Posted on 05/10/2007 3:26:01 PM PDT by Hal1950
On Wednesday I went to Intel's launch of its latest Centrino chipset for notebooks. Everything, of course, is a lot faster, but what caught my eye was a new technology embedded in the chips which, although aimed squarely at business users, would be a god-send for consumers.
Take a look:
Intel® vPro™ processor technology. IT departments will be able to reliably manage both desktops and notebooks and deal with what plagues them most – security threats, cost of ownership, resource allocation, and asset management – and do so wirelessly.
One of the key innovations designed in Intel Centrino Pro – Intel® Active Management Technology – provides business-class notebook PCs with wireless PC management, protection and remote repair work thereby increasing productivity, IT savings and uptime.
For example, if a virus or other type of malware gets into the notebook, the Intel technology will shut it off from the network, and the IT department is notified, downloads software to get rid of the problem and repair any damaged files. It's all done in a minute or two.
This technique can be used for other things too, installing software across hundreds of clients etc, etc.
At first glance it sounds like many other remote management software applications/utilities that provide similar capabilities, what's new here?
It turns out there is a microcontroller (a separate chip) that creates a wireless back channel to a central location. This back-channel remains unaffected and is used to deliver new software and repairs–even if the notebook is disconnected from its main network and has been completely taken over by hordes of malware!
This Active Management Technology is inside every one of the new Centrino chipsets, but it is only used in business-class notebooks. It allows the notebook vendors to charge corporations a premium. However, it is there in the consumer notebooks too, it is just not turned on.
But it could be turned on with the right software and it could become a platform to deliver repair and maintenance services to millions of consumers! It's potentially a massive business for some future companies. Who will be the first to do this?
Best Buy and its fleet of Geek Squads running out to people's homes to fix their machines might soon become a thing of the past…
Also a potentially 'nice feature' for remote monitoring too...
And could we possibly see some of that “horde of malware” capable of using that channel for evil purposes? If the operating system can see it so can a hole in said operating system.
If the authors of malware do not see this as a great portal to exploit for controlling a machine yet, give them a week after its introduction.
As you look at PCs next month, here is your cheat sheet to help you cut through the marketing speak. Mobile systems with Intel processors will have one of three designations/stickers on the outside.
1. Intel Core/Core 2 Duo – Systems with this designation will include Intel’s latest Core architecture processors (single and dual core versions) + an Intel chipset. They will have wireless cards by different vendors. Ethernet may or may not be Intel Ethernet.
2. Centrino – This takes a base system and adds Intel wireless to it. Thus, the combination will be Intel processor + Intel chipset + Intel wireless – either 802.11 a/b/g or 802.11 a/b/g/n. Ethernet may or may not be Intel Ethernet.
3. Centrino Pro – This adds one more layer of functionality to the system. Centrino Pro systems will have Intel processors + Intel chipsets + Intel wireless + Intel Ethernet with iAMT technology (vPro).
http://www.lenovoblogs.com/insidethebox/?m=20070420
27 Responses to “Centrino Pro”
http://www.lenovoblogs.com/insidethebox/?p=77#comments
Hardware that creates a connection to some mothership that I ( or some malware ) can’t disable ?
I don’t think so ...
Wouldn’t the mother server need to have antennas in every metal partitioned office? Might as well simply have a second ethernet port for the trouble this is going to be.
If I’m understanding it correctly it’s a channel that already existed (though basically undocumented) and they’re just consciously using it. You can have a computer that’s on the network but not really a part of the network (this is especially true if it’s a MS network), I’ve used this to get security updates on machines at work when our network was infested, by not having my machines part of the domain they weren’t connected to the network well enough to get infected but they could get to the gateway server well enough to get patches from the internet. The reverse would also hold you could take a machine out of the domain so it would stop infecting others but again it could still get to the internet and get the stuff necessary to be cleaned.
I’m just guessing that’s the hole they’d use, it depends somewhat on the network architecture but most of the time it works manually and should be doable programatically.
Trust me, this just became another paved lane on the “hacker autobahn.”
So if you get a box with and AMD chip, you don’t have to worry about this security hole?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.