Hey ShadowAce, here’s one for the Linux folks.
This isn't a Windows issue, but I know a lot of you folks on the list also run Linux, or run your Windows as a VM within a Linux system, so this may be of interest there.
I don’t really see why Intel would want such a chip in home computers, where this is no network admin. Why don’t they make separate chips for home use?
The ME is a complete computer CPU (processor), hidden inside the chip you think runs your computer. In fact the ME can run the computer even when it is "turned off" normally, as long as it's still plugged in or on battery power. It can communicate with the rest of the network (including the internet) without your knowledge or consent.
The following is taken from "Intel Management Engine" on Wikipedia:
The Management Engine is often confused with Intel AMT. AMT is based on the ME, but only available on processors with vPro. It enables owners remote administration of their computer[12], like turning it on or off and reinstalling the operating system. However, the ME itself is built into all Intel CPUs since 2008, not only those with AMT. While AMT can be unprovisioned by the owner, there is no official, documented way to disable the Management Engine (ME). Research by Youness Alaoui found that Intel delivers the processors to manufacturers with the Intel ME turned off and the ability to permanently set changes at a later date.[13][not in citation given][14][not in citation given] Thus, the ME is always on unless[not in citation given] it is not enabled at all by the OEM.[15][16]Critics like the Electronic Frontier Foundation (EFF) and security expert Damien Zammit accuse the ME of being a backdoor and a privacy concern.[17][4] As of 2017 Google was attempting to eliminate proprietary firmware from its servers and found that the ME was a hurdle to that.[16] Zammit stresses that the ME has full access to memory (without the parent CPU having any knowledge); has full access to the TCP/IP stack and can send and receive network packets independent of the operating system, thus bypassing its firewall.[18] Intel has responded by saying that "Intel does not put back doors in its products nor do our products give Intel control or access to computing systems without the explicit permission of the end user."
According to an article in Hot Hardware, Aug 30, 2017:
A team of researchers from Positive Technologies have dug into the innards of Intel Management Engine (ME) 11 and have found a way to turn the feature off...So I guess that System76 is disabling the ME -after- it boots up the main CPU. Or something like that...One bit of warning is that you cannot completely turn this off. ME is part of the boot process and required for launching of the main processor.
Positive Technologies wrote, "The disappointing fact is that on modern computers, it is impossible to completely disable ME. This is primarily due to the fact that this technology is responsible for initialization, power management, and launch of the main processor. Another complication lies in the fact that some data is hard-coded inside the PCH chip functioning as the southbridge on modern motherboards."
Intel ,The Bug Is With You
Ping.