Is Microsoft into trojans or spyware?

[lilos]

European Parliament continues to promote open source!

The European Parliament is continuing to emphasise the importance of free and open source software. In resolutions adopted in March and April, on a thriving data-driven economy and on gender equality and empowering women in the digital age respectively, the Parliament stresses there is a role for free and open source software.

Full article here:

http://www.iot-dev.net/full.php?ar=35

[imidis]

If they have to go to this lever to attempt to reach their target goal, this is pretty poor.

[lilos]

Intel & ME, and why we should get rid of ME - FSF official statement!

http://www.fsf.org/blogs/licensing/intel-me-and-why-we-should-get-rid-of-me

[G7PSK]

Intel & ME, and why we should get rid of ME - FSF official statement!

http://www.fsf.org/blogs/licensing/intel-me-and-why-we-should-get-rid-of-me

Is AMD or any other processor manufacturer any better, should we be looking for non Intel based hardware.

[lilos]

Yes some board do not have ME.

This is libre boot compatible list:

Desktops (AMD, Intel, x86)
Gigabyte GA-G41M-ES2L motherboard
Intel D510MO motherboard
ASUS KCMA-D8 motherboard
Servers/workstations (AMD, x86)
ASUS KFSN4-DRE motherboard
ASUS KGPE-D16 motherboard
Laptops (ARM)
ASUS Chromebook C201
Laptops (Intel, x86)
Lenovo ThinkPad X60/X60s
Lenovo ThinkPad X60 Tablet
Lenovo ThinkPad T60 (there are exceptions. see link)
Lenovo ThinkPad X200
Lenovo ThinkPad R400
Lenovo ThinkPad T400
Lenovo ThinkPad T500
Apple MacBook1,1
Apple MacBook2,1


and another good from coreboot are:

Lenovo   LENOVO G505S ( this is my favorite )
ASUS   F2A85-M

this have some blobs for usd video firmware but are safe and also are amd boards most good one for laptop and desctop.


Aslo i think all old nvidia chipset are good:

like 9400m 320m also.

coreboot can be ported to many more boards. But not posible to i7 and new.


Also we must not forger routers!

TP-LINK-wdr4300 is my best favorite for libre router it is only 50 usd

Make secure Iot gateway with LibreCMC and TP-LINK-wdr4300 - how to

http://www.iot-dev.net/ar1p1.html

[R005T3r]

I hate windows 10, I'm so glad I've switched to linux It's simply not worth it, I don't even consider it a solution anymore else.

[TerraHertz]

The Intel Management Engine insanity is getting a little more public exposure, which is nice to see.

https://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html
Intel x86s hide another CPU that can take over your machine (you can't audit it)
Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks.

[R005T3r]

The Intel Management Engine insanity is getting a little more public exposure, which is nice to see.

https://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html
Intel x86s hide another CPU that can take over your machine (you can't audit it)
Recent Intel x86 processors implement a secret, powerful control mechanism that runs on a separate chip that no one is allowed to audit or examine. When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks.

you already know the solution to this problem: you keep a powerful computer completely out of the net, and you use another little one to surf the net. Nobody will ever care about it. And, NO: computers cannot communicate via speakers or via pci-express antennas or other crap like that. If you also suspect that this may happen, well, consider a faraday cage. 

[SeanB]

ME is something you do not have to worry about. There are 7 billion people, and unless you are preparing to take arm against US government, FBI won't bother to sneak into your PC.
Also, the sense of freedom from being monitored is simply nonsense. People can watch you through telescopes, can install antennas to monitor your RF emission, can hear your conversation through walls, and can apply DPA on your power line. Computer surveillance is only one modern form, but there are tons of traditional forms of surveillance, which you can not evade.
Let's face it, the world runs on jungle rule -- the more powerful ones take privilege over the weaker ones. Unless you are more powerful than US government and Wintel consortium, otherwise just accept it.

true, but those others are things that require both somebody to monitor them and cost something in both effort and physical people. This is something that can be activated remotely, so it will not be long before somebody will figure out how to turn it on and simply scan whole subnets trying to find them, activate them and then simply downloading all the data to analyse. Not Govt, more like those looking to either make a darkweb botnet ( undetectable as well, no malware to find on the machine) or looking to grab login credentials for online banks for some quick regular income from compromised accounts.

Once you can no longer trust the hardware your software runs on all security software is as good as useless.

[lilos]

Let's face it, the world runs on jungle rule -- the more powerful ones take privilege over the weaker ones. Unless you are more powerful than US government and Wintel consortium, otherwise just accept it.

No just ignore them! There is is many other computer you can run free and also software that are free.

https://www.asus.com/Commercial-Servers-Workstations/KCMAD8/  good asus mainboad with coreboot and libreboot support and is not slow !

Who need to use windows anymore ?

[lilos]

No just ignore them! There is is many other computer you can run free and also software that are free.

https://www.asus.com/Commercial-Servers-Workstations/KCMAD8/  good asus mainboad with coreboot and libreboot support and is not slow !

Who need to use windows anymore ?

I need to run Altium and some commercial embedded compilers from various vendors, and I need to use the latest Intel processor unless AMD Zen is really as good as they promoted.

AMD Zen is not clear is will support coreboot.

[lilos]

Interesting Video about x86 ISA!

https://static2.rpteng.com/TALOS/assets/talos_openpower_beyond_x86_nr.mp4

https://secure.raptorengineering.com/TALOS/op_twbx86.php

[Howardlong]

Ten grand payout after unauthorised Windows 10 automatic upgrade bricked PC:

http://www.bbc.co.uk/news/technology-36640464

[JPortici]

Ten grand payout after unauthorised Windows 10 automatic upgrade bricked PC:

http://www.bbc.co.uk/news/technology-36640464

Teri Goldstein said [...]

no wonder she won the suit 

[TerraHertz]

Here's an entertaining slideshow of investigation of the Intel Management Engine internals:

  http://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub
  Secret of Intel Management Engine by Igor Skochinsky  (mod on reddit.com/r/ReverseEngineering/ )

But it can only be downloaded as a file if logged into linkedin... urrgh.
Nevermind, here it is as a pdf:
  http://documents.tips/download/link/secret-of-intel-management-engine-by-igor-skochinsky

I came upon that via https://www.superstation95.com/index.php/world/1593   (Hal Turner's new site.)
Very hyperbolic prose there. But I completely agree with his views on this. Except that while the ME insanity _should_ mean the end of Intel, it likely won't. Because most people are just too numb to care.
Until someone cracks those keys, and suddenly all  PCs with recent Intel CPUs get permanently bricked.

Edit: see also http://hackaday.com/2016/01/22/the-trouble-with-intels-management-engine/

[Stonent]

Intel ME is designed to be used in corporate IT environments to provide remote control of a system that's turned off or in a pre-OS state.

It isn't normally included in home PCs and can almost always be disabled in the bios.

[lilos]

Intel ME is designed to be used in corporate IT environments to provide remote control of a system that's turned off or in a pre-OS state.

It isn't normally included in home PCs and can almost always be disabled in the bios.

Nope not possible try to remove it from coreboot and pc will shutdown after some time.
All modern mainboard rom firmware for arc processor ( or any maybe some new one .. why not fpga soft cpu .. ?   ) must be included.
 

[suicidaleggroll]

Intel ME is designed to be used in corporate IT environments to provide remote control of a system that's turned off or in a pre-OS state.

It isn't normally included in home PCs and can almost always be disabled in the bios.

It sounds like you're referring to IPMI or similar.  While that does essentially the same thing, IPMI is intended for consumer use and is only installed on workstation/server motherboards, meanwhile Intel ME is embedded into ALL Intel CPUs, is not designed for consumer use, and cannot be disabled.

[GEuser]

Just came across this http://www.bbc.com/news/technology-36824687

"However, as Peter Bright at Ars Technica pointed out, demand for Windows 10 looks set to slow in the near future thanks to dwindling sales of PCs and because the Microsoft programme that lets people upgrade to the OS for free will stop at the end of this month."

Soon I'll be able to turn on winupdate to see what happens

[retiredcaps]

In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can't be removed, this means avoiding all recent generations of Intel hardware.

Not to beat a dead horse, but it was only a matter of time that any code from any vendor (closed source or open) has a vulnerability.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege

Summary:
There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products.  This vulnerability does not exist on Intel-based consumer PCs.

[Red Squirrel]

In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can't be removed, this means avoiding all recent generations of Intel hardware.

Not to beat a dead horse, but it was only a matter of time that any code from any vendor (closed source or open) has a vulnerability.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege

Summary:
There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products.  This vulnerability does not exist on Intel-based consumer PCs.

Great....lol.   I knew it was a matter of time but this is much earlier than I thought.

Though perhaps this is good news, if someone figured out how to exploit it perhaps someone will figure out how to disable it... easily. (there are ways but they are quite convoluted)