System76 to Disable Intel ME on Laptops Due to Security Flaws


Following the discovery of several potentially serious vulnerabilities in Intel’s Management Engine (ME), computer seller System76 announced its intention to disable the feature on its laptops with a future firmware update.
In the past months, Intel and third party security researchers discovered a significant number of flaws in ME and Active Management Technology (AMT), which allow users to remotely manage devices. The security holes can be exploited to execute arbitrary code without being detected by the user or the operating system, bypass security features, and crash systems.
Intel has released patches for these vulnerabilities and vendors such as Acer, Dell, Fujitsu, HPE, Lenovo, and Panasonic informed customers that they are also working on firmware updates that address the weaknesses.
System76, which provides Linux-powered laptops, desktops and servers, has decided to address the risks introduced by Intel ME by disabling the feature altogether.
The company has been working on a system that will allow it to automatically deliver firmware updates to computers in the same way software updates are currently being delivered through the operating system. The new update mechanism has been tested and it’s nearly ready for deployment on laptops.
像早期的Windows个人电脑系统一样,不良的移动应用程序会存取手机系统内的数据存储,而多数手机网络应用往往会将用户名和密码保存在相关的配置文件。
System76 plans on delivering a firmware update that disables ME on laptops using 6th, 7th and 8th generation CPUs from Intel. This includes Bonobo, Gazelle, Kudu, Lemur, Oryx and Serval laptops.
网络安全法动漫宣传片 002 国家网络安全的现状与重要性概述
Users will be informed of an update via email and prompted to install it – updates will not be conducted without user interaction. The automatic updates will work on laptops running Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10, or version 17.10 of Pop!_OS, System76’s own Linux distribution.
ME will continue to be present on System76 desktop computers, but users will be provided firmware updates that patch the vulnerabilities disclosed by Intel.
“There is a significant amount of testing and validation necessary before delivering the updated firmware and disabled ME,” explained System76 CEO Carl Richell. “Disabling the ME will reduce future vulnerabilities and using our new firmware delivery infrastructure means future updates can roll out extremely fast and with a higher percentage of adoption (over listing affected models with links to firmware that most people don’t install).”
The company pointed out that disabling ME on laptops may no longer be possible at some point if Intel makes changes to the feature. “We implore Intel to retain the ability for device manufactures and consumers to disable the ME,” Richell said.
新时代,重要的是让教育最终用户,给予他们明辨是非、抵抗不良内容特别是外部安全威胁的能力。

猜您喜欢

礼泉县安监局举办安全监管信息平台培训会
保密培训第一课:准确定密并正确标识国家秘密
学习管理系统LMS 学员操作演示
这支电竞战队平均年龄超70岁 而且数据惊人
OOCOOCOO OLYMPUS-MILO-PHOTOGRAPHY-CAMERA
保密意识教育