A Computer hardware and components forum. ComputerBanter.com

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » ComputerBanter.com forum » Processors » Intel
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

If you're on an Intel machine that you've purchased in the past 2-3years

Thread Tools Display Modes
Old January 5th 15, 05:55 PM posted to alt.privacy.spyware,comp.sys.intel
Virus Guy
external usenet poster
Posts: 1
Default If you're on an Intel machine that you've purchased in the past 2-3years

Shadow wrote:


If you're on an Intel machine that you've purchased in the past 2-3
years, that computer almost certainly has an Intel Management Engine.
You might not know what that is, and that's okay. You may also be
unaware that the operating system on your computer could be
leveraging features in the Intel Management Engine when consuming
DRM Media.

What is the Intel Management Engine?

It's a coprocessor sitting on the same die as your CPU(s).

Crossposting this to comp.sys.intel would have been a useful thing to

So I have done that.

Here is a description for Intel Active Management Technology


It seems to have first become available on retail computers sold
starting in Q1 2009. Basically, any Core i-something will have this.

Motherboards based on Core2 (socket 775) or older (socket 478) will not
have this junk.

Also - the spyware process or processor is not built into the CPU. It's
in a chip thats part of the motherboard chipset:

Until the release of Nehalem processors, the ME was usually embedded
into the motherboard's northbridge, following the Memory Controller Hub
(MCH) layout. With the newer Intel architectures (Intel 5 Series
onwards), ME is included into the Platform Controller Hub (PCH).

According to an independent analysis by Igor Skochinsky, it is based on
an ARC core, and the Management Engine runs the ThreadX RTOS from
Express Logic. According to this analysis, versions 1.x to 5.x of the ME
used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x
to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set
architecture). Starting with ME 7.1, the ARC processor can also execute
signed Java applets. The ME state is stored in a partition of the SPI
flash, using the Embedded Flash File System (EFFS).

See also:

Known vulnerabilities and exploits

A Ring -3 rootkit was demonstrated by Invisible Things Lab for the Q35
chipset; it does not work for the later Q45 chipset as Intel implemented
additional protections.[22] The exploit worked by remapping the normally
protected memory region (top 16 MB of RAM) reserved for the ME. The ME
rootkit could be installed regardless of whether the AMT is present or
enabled on the system, as the chipset always contains the ARC ME
coprocessor. (The "-3" designation was chosen because the ME coprocessor
works even when the system is in the S3 state, thus it was considered a
layer below the System Management Mode rootkits.[23]) For the vulnerable
Q35 chipset, a keystroke logger ME-based rootkit was demonstrated by
Patrick Stewin.[24][25]

Another security evaluation by Vassilios Ververis showed serious
weaknesses in the GM45 chipset implementation. In particular, it
criticized AMT for transmitting unencrypted passwords in the SMB (small
business) provisioning mode when the IDE redirection and Serial over LAN
features are used. It also found that the "zero touch" provisioning mode
(ZTC) is still enabled even when the AMT appears to be disabled in BIOS.
For about 60 euros, Ververis purchased from Go Daddy a certificate that
is accepted by the ME firmware and allows remote "zero touch"
provisioning of (possibly unsuspecting) machines, which broadcast their
HELLO packets to would-be configuration servers.

Alost every day I find a new reason to smile at the fact that I'm STILL
running Windows 98 (on PC's with socket 478 or 775 CPU's) while everyone
else is getting the **** hacked out of them - one way or another (or
hundreds of other ways).

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
What Linux distro to use for old Intel machine, that fits on CDs? Robert Heller Homebuilt PC's 22 July 5th 08 05:38 PM
What Linux distro to use for old Intel machine, that fits on CDs? raylopez99 Homebuilt PC's 35 July 3rd 08 01:10 AM
What Linux distro to use for old Intel machine, that fits on CDs? Robert Heller Homebuilt PC's 0 June 28th 08 01:38 PM
Free Rootkit with Every New Intel Machine Intel Guy Intel 2 June 16th 07 07:02 PM
Fastest Intel Chip that can be purchased today ajb Intel 6 September 26th 06 08:53 AM

All times are GMT +1. The time now is 02:34 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright 2004-2018 ComputerBanter.com.
The comments are property of their posters.