Intel's anti-rootkit solution

One of the limitations of security software running on the CPU (central processing unit) is that as soon as an attacker gains root-level privileges, such as via rootkit, then that level of privilege gives them the ability to compromise any software running on that system. What Intel can provide is platform hardware and firmware that is much more difficult to compromise, because it is separated from the primary OS (operating system) and CPU. One of the things we've designed this technology to do--to detect problems that we don't know about yet, what we call in the industry day-zero worms and viruses. Those worms and viruses that come out, and we don't know what they look like. This technology is simply looking for changes to protected programs. It could be any kind of change--any kind of worm payload or virus payload or rootkit. As long as it changes one of those protected programs or stops one of the security agents that we're monitoring, we can detect it, regardless of what the actual signature is.
>> Link