It's time to update your Management Engine:
Intel has issued a security alert that management firmware on a number of recent PC, server, and Internet-of-Things processor platforms are vulnerable to remote attack. Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. They could gain access to privileged system information, and millions of computers could essentially be taken over as a result of the bug. Most of the vulnerabilities require physical access to the targeted device, but one allows remote attacks with administrative access.
The company has posted a detection tool on its support website for Windows and Linux to help identify systems that are vulnerable. In the security alert, members of Intel's security team stated that "in response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience."
Intel® Management Engine Critical Firmware Update (Intel SA-00086)
U.S. government warns about cyber bug in Intel chips
The U.S. government on Tuesday urged businesses to act on an Intel Corp alert about security flaws in widely used computer chips as industry researchers scrambled to understand the impact of the newly disclosed vulnerability.
The Department of Homeland Security gave the guidance a day after Intel said it had identified security vulnerabilities in remote-management software known as 'Management Engine' that shipped with eight types of processors used in business computers sold by Dell Technologies, Lenovo, HP Inc, Hewlett Packard Enterprise and other manufacturers."
Security experts said that it was not clear how difficult it would be to exploit the vulnerabilities to launch attacks, though they found the disclosure troubling because the affected chips were widely used.
"These vulnerabilities affect essentially every business computer and server with an Intel processor released in the last two years," said Jay Little, a security engineer with cyber consulting firm Trail of Bits.
The official warning is here. Good luck to everybody! Good luck.
Related Stories
I previously reviewed Rudy Rucker's Ware Tetralogy and Postsingular and found that Rudy Rucker's best work comes after ideas had the most time to percolate. Postsingular was a relative dud, although still far superior to Neal Stephenson's REAMDE. In contrast, Rainbows End is highly recommended. Indeed, it is essential reading for anyone concerned about the progression of software from desktop, web and mobile to augmented reality. The book has a shockingly similar game to Pokémon Go in addition to a plausible mix of tech mergers and new entrants in a near-future universe where smartphones have given way to wearable augmented reality.
Many books, comics and films have covered the purgatory of high school and some have covered the special purgatory of going back to high school (for a re-union or as a student). The film: 21 Jump Street is a particularly silly example of the sub-genre. Rainbows End covers a world leading humanities academic who spends years in the fugue of dementia, responds almost perfectly to medical advances and is enrolled in high school to complete his therapy. While he looks almost perfectly like a 17 year old, his contemporaries remain in decline or have bounced back with far more random results.
Although he has physically recovered, he has lost his razor-sharp insight and biting wit[1]. Like other patients, he finds talents in unrelated areas. His computer fluency, which was sufficient to publish in academic journals, is now 20 years out of date. During this period, laptops have become as thin as paper and also horrendously obsolete. Although the paper-thin laptops can be configured as a variety of legacy desktop environments and legacy web browsers, rendering data from the (almost) ubiquitous wireless network is less successful than accessing the current World Wide Web without images or JavaScript. However, this is only one slice of purgatory.
AMD Secure Technology PSP Firmware Now Explorable, Thanks to Researcher's Tool
A security researcher this week released the PSPtool, a software tool that "aims to lower the entry barrier for looking into the code running" on the AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, and other AMD subsystems. The PSP serves similar functions to those of Intel's Management Engine (ME) processor. However, just like the Intel ME, the secretive and undocumented nature of the chip worries security and privacy advocates.
The researcher going by the online name of cwerling described the PSPTool as a "Swiss Army knife" for dealing with the AMD PSP's firmware. The tool is based on reverse-engineering efforts of AMD's proprietary file system that the company uses to pack firmware blobs into UEFI firmware images.
Usually, all firmware blobs can be parsed by another software program called the UEFITool. However, in this case AMD's firmware files are located in padding volumes that can't be parsed by the UEFITool. This is the reason for the PSPTool, which can locate the PSP firmware within UEFI images and parse it. Through this tool, more researchers can look into what their local PSP chip is doing to their computers, as its actions are normally hidden from the operating system or the main processor.
Previously: AMD to Consider Coreboot/Libreboot Support
AMD Confirms its Platform Security Processor Code will Remain Closed-Source
Related: Intel Management Engine Partially Defeated
EFF: Intel's Management Engine is a Security Hazard\
Disabling Intel ME 11 Via Undocumented Mode
Intel Management Engine Critical Firmware Update
HP Chip Protects Intel's Management Engine
(Score: 1) by Ethanol-fueled on Thursday November 23 2017, @12:14PM (1 child)
Good Evening Gentlemen. We Won the War: fuck off, bastards! [youtube.com]
(Score: 1) by Ethanol-fueled on Thursday November 23 2017, @12:28PM
"Sniff, cry,
I love you guys.
BFBFBFBBFFBF"
Never forget!
(Score: 2) by The Mighty Buzzard on Thursday November 23 2017, @12:25PM (16 children)
Well I guess I'll add not owning a computer with a hardware rootkit to my list of shat to be thankful for this year. Right next to having eaten enough fish out of the freezers this year that I can start filling them again.
My rights don't end where your fear begins.
(Score: 2) by bradley13 on Thursday November 23 2017, @12:30PM (2 children)
"Well I guess I'll add not owning a computer with a hardware rootkit to my list of shat to be thankful for this year."
Well, anyway, no hardware rootkit that you know about...
Everyone is somebody else's weirdo.
(Score: 3, Funny) by The Mighty Buzzard on Thursday November 23 2017, @01:11PM (1 child)
What, you don't delid all your chips and inspect all the logic before you power them up? Slacker.
My rights don't end where your fear begins.
(Score: 2) by RS3 on Thursday November 23 2017, @06:09PM
No need, I electrically fuzz them. Any suspicious output gets tazed bro.
(Score: 0, Flamebait) by Ethanol-fueled on Thursday November 23 2017, @12:37PM (12 children)
We don't give a shit about hardware rootkits as much as we give a shit about hardware debonings. Also, NIGGERS.
(Score: 3, Insightful) by The Mighty Buzzard on Thursday November 23 2017, @01:07PM (8 children)
It's turkey day not fried chicken day. Speaking of, that stereotype annoys me. Not because racial stereotypes annoy me (They don't. I'm not a whiny bitch.) but because it's a shitty stereotype. Basically anyone who grew up poor before the price of chicken went way the hell up loves fried chicken unless their mom sucked at making fried chicken.
My rights don't end where your fear begins.
(Score: 2) by bradley13 on Thursday November 23 2017, @01:20PM (5 children)
Fried chicken is a southern specialty, and my grandmother made it probably once a week. Yum.
Same for watermelon: how the heck is watermelon supposed to be a racist symbol? Does some group have green, stripy skin? Maybe those little green critters from Mars?
Whoever is trying to label things like these as racist is just part of the larger attack on southern culture. Screw 'em.
Everyone is somebody else's weirdo.
(Score: 2) by Runaway1956 on Thursday November 23 2017, @01:31PM (2 children)
It's the lizard people. Next time you go to a fried chicken place, watch the people around you. People like you and I pick, nibble, and munch all around the bone. Lizard people just inhaled the whole thing. The teeth are fake, so they can't chew. But, anything they can get past those fake teeth goes right down. Kinda like snakes, but with legs.
(Score: 2) by kazzie on Thursday November 23 2017, @03:48PM
Why do we keep electing those lizard people, any way?
(Score: 1) by Ethanol-fueled on Thursday November 23 2017, @08:56PM
Here in San Diego the best fried chicken joints are run by asians. They serve gizzards and catfish too. Their secret is cooking everything in the chicken grease.
(Score: 3, Funny) by The Mighty Buzzard on Thursday November 23 2017, @01:40PM
I know, right? Fucking carpetbagging, snare-drumming, yankee lawyers. Them som-bitches could fuck up a county fair.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Thursday November 23 2017, @03:08PM
Look at the flag of mexico, what colors do you see?
(Score: 1) by Ethanol-fueled on Thursday November 23 2017, @08:45PM (1 child)
Don't ask me, when my family were poor it was ramen noodles all day every day. Once in awhile they would get sausage. But yeah, chicken was always out of the picture back in our poor days.
(Score: 3, Informative) by The Mighty Buzzard on Thursday November 23 2017, @11:55PM
Yeah but you're a young pup. Back in the 70s and 80s, yard birds was on the menu once a week at least and god help you if you took a breast you didn't either pay for or cook.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Thursday November 23 2017, @04:46PM
Another day on the 'net. Stupid people saying stupid things.
(Score: 2) by EETech1 on Thursday November 23 2017, @11:36PM (1 child)
So, Eth...
Sounds like you're having wild turkey for Thanksgiving...
:)
Cheers
(Score: 1) by Ethanol-fueled on Thursday November 23 2017, @11:54PM
I am eating good food. All homemade by others who care about me.
The best part of it, though, is that I do it all on my own terms.
Happy thanksgiving to you, brother.
(Score: 2) by bradley13 on Thursday November 23 2017, @12:29PM (13 children)
Great, so this tool tells you that your system is vulnerable. Click on the link to the downloads page - expecting to find patch files and instructions - and the page says "There are currently no downloads available for Intel® Management Engine Firmware". So how the hell are you supposed to patch this? Someone please tell me that I am missing an obvious link???
The detection tool and instructions are also anything but idiot-proof. Certainly Joe Sixpack is not going to pull this off. Intel really, really needs to provide a one-click, idiot-proof program to diagnose and fix the problem. Of course, it is entirely possible that this cannot be done - is there any way for to burn new firmware from a running operating system?
On the meta-level: What are the chances that the tech community can use this to pressure Intel to deliver chips with the ME disabled-by-default? Or even eliminate it altogether?
Everyone is somebody else's weirdo.
(Score: 3, Informative) by effbee on Thursday November 23 2017, @12:36PM (4 children)
The ME updates come in BIOS updates, so you'll have to hope your motherboard maker feels like releasing a patched BIOS.
(Score: 2) by RS3 on Thursday November 23 2017, @06:25PM (2 children)
I ran the Intel "tool" on a few of my systems and it says:
"May". So I have no clue if I'm vulnerable. Speaking of tools, Intel...
So this "tool" is just a deflection of fault. Even though we all know it's Intel's licensed code, they're able to pass the blame onto the system manufacturer. And what irks me even more: Intel makes the motherboards and most of the BIOS / firmware in many (most?) of the affected systems.
Don't you just love it when greedy jerks grab free code, don't check it for security holes, cobble/bugger it, and sell and profit from it? http://hexus.net/tech/news/software/111857-intel-management-engine-runs-minix-3-os [hexus.net]
Sounds like all system manufacturers need to class action sue Intel for fixes and damages.
(Score: 2) by Yog-Yogguth on Monday November 27 2017, @08:26PM (1 child)
Time to learn Minix 3 and root one's own system?
Anyone here doing that or tried doing that?
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by RS3 on Tuesday November 28 2017, @02:59AM
I have not tried, because the Intel "tool" has not confirmed that I have the ME. A tool is supposed to do something useful, right? If I have the Intel ME on any of my systems, I would love to know for sure. Then I will go about getting into it.
I confess I've only tried the Intel "tool".
Minix should be very easy, for me anyway. I've never run it, but Linux grew out of it and they're similar enough that I would figure out anything I needed to. I still have some Minix-format root-filesystem floppies. Oh gosh...
(Score: 3, Informative) by RamiK on Thursday November 23 2017, @07:05PM
If you're out of warranty and not expecting an update from your motherboard manufacturer, you can live update the ME blob on your own using FWUpdate from https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html [win-raid.com] . The instructions are pretty straightforward in that link but, TLDR, you need to run MEInfo to see what you're currently running and look through the website for corresponding update.
Just make sure to backup your existing EEPROM image with an external flash programmer before doing any of it just like you would before flashing any coreboot, me_cleaner or UBU firmwares.
p.s. I never used it but there's an Intel tool (sourced to MB OEMs?) letting you author / edit firmwares and disable stuff like SMM. I can't remember if it's part the above, UBU, or some specific UBU procedure page like https://www.win-raid.com/t905f13-Guide-Transfer-of-specific-Intel-VBIOS-settings-by-using-Intels-BMP-tool.html [win-raid.com] , but I came across those entries updating microcode, vbios, Intel and Marvel AHCI/RST modules and the likes so if you'd mess around UBU long enough you'll come across it too.
compiling...
(Score: 3, Interesting) by Snospar on Thursday November 23 2017, @12:46PM (6 children)
I'm assuming Intel will release a microcode firmware update for this shortly which Debian will use to update their "intel-microcode" package. Beyond that I'll have to wait for another BIOS update from Gigabyte - given that I'm still trying to sort issues (mainly related to UEFI) from the last one, I can't wait.
Why is Intel not forced to replace the faulty component they sold me? It's now got known bugs that impact it's performance, stability, accuracy and security. BINGO!
First time I've gone with Intel in years, and it will be my last, back to AMD for me.
Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(Score: 4, Insightful) by zocalo on Thursday November 23 2017, @12:57PM (3 children)
UNIX? They're not even circumcised! Savages!
(Score: 2) by bzipitidoo on Thursday November 23 2017, @05:38PM (2 children)
I'd jump from Intel to AMD in a heartbeat if they didn't build in their own backdoors. Who else makes x86 processors? Used to be Cyrix. There is Via, but like AMD, they've been spotty. Best as I can make out, Via is rolling out a new line of processors next year. Until those come out, seems Via's most recent x86 offerings were in 2011. Librecores?
I don't see ARM as a viable desktop alternative yet. Raspberry Pis are okay but buckle under heavy loads and large display screens.
(Score: 0) by Anonymous Coward on Friday November 24 2017, @01:35AM
No one. Your current best hope for a computer that YOU own is something made in accordance with an open hardware standard, something like what rhombus-tech [rhombus-tech.net] is doing with EOMA68.
They're not gaming machines, npt x86, and they're not touting all the latest features. But if using a computer that is yours and not owned by many other someones is important to you, well, I don't know of any other approach to take that isn't a dead end.
(Score: 2, Informative) by toddestan on Friday November 24 2017, @06:00AM
If you're willing to look at VIA, you might also consider older x86 processors. I don't know how far you have to go back, and a bit might have to do with your level of paranoia. With Intel you could argue all the way back to the Pentium II to be safe (since the P3 introduced the unique processor serial number that could be used for tracking), but from what I can tell on the AMD side the AM3 processors such as the Phenom II predate the PSP and in theory are safe, and those are pretty capable systems for most workloads. Even if you had to go all the way to something like Socket A it would still likely be more powerful than whatever VIA is offering.
(Score: 3, Insightful) by The Mighty Buzzard on Thursday November 23 2017, @01:00PM
You can bet your ass that AMD (post-AM3+) has pretty much exactly the same issues, it's just that they're not publicly known yet.
My rights don't end where your fear begins.
(Score: 1, Interesting) by Anonymous Coward on Thursday November 23 2017, @02:32PM
The ME firmware is not part of the microcode; it is loaded by the boot firmware.
This usually comes with the motherboard. If you have installed your own firmware -- perhaps coreboot -- then you should be able to include any update from Intel fairly easily. It also may not be difficult to patch in an ME update yourself into the vendor's firmware image and install that. Otherwise you may have to hope your motherboard vendor bothers with releasing an update.
All of this is a good reason to avoid non-free boot firmware.
(Score: 3, Informative) by frojack on Thursday November 23 2017, @10:06PM
Active Managment Engine is delivered disabled by default! (It is the interface to the ME itself).
Your corporate tech department is the one that turns it on. Some Dell and HP machines have a remote management package that you can choose to use (don't be stupid) for warranty support. But its not shipped turned on by default.
https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it [eff.org]
All was Well until that hacker pesky that published an exploit to not only turn it on, but take full control of the IME. Which is what forced Intel's hand here.
Upshot is that if you are behind a router you are reasonably safe because AMT listens on ports 16992 and 16993. The article addresses other uses such as inventory tracking features which also use the IME for outbound phone-home features.
No, you are mistaken. I've always had this sig.
(Score: 2) by Runaway1956 on Thursday November 23 2017, @01:36PM
I've mentioned my experience with Compaq shipping computers with pre-installed crapware and associated vulnerabilities. We're all aware that our telephone retailers (the telcos) install various kinds of malware on those devices. Now Intel thoughtfully installs vulnerabilities so that EVERYONE has backdoors on their machines. He, no one wants to be left out!
(Score: 5, Insightful) by Anonymous Coward on Thursday November 23 2017, @02:18PM (7 children)
You have an opportunity here to actually neuter the ME in your system such that it is no longer a freedom destroying hardware rootkit. You just have to wait until someone produces a "ME Neuter" project that uses one of these security holes to neuter the damn thing.
But if you do the BIOS upgrade, to patch the ME rootkit, all that will happen is that you'll seal the holes you otherwise could use to neuter the thing, leaving you with an active hardware rootkit remaining in your system.
(Score: 2, Interesting) by Anonymous Coward on Thursday November 23 2017, @02:34PM (2 children)
If that happened you could just load the older image because the ME doesn't have any anti-rollback misfeature as far as I know.
(Score: 4, Funny) by Geotti on Thursday November 23 2017, @03:29PM
Shhhhsh, top giving them ideas!
(Score: 1, Interesting) by Anonymous Coward on Friday November 24 2017, @10:29AM
Hmm, Intel ME, as well as the processor microcode since Skylake *DOES* have anti-rollback logic built-in. It is based on SVNs (security version numbers), there are at least two on the microcode, and two on SGX+AMT+ME.
For the processor microcode, it just disables SGX and other DRM crapware (like Intel TXT) if you rollback (and this is documented). However, this is not as simple as it sounds: it *can* render your box unbootable if you're using BIOS secure mode, until you force-update its FLASH back to the up-to-date microcode.
The microcode can refuse to be downgraded while running. This has always been true, but it has been documented as being actively done only since Skylake (and it depends on internal SVNs, so it might not refuse some downgrades, while refusing others that would cross a SVN boundary). The OS will refuse to do it, though, so people almost never do this anyway (instead, they mod the BIOS).
For the Intel ME, $deity knows what would happen, likely it will reboot the box after 30 minutes if it *really* objects to the downgrade. Hopefully, it just hoses TXT and SGX, but I would not bet on that.
This is done by persisting the SVNs (security version numbers) in the system TPM store, which makes it an utter pain to undo (think: moterboard chipset replacement) -- it is easier to flash whatever up-to-date firmware it wants (might require an SPI flasher if the motherboard refuses to boot). And yes, all of this is documented.
(Score: 0) by Anonymous Coward on Thursday November 23 2017, @05:11PM (3 children)
It's already been produced: https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/ [puri.sm]
(Score: 0) by Anonymous Coward on Thursday November 23 2017, @06:27PM (2 children)
Sortof. The "disable" method used by purism still involves loading and executing proprietary firmware, supplied by Intel, on the ME.
This should be an improvement compared to not disabling it, but still isn't a full solution.
(Score: 2) by frojack on Thursday November 23 2017, @10:11PM (1 child)
Exactly. You still have to load something, and that something has to be signed by intel.
The disappointing fact is that on modern computers, it is impossible to completely disable ME. This is primarily due to the fact that this technology is responsible for initialization, power management, and launch of the main processor.
No, you are mistaken. I've always had this sig.
(Score: 1, Interesting) by Anonymous Coward on Friday November 24 2017, @04:48AM
This is actually not true. The system will work perfectly fine without any ME firmware loaded ...
... the only problem is, that the ME will reset the processor after 30 minutes if it does not get any firmware.
(Score: 0) by Anonymous Coward on Thursday November 23 2017, @03:01PM (2 children)
Yes, it's heavy and slow, gets hot and the fans constantly make a lovely buzz. But no, there's no hardware rootkit and it does everything I need it to do.
(Score: 0) by Anonymous Coward on Thursday November 23 2017, @08:09PM (1 child)
I've just taken the laptop heatsinks of recently, cleaned of their heatsink compound/patch and replaced with new and some copper shims. Clean out the dust/lint and no more constant fan.
(Score: 2) by Yog-Yogguth on Monday November 27 2017, @09:00PM
That's the wrong way! :P
First take out the laptop battery you don't have a need for anyway (if you do need it afterwards you can always put it back). Then let the laptop burn itself in under an internal blanket of nicotine smoke, fat, grease, skin residue, lint, and dust so that the fans stop working.
If it doesn't set your place on fire you've got yourself a nice fanless laptop :)
Try to avoid unblocking the fan, it will be extremely loud and annoying if it ever gets going. Or perhaps some of the internal grime melted and let it loose? Then turn the laptop off so it can cool down and let the grime re-solidify :D
Fans in laptops are ¤$%/&!\ stupid, kill them, kill them with fire!
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 3, Insightful) by crafoo on Thursday November 23 2017, @03:17PM (8 children)
Where is the patch to remove the Intel management engine? Never mind, I wouldn't trust such a patch from Intel anyway. We need open, fully documented hardware now. I wouldn't shed a tear if x86 died along the way either.
(Score: 2) by TheGratefulNet on Thursday November 23 2017, @03:36PM (1 child)
that old DECstation or VAXstation that was thrown out years ago; maybe I should have kept it. no updates, but also no viruses. OS was so ancient, it might not even be fingerprintable via its network stack ;)
old sparc-stations, too. I bet you can find tons of them, used. and sgi 'indy' and such. all non-intel. all long before the 'everyone spies' era.
"It is now safe to switch off your computer."
(Score: 2) by jasassin on Friday November 24 2017, @01:54AM
I completely understand where you are coming from. The problem is all the hardware on the systems is proprietary. The monitors the keyboards, the mice. Finding a fully functional sparc or sgi system is difficult. For the price, you'd be better off with a $75 craigslist laptop.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0, Informative) by Anonymous Coward on Thursday November 23 2017, @05:15PM (2 children)
https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/ [puri.sm]
(Score: 2) by frojack on Thursday November 23 2017, @10:13PM (1 child)
Only works if you buy a computer from them.
You can't just use their stuff on any random dell or HP.
Please stop posting this as if it were a real fix.
No, you are mistaken. I've always had this sig.
(Score: 1) by Deeo Kain on Friday November 24 2017, @10:27AM
It is a real fix if you need a new system or if you decide your privacy and security is worth the investment.
(Score: 0) by Anonymous Coward on Thursday November 23 2017, @07:02PM (2 children)
If you can, support the guys at Raptor Engineering [raptorcs.com] working to bring us modern, powerful and fully owner-controlled computing systems, which should have free software all the way down to the processor microcode.
(Score: 0) by Anonymous Coward on Friday November 24 2017, @01:14AM
A crowdfunding option that would place the motherboard price in-line with the available CPU options.
As it is, the motherboard costs 2.5-5x the cost of the cpu(s) needed to take full advantage of it.
And bonus: If you only run 1 cpu you lost half of both the memory channels *AND* PCI Express channels on their motherboard.
Kind of makes you wonder what you are paying 2 grand for, when the CPUs are doing all the heavy lifting.
(Score: 1, Informative) by Anonymous Coward on Friday November 24 2017, @10:23AM
No way: IBM's systems are plagued by a similar contraption compared to Intel's Management Engine: it's called IPMI, Intelligent Platform Management Interface, and it consists in a hardware chip implanted in the motherboard running it's own OS capable of accessing every piece of hardware independently from the CPU. It's all managed from it's own ROM that is inaccessible from the running OS, the one the user sees, which is closed source and proprietary and cannot be reflashed.
(Score: 0) by Anonymous Coward on Thursday November 23 2017, @03:39PM
Shit, the joke's on us though.
(Score: 0) by Anonymous Coward on Friday November 24 2017, @01:19AM (1 child)
The Mighty Buzzard, if I recall correctly, said that the AMD Phenom II X6 1100T [wikipedia.org] is the best-performing AMD processor without spying features. Intel, in my opinion, was doing better in regard to energy efficiency around that time. What are the most recent, or best-performing, Intel x86 processors without AMT and the ME? How are those misfeatures shown in the processor features? It's been said [wikipedia.org] that "[w]hen the vPro brand was launched (circa 2007), it was identified primarily with AMT, thus some journalists still consider AMT to be the essence of vPro."
(Score: 0) by Anonymous Coward on Friday November 24 2017, @07:47PM
This is the comment I was thinking of: https://soylentnews.org/comments.pl?sid=19303&cid=502609 [soylentnews.org]