System76 to Disable Intel ME on Laptops Due to Security Flaws

Following the discovery of several potentially serious vulnerabilities in Intel’s Management Engine (ME), computer seller System76 announced its intention to disable the feature on its laptops with a future firmware update.
多数互联网公司会尝试通过对用户的网络行为进行分析,进而实现精准服务定位和改进客户体验,我们理解这点,不过并不能因为这些原因而忽视保护我们的个人隐私,所以我们要查看相关条款,了解我们的个人用户信息会被如何处理。
In the past months, Intel and third party security researchers discovered a significant number of flaws in ME and Active Management Technology (AMT), which allow users to remotely manage devices. The security holes can be exploited to execute arbitrary code without being detected by the user or the operating system, bypass security features, and crash systems.
Intel has released patches for these vulnerabilities and vendors such as Acer, Dell, Fujitsu, HPE, Lenovo, and Panasonic informed customers that they are also working on firmware updates that address the weaknesses.
System76, which provides Linux-powered laptops, desktops and servers, has decided to address the risks introduced by Intel ME by disabling the feature altogether.
The company has been working on a system that will allow it to automatically deliver firmware updates to computers in the same way software updates are currently being delivered through the operating system. The new update mechanism has been tested and it’s nearly ready for deployment on laptops.
System76 plans on delivering a firmware update that disables ME on laptops using 6th, 7th and 8th generation CPUs from Intel. This includes Bonobo, Gazelle, Kudu, Lemur, Oryx and Serval laptops.
Users will be informed of an update via email and prompted to install it – updates will not be conducted without user interaction. The automatic updates will work on laptops running Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10, or version 17.10 of Pop!_OS, System76’s own Linux distribution.
ME will continue to be present on System76 desktop computers, but users will be provided firmware updates that patch the vulnerabilities disclosed by Intel.
“There is a significant amount of testing and validation necessary before delivering the updated firmware and disabled ME,” explained System76 CEO Carl Richell. “Disabling the ME will reduce future vulnerabilities and using our new firmware delivery infrastructure means future updates can roll out extremely fast and with a higher percentage of adoption (over listing affected models with links to firmware that most people don’t install).”
The company pointed out that disabling ME on laptops may no longer be possible at some point if Intel makes changes to the feature. “We implore Intel to retain the ability for device manufactures and consumers to disable the ME,” Richell said.
金融服务行业要加强员工安全意识培训

公司应该建立完善的信息系统开发运行维护管理组织体系,制订完备管理制度与操作规范,确保信息系统开发与运行维护过程独立、人员分离。

猜您喜欢

互联网经济冲击信息安全管理咨询服务
网络安全宣传月公益教育动画之保障工作场所安全
网络安全法普法宣传 004《网络安全法》的突出亮点
中国企业如何与海外环境及当地的民族文化融合,海外安全知识:
SEODELUXE THEFOREIGNER
环境、健康、安全大讲堂之HSE在线课件