Researchers Find Glaring Intel ME Security Flaws, Company Outs Detection Tool

[StrayKAT]

Whats the benefit there buddy? Seriously?

Not as much as there used to be.

 

[Tomorrow]

Whats the benefit there buddy? Seriously?

http://www.techadvisor.co.uk/featur...me-vs-windows-10-pro-vs-windows-10-s-3618710/

For power users it's mainly Group Policy that allows more settings finetuning. Also has some enterprise features. But buying a 2000$ CPU and skimping on OS to save 20-80$ makes no sense to me.
Pro version also has better control for the infamous Windows Update and it's forced updates.

 

[cadaveca]

Who runs 7980XE on Win10 Home?

Pro version atleast buddy.

​

http://www.techadvisor.co.uk/featur...me-vs-windows-10-pro-vs-windows-10-s-3618710/

For power users it's mainly Group Policy that allows more settings finetuning. Also has some enterprise features. But buying a 2000$ CPU and skimping on OS to save 20-80$ makes no sense to me.
Pro version also has better control for the infamous Windows Update and it's forced updates.

Uh, Hi!

My name is Dave. I am a PC enthusiast. I do motherboard reviews for this lovely site called TechPowerUp, and get hardware from the companies that make them and then test the products to the extent of their capabilities. Right now, I am using the ASRock X299-ITX/ac, and in order to truly test it's VRM capabilities, I have installed the 7980XE CPU. If I am going to recommend this board, I want to make sure that it is truly capable of pushing this CPU to decent clocks.

The differences in what different versions of Windows offers, especially with this board and its 4 SO-DIMM slots (which limits maximum memory you can install) makes no difference for this testing.


So, I didn't buy a single thing, and yeah, it makes sense for me to do this. I didn't skimp on anything, because it's all free for me. I could have installed the Pro version easily for testing (it's a simply selection when installing the OS), but I try to replicate common installation scenarios.


Thanks for the concern though. I'll be sure to keep that in mind when writing the review for this product. You'll note that when the review is published, you'll see screenshots of a 7900X CPU installed, too. I don't simply install one CPU and test a board and call it done like some other sites might do. I have also played with the 7960X too, but moved from the 16-core to the 18-core because it draws a bit more power. My 16-core is actually one damn fine CPU, to be honest, so I needed to change to a CPU that wasn't quite as good.

Have a Great day!

 

[Tomorrow]

Ah i see. Didn't know it was a review unit.

 

[R-T-B]

It's only a matter of time before AMDs PSP system is affected similarly...

These systems are flawed to the core, and should be disablable in bios.

 

[GoldenX]

At the very least we should have the option to disable them, even more so if we are not in the USA, or any "security sensitive enemy making" country.

 

[rtwjunkie]

Whats the benefit there buddy? Seriously?

Update control, primarily, but for those that don't care or don't need it, not as much as there used to be.

 

[Overclocker_2001]

well.. tested it on Core2Duo ( w7 pro 32b e w8.1 pro 64b), Core2Quad (w8.1 pro 64b ) and no one can read ME info.. maybe it's too old, or maybe is not accessible, dunno
from celeron J1900 ( w8.1 pro 64b ) with latest bios ( years old ) i got this, so i'm fine :-D

 

[lexluthermiester]

Update control, primarily, but for those that don't care or don't need it, not as much as there used to be.

The Update service can be disabled and enabled at will in any version of 10. You just have to go into the management console and edit the service options directly. Turn it on when you want to update, turn it off otherwise. It's not difficult.

This was funny.

Not surprising as the IME software is not installed or provisioned. And I'm not doing so. Still, I wonder...

 

[AsRock]

Remember that news article a little while ago about what OS the ME used? Now you know why it was relevant and important, and why the news came out when it did, after so many years and product generations of Intel products having ME implemented in this way.


Even new systems are affected:

This is actually a pretty serious issue, IMHO. Expect nearly anything released by Intel in he last 5-8 years to need a BIOS update.

And yes, the ME can be updated separately formt the BIOS itself. Some obards even offer the ability to update either part on it's own, while some boards only update both, and some do it separately, but never tell you...

Surly the never systems will get support, how ever those with older systems are screwed as a lot of manufactures will not care either.

 

[rtwjunkie]

The Update service can be disabled and enabled at will in any version of 10. You just have to go into the management console and edit the service options directly. Turn it on when you want to update, turn it off otherwise. It's not difficult.

Yes you can, but not to the detail level of.Group Policy Editor.

 

[remixedcat]

on my Lenovo T430 this makes me worry that "permantly disabling" the feature in EFI/BIOS would be enough

This is the one I got: https://www.amazon.com/gp/product/B01LZAFH54/?tag=tec06d-20

 

[lexluthermiester]

on my Lenovo T430 this makes me worry that "permanently disabling" the feature in EFI/BIOS would be enough This is the one I got: https://www.amazon.com/gp/product/B01LZAFH54/?tag=tec06d-20

Based on the specs related to that model number, that i5 does not seem to be affected. You should be fine. Still, run the utility.

 

[remixedcat]

Good

 

[remixedcat]

Mine does have vpro

 

[lexluthermiester]

Mine does have vpro

Having a "vPro" enabled part does not automatically mean your system is vulnerable.

 

[Totally]

Well that's not how national security works, not after 9/11 & in many places around the world.

No, it does. Then if the NSA/CIA can't take no for an answer they then have to comeback with a warrant or a writ of mandate from whatever

court, secret or not idc, to compel Intel to do so.​

 

[lexluthermiester]

No, it does. Then if the NSA/CIA can't take no for an answer they then have to comeback with a warrant or a writ of mandate from whatever
court, secret or not idc, to compel Intel to do so.

That's not the way it works. Those agencies can request a contract with Intel(or anyone else) to build something for them, a product made in a certain way, but there is no law that requires them to do so. In fact, there are laws that prevent the government from that very behavior. Any company that chooses to engage in such efforts does so at their own discretion. They can not be forcibly compelled.

 

[erixx]

Tool reports I am vulnerable.
Nothing new in Win Update today.
Nothing on mobo maker support site (MSI)

 

[Totally]

That's not the way it works. Those agencies can request a contract with Intel(or anyone else) to build something for them, a product made in a certain way, but there is no law that requires them to do so. In fact, there are laws that prevent the government from that very behavior. Any company that chooses to engage in such efforts does so at their own discretion. They can not be forcibly compelled.

There's a clause in the patriot act that allows the government to get what they want through secret courts. Heck, the San Bernandino case would have probably headed that route had it not been publicized so greatly. Companies can always refuse, and the Gov't has methods to ultimately push the issue as long as they can justifiably do so.

 

[lexluthermiester]

There's a clause in the patriot act that allows the government to get what they want through secret courts. Heck, the San Bernandino case would have probably headed that route had it not been publicized so greatly. Companies can always refuse, and the Gov't has methods to ultimately push the issue as long as they can justifiably do so.

That is not what the Patriot Act grants in the way of authority and powers. Your understanding of such seems very misguided. Intel may have co-operated at will, but the government can not force the issue. Otherwise that same case, where Apple was concerned, would have progressed very differently.

Intel's ME is not a government purposed technology. It is meant for business and enterprise sectors for asset auditing and management. Governments can utilize the technology to the same effect, but it was not specifically designed for them. Additionally, testing has already been conducted the prove the vulnerability can only be taken advantage of if ME is enabled AND provisioned, which requires a software element.