effort trying to identify and thwart every conceivable form of bad behavior. This approach is extremely labor-intensive and failure-prone, which the security companies love because it keeps them in business.

What Intel is proposing is that the entire x86 ecosystem move to the opposite approach, and run only the code that has been blessed as safe by some trusted authority.

Now, there are a few ways that this is likely to play out, and none of these options are mutually exclusive.

One way should be clear from Intel's purchase of McAfee: the company plans to have two roles as a security provider: a component provider role, and an end-to-end platform/software/services provider role. First, there's the company's traditional platform role, where Intel provides OEMs the basic tools for building their own walled gardens. Intel has been pushing this for some time, mainly in its ultramobile products. If anyone is using Intel's ingredients (an app store plus hardware with support for running only signed code) to build their own little version of the App Store ecosystem, it's probably one of the European or Asian carriers that sells rebadged Intel mobile internet devices (MIDs). It's clear that no one is really doing this on the desktop with vPro, though.

Then there's the McAfee purchase, which shows that Intel plans to offer end-to-end security solutions, in addition to providing the pieces out of which another vendor can build their own. So with McAfee, Intel probably plans to offer a default walled garden option, of sorts. At the very least, it's conceivable that Intel could build its own secure app store ecosystem, where developers send code to McAfee for approval and distribution. In this model, McAfee would essentially act as the "Apple" for everyone making, say, MeeGo apps.

In the world described above, the x86 ecosystem slowly transitions from being a jungle to network of walled gardens, with Intel tending one of the largest gardens. If you're using an x86-based GoogleTV, you might participate in Google's walled garden, but not be able to run any other x86 code. Or, if you have an Intel phone from Nokia, you might be stuck in the MeeGo walled garden.
A page from the web

None of the walled garden approaches described above sound very attractive for the desktop, and they'll probably be rejected outright by many Linux and open-source users. But there is another approach, one which Intel might decide to pursue on the desktop. The company could set up a number of trusted signing authorities for x86 code, and developers could approach any one of them to get their code signed for distribution. This is, of course, the same model used on the web, where e-commerce sites submit an application for an https certificate.

This distributed approach seems to work well enough online, and I would personally be quite happy to use it on all my PCs. I would also love to hear from users who object to this approach--please jump into the comments below and sound off.
Pick any two

Obviously, security has always been a serious problem in the wild and woolly world of x86 and Windows. This is true mainly because Wintel is the biggest animal in the ecosystem, so bad actors get the most bang for their buck by targeting it. So why has Intel suddenly gotten so serious about it that the company is making this enormous change to the very nature of its core platform?

The answer is fairly straightforward: Intel wants to push x86 into niches that it doesn't currently occupy (phones, appliances, embedded), but it can't afford to take the bad parts along for the ride. Seriously, if you were worried about a particular phone or TV being compromised, you just wouldn't buy it. Contrast this to the Windows desktop, which many users may be forced to use for various reasons.

So Intel's dilemma looks like this: open, secure, ubiquitous--pick any two, but given the economics of the semiconductor industry, "ubiquitous" has to be one of them. Open and ubiquitous have gotten Intel where it is today, and the company is betting that secure and ubiquitous can take it the rest of the way.