Some hardware vendors are reacting to the recent revelation that some of Intel's core CPU technology is riddled with security holes.
I have an ISO flashed to the stick, but when Windows sets up, I'm presented with a driver issue for 'Media Driver'. The System76 article for finding windows drivers only has EXE downloads and when run under Ubuntu's wine, they fail to even launch or go past downloading files and executing them. Installs Intel® Network Adapter drivers release 25.0 for Windows 7. Final Release. Driver: Windows 7. Windows 7, 32-bit. Windows 7, 64-bit. 25.0 Latest: 1/23/2020: Intel® Ethernet Adapter Drivers for MS-DOS. This download record installs version 24.3 of the Intel® Ethernet Adapter drivers for MS-DOS. Driver: DOS: 24.3. All, Here is what you need to get all the drivers on Windows 10 for the Galago ( galp3 ). Grab all the drivers you can by through Windows update. Grab the Intel Driver Update Utility, install and check for updates. Grab the Thunderbolt, unpack it. Within device manager, select system base driver that has an issue, and point it to the unzipped. Tech support scams are an industry-wide issue where scammers trick you into paying for unnecessary technical support services. You can help protect yourself from scammers by verifying that the contact is a Microsoft Agent or Microsoft Employee and that the phone number is an official Microsoft global customer service number.
At the time of writing, three laptop and computer vendors have started offering a way to buy products without Intel ME (Management Engine), or have said they'll deliver firmware updates that disable the technology.
Intel Management Engine is a technology that is often described as a secret operating system inside the main Intel CPU. The ME component runs independently from the user's main OS, with separate processes, threads, memory manager, hardware bus driver, file system, and many other components. An attacker that exploits a flaw and gains control over the Intel ME has untethered control over the entire computer. In November, Intel issued a security alert for several flaws affecting ME and other core Intel CPU technologies.
Purism
The first company to announce a decision on Intel ME was Purism, a company that describes itself as a freedom-respecting computer manufacturer.
System76 Driver
What's surprising is that Purism took this step in October, almost a month before Intel published its security advisory about the Intel ME flaws.
It appears that the company took this decision just because someone else found a way to disable Intel ME and Purism decided to use it and improve its customers' privacy.
'Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it,' the company explained in a blog post. 'The Librem 13 and Librem 15 products can be purchased today and will arrive with the Management Engine disabled by default.'
System76
The second company that took a similar step was System76, a seller of custom Linux PC rigs. In a blog post this week, the company explains its decision and puts forward the following rollout plan.
- System76 will automatically deliver updated firmware with a disabled ME on Intel 6th, 7th, and 8th Gen laptops. The ME provides no functionality for System76 laptop customers and is safe to disable.
- The roll out will occur over time and customers will be notified by email prior to delivery
- You must run Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10, Pop!_OS 17.10, or an Ubuntu derivative and have the System76 driver installed to receive the latest firmware and disabled ME on laptops*
- System76 will investigate producing a distro-agnostic command line firmware install tool. Follow us on your preferred social network for updates.
- System76 will not disable the ME on desktops but will provide updated ME firmware
- Desktop customers will receive instructions for updating the ME via email as they are available
Dell
System76 Support
Last but not least, a Reddit user also noticed this week that Dell modified its online store to allow customers to buy Intel-powered computers without Intel's Management Engine.
It is unclear when this option was added, or if Dell took this decision after Intel notified the company of the ME flaws. Nonetheless, the change is welcomed, mainly because ME is a technology meant for enterprise environments, and has no place on personal-use computers.
Dell is just one of the many hardware vendors that have admitted they sell products affected by the Intel ME bugs. Other vendors are Acer, Fujitsu, HP, Lenovo, and Panasonic. All promised firmware updates that will fix the reported security bugs, albeit not all have delivered on their promise just yet.