Submitted by josefStallman in security_culture

Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward.

Those two computer companies are pretty small players in the multi-billion dollar PC industry. But it turns out one of the world’s largest PC companies is also offering customers the option of buying a computer with Intel Management Engine disabled.

At least three Dell computers can be configured with an “Intel vPro™ – ME Inoperable, Custom Order” option, although you’ll have to pay a little extra for those configurations.

Intel’s Management Engine is a hardware and software system designed to provide some remote management features. But it’s come under criticism from privacy advocates, security researchers, and the free and open source software community.

That’s because Intel Management Engine is basically a mystery. It’s software that runs independently of a computer’s operating system, which means that even if you wipe the OS, the Management Engine is still there. And there’s no good way to know what it’s doing.

The risks aren’t just theoretical – Intel recently acknowledged a security vulnerability affecting nearly every PC that shipped with a 6th, 7th, or 8th-gen Intel Core processor. While the company is working with PC makers to roll out updates to patch that vulnerability, it wouldn’t even exist if Intel hadn’t bundled a feature many users don’t need and won’t use with its latest chips.

While Intel doesn’t officially provide an option to disable its Management Engine, independent security researchers have discovered methods for doing that and we’re starting to see PC makers make use of those methods. I doubt this is something all PC vendors will do unless it’s proven that there’s great demand for this. But it’s not surprising that Dell is the first of the major PC makers to offer the option: Dell is also one of the few top PC companies that offers customers the option to configure some computers with Ubuntu Linux rather than Windows.

Dell.com

Here are the three Dell computers I could find that are available with Intel Management disabled. They’re all business-class portable computers with relatively high starting prices, and you’ll have to pay between $17 and $30 for the privilege of having the Intel Management Engine made “inoperable.”

Dell Latitude 14 Rugged laptop
Dell Latitude 15 E5570 laptop
Dell Latitude 12 Rugged tablet
2

Comments

You must log in or register to comment.

There's nothing here…