Purism Explains Why It Avoids Intel's AMT And Networking Cards For Its Privacy-Focused 'Librem' Notebooks

Status
Not open for further replies.
There is a lot more to it than the tech just being there. It has to be activated and running to even work. Just because you have a vPro enabled system does not mean it is actually running.

That said, it is a fantastic piece of tech. It is like an iDRAC for your PC and allows IT professionals to not only remotely troubleshoot a system from the BIOS level but to also send a kill command to a lost or stolen piece of company equipment saving the company from possibly losing sensitive information.

I am all for people to have the choice, which is why you need a vPro enabled CPU and chipset for this to even work. If you have a vPro CPU but not a chipset nor the NIC then you can't even use it.
 

Achoo22

Distinguished
Aug 23, 2011
350
2
18,780
Good for Purism. I'm not a neophyte, but when I open up the process manager on my computer I see dozens of services and applications (many hiding under the needlessly obtuse svchost aegis) that I cannot identify by name or purpose. I would happily trade a little functionality for simplicity, security, and transparency. Especially when the functionality we're trading is more useful to the vendors than the owners.
 


SVCHost are all Windows processes for Windows services. Some are the driver API layer others are the OS API layer. There is nothing wrong with it. Linux has its own process that handles the driver and OS layers as well as does every OS.

They are being paranoid for no reason and it is dumbfounding that anyone can believe that Intels AMT is a back door when you have to have not only all three components for it to work but also a server to access it then you have to give permission to access it. It is much like Dell iDRACs which do the exact same thing, they give low level hardware access to servers but require you to be on the same network to be able to access them.

http://www.intel.com/content/www/us/en/architecture-and-technology/vpro/vpro-technology-general.html

People need to read before jumping and assuming it is a back door. When setup properly vPro is very secure and was asked for by many IT professionals.

This company going out of their way to avoid a superior NIC because they don't want to use AMT is stupid to me since if only the NIC has it is would not even be enabled as that requires you to have the back end to even use it.
 

mathew7

Distinguished
Jun 3, 2011
295
0
18,860
This is not about doing what Intel designed it to do. This is about a possible vulnerability which could activate the AMT when user/IT kept it disabled. Think about the cold war sleeper agents.
Being closed, there is no scrutiny, therefore even if a designed backdoor exists, it may be known to Intel and some NDAd parties. As for the "security IT personel" vouching for it's security, who trained them? The aswer will always be "Intel" and their recomandation is based on marketing.
 

peterhelpme

Honorable
Feb 24, 2013
2
0
10,510
People saying 'nothing to worry about' are simply people with a lack of imagination. Hackers, on the other hand, do have the skills and the imagination needed to penetrate all the 'safe' and 'nothing to worry about' systems.
 


A vulnerability that does not exist if you do not have all the required components for it to even work. If none of the components support vPro then there is no vulnerability. If only one or two do it doesn't work. They went with an Intel chipset and CPU yet avoided Intel NICs because they were afraid of a possible backdoor with AMT/vPro yet there are plenty of Intel NICs that do not run or support vPro/AMT:

http://ark.intel.com/products/71305/Intel-Ethernet-Connection-I218-V

I have that NIC in my desktop and it does not support vPro/AMT.

As I said I am all for choice but I am not afraid to call out a stupid decision by a company being overly paranoid for nothing.



I didn't say there was nothing to worry about. Even Linux/Unix is hackable and not completely safe nor is this companies devices/OS. I said it is stupid to avoid a superior product on a fear for a possible backdoor for a feature that you can actually get products from said company that do not have nor support said feature. See my link above for an example of an Intel NIC that does not have/support vPro/AMT.
 

amk-aka-Phantom

Distinguished
Mar 10, 2011
3,004
0
20,860
Jimmysmitty is completely correct. This company is just raising a lot of noise over a non-issue - possibly to attract attention of paranoid but tech-illiterate customers. I can't imagine a real IT professional purchasing a laptop from a no-name manufacturer that intentionally chooses inferior hardware pretending that it's more secure.
 

DrGreer

Reputable
Apr 16, 2016
136
0
4,690
This board also has m.2 (Not just u.2) and supports Intel Turbo Boost 3 whereas the Asus’s X99-E WS/USB 3.1 only supports version 2.
 
Status
Not open for further replies.