Originally Posted by born2bwild;11977996
Well at least the thief will not be able to use your laptop without buying a new CPU. And since most thieves are not extremely tech savvy, they must go to a computer store to repair it, and they might notice that this laptop was stolen. Also, if the thief is tech savvy (which I might say it's quite rare to itself), then he will have to buy a new processor to make the PC function.
And trust me, once a few thieves steal computers and notice that they are all "broken" it will be a strong repellent.
Also, the Killswitch along with the on-processor data encryption will be able to save your data, which is quite important especially if you're a corporate worker.
The way to send a "kill" command is through Bluetooth and 3G networks. I believe that you have to contact Intel to disable the processor. There would be no way to block the 3G unless you're in a dead area (most of those areas don't even have access to this kind of technology), and no way to interfere with it. And the encryption is as secure as one of the most powerful tech companies of the world can make it (which is as secure as anything comes btw, and Intel will highly value this data).
There is a way you could undo it, but only Intel would be able to undo it. Also note that the Killswitch only disables the processor, and not the graphic cards, so I don't see how they come into place.
If a company wants to mess with its employees (I don't see why specifically) it will have its ways, and more efficient ways. What the Tech ITs do is the corporate world problem... they currently have the ability to patch every PC in the company with a virus that renders all data useless (especially at night, which is usually the time when PCs are patched), so I wouldn't know why this new technology is any worse. Actually if anything it's better since it is reversible. So if a Tech IT is mad at the company it could do many worse things than lock the company's CPUs which can be relatively easily undone.
You do point to many good cases (and I answered all your points to the best of my ability), but know that they do not enable people to impair your computer, if anything, in most cases they make it harder, and add a level of protection. Of course there are ways to abuse it, and go around it... but it's a layer more and it's safer.
If you disagree with Intel and I, then feel free to buy the Intel processors that don't have the vPro technology (there are many btw, several from the new generation as well) or buy AMD processors.
Yes, some thieves learn most do not as they are just looking for their next fix. The ideal about the store contacting the police is nice and in the situation you describe would be acceptable. I doubt very much the thief is going to the computer store most likely he goes directly to a pawn shop to hock the laptop for a couple of dollars. The pawn shop owner could potentially be implicated in receiving stolen property if reporting the laptop purchase. But I think we can agree it is very doubtful the laptop is coming back to the owner. Feature is worthless for recovery purposes except for isolated instances.
Yes, that is what using the encryption capability of the processor was assumed to be doing and is a very good ideal. This is a significant benefit as it would protect any data stored on the drive from inappropriate disclosure, which was mentioned in the previous thread. This is a very good benefit for a corporation as it may preclude the notification expense to individuals that had information disclosed in a security breach. It also provides benefit in protecting the information stored on the laptops.
No my understanding of the documentation indicates that a signal can be transmitted to disabled the processor or not received (Your assumption is only Intel has this capability – this may be true initially but is it going to be valid in a year or two.). In addition, from the description reference that processor can be disabled based upon either receiving a signal or not receiving within a certain period of time. Therefor how secure is the signal that is being transmitted? Encryption has been broken before. Also what happens for an extended outage and when the laptops don’t communicate within that timeframe.
Graphics cards can be used to significant enhance encryption cracking effectiveness, which I think or hope you know. With enough processing power this can be done in real time. What is the cost of a few tesla cards or professional graphic cards worth against the information value stored on a laptop containing merger or new technology.
I anticipate that the disable signals are coded to specific individual CPU and not using a single default revoke signal for all same batch processors. Also from the documentation the tech have the ability to transmit the kill and the recover signal. If the recovery or kill is transmitted and if someone controls one of the endpoints it can be obtained. Is a background check performed on the tech(s) that enables and disables this feature set. Is the background check done on a recurring basis.
No it not the company that wants to mess with the employees it is the tech wanting to mess with the employer or users? It is the tech misusing the features for laughs or profit. Depending upon the value of the data being protected, a simple bribe to a lowly level tech may obtain the ability to recover the data. Your point about deploying anti-virus and patches is valid but you are assuming the techs are allowed to move updates to production distribution servers (Anti-virus and patching) without testing. This is not a valid assumption in a Large IT shop. What is the effective control?
I would agree the bribe situation is not applicable for non-valuable data. But if a company is deploying this technology the information stored on those laptops has valuable or perceived to have value. Company could also just be avoiding legal notification costs in which case the point is mute.
Like I mentioned in the previous thread, it is a good ideal for corporations but is not really an effective security mechanism. The main benefit is obtained by encrypting the data via hardware.
Why deploy a killswitch for consumers, that really doesn’t provide a benefit and introduces potential risks, when you can just encrypt the data and obtain the same benefit?
Or as a speculation, is the feature set introduced to enable processor upgrade capabilities as was being tested.
On a side note the performance of the 2600K is very nice indeed and I have purchased many Intel and AMD processors in the pass and may even buy Sandy Bridges. Would have to implement mitigating controls to minimize the potential risks
Thank you for taking the time to respond as the discussion has merit at least from a security awareness perspective.