Sujet : Re: ISO of a linux animalware / antivirus scanner
De : not (at) *nospam* telling.you.invalid (Computer Nerd Kev)
Groupes : comp.os.linux.miscDate : 01. Sep 2024, 00:15:47
Autres entêtes
Organisation : Ausics - https://newsgroups.ausics.net
Message-ID : <66d39612@news.ausics.net>
References : 1 2 3 4
User-Agent : tin/2.0.1-20111224 ("Achenvoir") (UNIX) (Linux/2.4.31 (i586))
Carlos E.R. <
robin_listas@es.invalid> wrote:
On 2024-08-29 00:49, Computer Nerd Kev wrote:
No, AMD Ryzen has it's own equivalent commonly called PSP, and it's
had documented security vulnerabilities too:
https://en.wikipedia.org/wiki/AMD_Secure_Technology#Reported_vulnerabilities
Your only real escape would be to run a CPU that's so old or
low-spec that you wouldn't have the performance to run a modern
web browser with Javascript support. Of course those web browsers
are where people generally enter information worth snooping on now,
so there's no real escape anymore.
You simply need a non enterprise CPU that doesn't have the mini minix.
That feature costs money. And has to be enabled in the BIOS. The BIOS
may not have support for it, and then the feature is dead, useless.
It seems that you're talking about a specific documented exploit like
this one:
"PLATINUM
In June 2017, the PLATINUM cybercrime group became notable for
exploiting the serial over LAN (SOL) capabilities of AMT to perform
data exfiltration of stolen documents. SOL is disabled by default
and must be enabled to exploit this vulnerability."
https://en.wikipedia.org/wiki/Intel_Management_Engine#PLATINUMBut a look around that page shows that there have been many others
without the limitation of requiring enterprise-only features of
the IME to be enabled. And those are only the vulnerabilites that
have been made public.
Its purpose is not to send data back to factory. Its purpose is to be
used by the IT department for remote maintenance. And using this feature
is expensive.
It's also for booting, thermal management, and other things besides.
Since it's closed-source and the binary is obfuscated, one can't be
sure there aren't secret backdoors put inside on the request of the
US government either.
But with the existance of rootkits, the intended purpose is
actually irrelevant because a malicious firmware could be installed
that does something completely different. I think that's part of
what the OP was concerned about, though I don't know if any
software can check whether it's happened.
-- __ __#_ < |\| |< _#