facebook rss twitter

Dell now offers PCs with Intel Management Engine disabled

by Mark Tyson on 5 December 2017, 10:01

Tags: Dell (NASDAQ:DELL), Intel (NASDAQ:INTC)

Quick Link: HEXUS.net/qadogd

Add to My Vault: x

The Intel Management Engine and associated technologies have been the subject of several news stories in recent months. Back in May this feature hit the headlines as Intel sought to fix a nine-year-old enterprise CPU vulnerability with a firmware patch supplied to PC and motherboard vendors. Around the same time the EFF published an article about how, since 2008, most of Intel’s chipsets have come packing "a tiny homunculus computer called the 'Management Engine' (ME)".

The power that access to the ME provides is immense, so vulnerabilities are very serious. For example, in November, we first heard that the Minix 3 OS, which runs the ME on your Intel CPU, has access to; your full network stack, file systems, most drivers, and can operate as a web server. Hence security minded individuals and organisations have been working on disabling this Intel feature.

Until now you would have had to pick a niche PC supplier to get a machine for your business with the Intel ME disabled. In November we noted that Purism had started to ship its secure ‘Librem’ laptop products which don't use Intel's ME. A few days ago another Linux machine vendor, System76, said it would be shipping a firmware update to disable the Intel ME. As a reminder, Google is investigating disabling the management engine in its servers too.

Now, one of the world's largest PC makers has stepped up and started offering machines with the ME disabled. Fudzilla reports that there are quite a few machines which are configurable in this way. Laptops that are configurable with the Intel ME made 'inoperable' include several of Dell's Latitude laptops including the 7480, 5480, and 5580 and the Latitude 14 5000 Series as well as several 'Rugged' and 'Rugged Extreme' models.

Depending upon which of these business-class portable computers you choose, the option to disable the Intel ME will cost between $17 and $30, according to Liliputing. I had a quick look on the Dell site here in the UK and found that the 'Intel vPro ME Inoperable' option was actually free in the case of the Latitude 14 Rugged Extreme laptop.

HEXUS Forums :: 10 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by Ozaron - Tue 05 Dec 2017 10:30
We charge to enable features. We charge to disable features. Soon, we charge to think about features.
Posted by Corky34 - Tue 05 Dec 2017 11:12
The question is what do they consider being made “inoperable” if it's just a BIOS setting then charging £14 seems to be taking the michael, if it's flashing a different BIOS that removes the most egregious parts of the ME then it's a bargain.
Posted by azrael- - Tue 05 Dec 2017 12:06
Ozaron
We charge to enable features. We charge to disable features. Soon, we charge to think about features.
That'll be $100 right there, please.
Posted by ETR316 - Wed 06 Dec 2017 04:44
“I had a quick look on the Dell site here in the UK and found that the ‘Intel vPro ME Inoperable’ option was actually free in the case of the Latitude 14 Rugged Extreme laptop.”

they offer other pc's to be disabled for free also.
Posted by philehidiot - Wed 06 Dec 2017 11:45
Corky34
The question is what do they consider being made “inoperable” if it's just a BIOS setting then charging £14 seems to be taking the michael, if it's flashing a different BIOS that removes the most egregious parts of the ME then it's a bargain.

From what I've seen, disabling it is an absolute pig as it's modular with presence in multiple bits and bats. The worst part about this “feature” is that if it doesn't detect its components that it'll shut your PC down after 30 minutes. The code for the ME is also secret so I'm not sure how they can disable it fully if they can't get to the code. I do not think this will be a simple BIOS setting but in order to disable it so it can not be used at all (even by a nefarious hacker) it will have likely required either changing the BIOS and flashing this new BIOS for you or using a chip programmer on a part of the system which I don't understand to remove the code whilst also disabling the 30 minute rule (I think some rather clever people did this on a HP laptop). If this is just turning off the BIOS setting then this isn't good enough - it needs to be disabled totally if you're worried about security. Turning off the BIOS setting is like locking the front door, you can still kick it in or pick the lock. I want the door bricking up and guarding by an old American man on a rocking chair with straw in his mouth and a shotgun. Honestly, I hate conspiracy theories but there is no excuse for this kind of thing on consumer products and it just has all the hallmarks of government “we want access to everyone” pressure on the company.

SEE NEWER »