McAfee's proof-of-concept re-creation of Shamoon installs a control application and a kernel level driver that is effectively invisible to the operating system and anti-virus software, and is able to write directly to storage in order to corrupt files and the Master Boot Record (MBR).
Since the OS has been bypassed, the timestamps on corrupted files don't change, and a clobbered MBR means the computer can't boot. Recovering from this situation normally means attending to each computer individually, which is a very time consuming procedure.
But McAfee's ePO Deep Command takes advantage of Intel's vPro hardware features to remotely instruct an affected system to boot from another location, which can be a copy of the MBR or an ISO disc image.
The situation on a Mac is "very similar," Fey said, except that a piece of malware needs to destroy the Boot.efi file in both the main and recovery partitions.
For Windows, protection can be provided with McAfee's Deep Defender, which works in conjunction with Intel hardware features, to protect MBR, Fey said.
The hardware assistance means that even though the attempted alteration is invisible to the operating system and conventional security software, it can be blocked at hardware level.
Disclosure: The writer travelled to Las Vegas as the guest of McAfee.