Talk:Intel Active Management Technology/Archive 1

This is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

Archive 1

This is a very short page and does not even begin to address the subject right now, particularly it is missing any mention of possible abuses of this system. I admittedly know very little about iAMT at the moment, but i have seen references to out of band management which historically suggests communican outside of the network itself.

I will try to read over intels papers about this technology and improve this article.

Mrsteveman1 15:25, 2 June 2007 (UTC)

What about adding a few words about new features? I have read about them here and some of them, up to my mind, are interesting enough to be written about:

• - NIC based TCP/IP filters configurable remotely
• - Handy magic bypass for TCP/IP filters
• - Remote BIOS updates over the network
• - Remote IDE redirection, as in boot off CDROM over the network
• - Persistent storage even if you change hard disks
• - Authentication can be done on Kerberos.
• - Built in web interface on every machine (port 16992, or 16993 if HTTPS is setup)
• - handy well documented SDK for building whatever you need to interact with this

Hope someone who knows more about all this will add something to the article. Gaz v pol 15:19, 12 June 2007 (UTC)

Image:Intel AMT 2.0 web page - memory.jpg is being used on this article. I notice the image page specifies that the image is being used under fair use but there is no explanation or rationale as to why its use in this Wikipedia article constitutes fair use. In addition to the boilerplate fair use template, you must also write out on the image description page a specific explanation or rationale for why using this image in each article is consistent with fair use.

Please go to the image description page and edit it to include a fair use rationale. Using one of the templates at Wikipedia:Fair use rationale guideline is an easy way to insure that your image is in compliance with Wikipedia policy, but remember that you must complete the template. Do not simply insert a blank template on an image page.

If there is other fair use media, consider checking that you have specified the fair use rationale on the other images used on this page. Note that any fair use images lacking such an explanation can be deleted one week after being tagged, as described on criteria for speedy deletion. If you have any questions please ask them at the Media copyright questions page. Thank you.

BetacommandBot (talk) 23:09, 22 December 2007 (UTC)

It would probably be better to have a page about Intel's Management Engine (ME) and how it relates to semiconductor products (available on which chipsets, etc.) and firmware solutions (software modules like QST, AMT, etc.). This page could then be simplified to cover just AMT or Intel's management solution (rumor has it the name will change to AT6 for next generation vPro mobile (Calpella) and desktop (Piketon) platforms based on PCH (Ibex Peak)) as a lot more than just AMT goes into the ME firmware stack. 64.122.14.55 (talk) 14:39, 22 April 2008 (UTC)

Access to the Intel AMT features relies on a hardware-based OOB communication channel.

• Which hardware channels can be used? Only the common Ethernet interface already present on the mainboard?

--Abdull (talk) 14:19, 28 August 2008 (UTC)

Any idea how this relates to (for example), HP's iLO features ? Or whether the use of AMT is free or for a fee ? For example, can I use that at home to remotely shut down or control my daughter's machine ?

-- Christophe 20 July 2009. —Preceding unsigned comment added by 94.111.109.233 (talk) 20:49, 19 July 2009 (UTC)

I have had the frustrating experience of getting an intel AMT equipped motherboard (Q45) for a server and then finding out that not only are there no explicit drivers for windows server 2003, but because of the way the drivers for XP are constructed (most XP drivers work fine on Server 2003) it's not possible to install them on server 2003. Intel seems to be actively blocking use of Q45 and related AMT products in combination with windows server OS's. Should deserve a mention in the article, no? —Preceding unsigned comment added by 85.145.116.131 (talk) 23:23, 28 August 2009 (UTC)

Anyone up to adding a section of criticisms and concerns, as mentioned on an OpenBSD mailing list? I think they'd be a useful addition to this stub. I don't understand AMT enough to do so. --Tene 15:43, 28 June 2007 (UTC)

---

As of Oct. 2010, Intel is up to, I think, Version 6 of AMT for certain platforms. I found the page because I just bought a laptop that has version 4. The potential for abuse/snooping by the laptop manufacturers is one of the main things I wanted to find out, so I second the request for a criticisms/concerns section to the article. I don't understand AMT authentication enough to know if my laptop comes with some "certificates" already installed by the manufacturer, in which case they could access the laptop without my knowledge.

That said, I don't find the article to be overly "advertisement-y" -- it was the best description of what AMT does that I was able to find anywhere, including on Intel's and Lenovo's websites. A little more description of what it's actually used for, and HOW (as opposed to how it works internally) would complement a section with some criticism.

RandySteer (talk) 21:46, 23 October 2010 (UTC)

---

The sub-section titles are awfully long. But is that a problem? --Mortense (talk) 17:02, 10 October 2013 (UTC)

Yes because most are spammy, making various claims without citations. Someone not using his real name (talk) 23:49, 25 February 2014 (UTC)

Basically Intel has kitchen-and-sink brand called vPro that according to their marketing materials [1] includes lots of other stuff besides AMT. The only problem with having a separate wiki page about the vPro brand is that it does not seem wp:notable independently of AMT. As far as I can tell every journalist out there when writing something seemingly about vPro is mostly if not exclusively covering AMT [2] [3] [4]. The same goes for Intel's OEM partners, e.g. [5] [6] [7]. So I think the vPro brand deserves two-three paragraphs here but not an entirely separate page. Someone not using his real name (talk) 08:07, 26 February 2014 (UTC)

Even inside Intel, some more technically oriented pages like the FAQ accessible from the vPro page only talks about AMT/ME. Someone not using his real name (talk) 09:02, 26 February 2014 (UTC)

As a side-note here, Intel now has another brand that touts AMT, namely Small Business Advantage (SBA) [8] [9]. Hopefully we're not getting another wiki page for that, although frankly that might deserve a page more than vPro because SBA at least can be identified with the Intel software package that delivers it, whereas vPro is just a marketing name. Someone not using his real name (talk) 08:40, 26 February 2014 (UTC)

• Oppose: While I totally agree that Intel AMT is one of the key components of Intel vPro (which is by the way just a marketing buzzword, but a widely used one), I'd say that Intel vPro still deserves a separate article. Though, some serious trimming should be applied to the Intel vPro article, so we end up with no repeated descriptions of Intel AMT. — Dsimic (talk | contribs) 18:35, 26 February 2014 (UTC)

According to the Invisible Labs presentation, the ME is located in the MCH, but according to [10] it's in the PCH. Someone not using his real name (talk) 11:57, 26 February 2014 (UTC)

Well, Platform Controller Hub (PCH) chipset layout basically replaced Northbridge (MCH) and I/O Controller Hub (ICH) chipset layouts for newer Intel architectures (Intel 5 Series onwards), so both papers are right; ME is inside the chipset, whichever layout it uses. Just as a note, Invisible Labs' presentation is dealing with the Intel Q35 chipset, which employs a MCH layout. — Dsimic (talk | contribs) 18:47, 26 February 2014 (UTC)

I'm a typical John Doe user installing a new motherboard in my home PC/HTPC. I came here to know what it's used for so as to decide whether or not I should install the Intel AMT/ME driver provided by the motherboard manufacturer on its drivers CD. Please can someone write such brief explanation? NOTHING on this page is clear enough for me... Thanks in advance.

Hello! Just as a note, Wikipedia is not a forum. However, for your personal needs in a HTPC usage scenario, security-wise it would be the best to disable AMT entirely in your motherboard's firmware (which is UEFI for new motherboards) setup utility. Basically, AMT allows remote out-of-band access to your PC, which is usually useful only when a PC is remotely managed in a corporate environment. — Dsimic (talk | contribs) 06:22, 24 November 2014 (UTC)

There is no question that Intel AMT is like a corporate agent in hardware, but it is not as powerful as software agents. For example, it can't be used to do bad things like key logging, etc. Security of Intel AMT was reviewed quite a bit, so unless you have correct authentication, it's going to be really difficult to use it as a back door for anyone except the real administrators. Since I work with Intel AMT quite a bit, you guys will have to keep me honest, I don't want to edit the page too much, this said, I have plenty of criticism I could throw at it. As for new features, 2.5 only adds wireless support over 2.0 and is only available in laptops. All the features I see above for 2.5 are also in 1.0 and 2.0 Ylian 17:20, 12 July 2007 (UTC)

Well, it's nice to have your word for it, but experience with all similar tehcnology sugegsts that these things are certainly possiblöe, whether officially, documented, supported, or not. Regardless, if you could source this, you cna edit wikipedia, as long as you provide suitable references. It's lunlikely that you cna source this, because it's impossible to prove beyond hearsay.109.193.182.33 (talk) 00:58, 11 December 2014 (UTC)

I wanted to look up iAMT 4.0, typed "iamt" in the search box, got redirected to Standard Alphabet of Mahal Transliteration, which is obviously the wrong place. Somebody, fix that please. —Preceding unsigned comment added by 71.191.191.184 (talk) 02:53, 6 November 2009 (UTC)

What's wrong with the Standard Alphabet of Mahal Transliteration ??

I got the Institute of Advanced Musculoskeletal Treatments. Figures. 80.134.173.131 (talk) 23:19, 11 April 2015 (UTC)

The search works fine, and both IAMT and Intel AMT are redirects to Intel Active Management Technology. — Dsimic (talk | contribs) 10:26, 29 April 2015 (UTC)

The communication section uses the word "secure" quite frequently, but is missing the details to support an independent assessment of this alleged security.

For example, are the connections established using the traditional SYN-ACK handshake to an open port? Or is the hardware listening for some other type of specially crafted packet? There's a lot of back and forth that has to occur between two devices before TLS is fully established, protecting subsequent communications. Things like certificate verification are potential points of attack.

I'm not asking for original research, but if anyone knows existing published research on this topic, a mention in the article would be an improvement. Thanks! 72.208.150.248 (talk) 18:52, 15 August 2015 (UTC)

Hello! As you've just discovered for that section, the whole article is in dire need for a more-than-partial rewrite. It would require a lot of work, though. — Dsimic (talk | contribs) 19:02, 15 August 2015 (UTC)

Thanks for the reply. Do you know how to put one of those "we need help from an expert" tags on the article? I don't, or I'd "be bold". 72.208.150.248 (talk) 19:11, 15 August 2015 (UTC)

Trust me, such tags don't attract experts, :) and the article already has enough tags showing its issues. — Dsimic (talk | contribs) 19:13, 15 August 2015 (UTC)

This is misleading and sensationalist. AMT's point is to provide control of the system independent of any software that runs on the host (x86) CPU. It does so with special features built into the chipset. Certainly there's some software interaction with ACPI and other subsystems, but that's not the defining part of it. AMT is largely a hardware feature, and should be described likewise. — Preceding unsigned comment added by 92.224.150.182 (talk) 20:44, 7 February 2012 (UTC)

I've reverted those edits as clearly violating NPOV. The Rootkit page clearly states that a rootkit is a malicious piece of software. Absent any reliable source claiming this technology is a rootkit, it reads as inflammatory opinion. JSB73 (talk) 08:41, 27 February 2012 (UTC)

This technology is not and cannot be a rootkit. Prior the AMT can be used, it must be provisioned. It must be activated and configured (usually) in several places - BIOS and MEBx or over a corporate network (that still requires prior activation in BIOS). Plus, it will only work in the corporate network (e.g. W/LAN, VPN). Only in CIRA mode (see CIRA page) AMT is able to work over the Internet. CIRA is user initiated. In some cases CIRA could be configured to connect based on a timer or maintain a constant connect. However, it requires additional infrastructure to be deployed on the corporate side. This infrastructure is rarely used because it has serious stability issues. There were vulnerabilities in the early AMT versions (http://web.it.kth.se/~maguire/DEGREE-PROJECT-REPORTS/100402-Vassilios_Ververis-with-cover.pdf) but they were fixed by Intel. — Preceding unsigned comment added by Vlsys1 (talk • contribs) 05:34, 20 July 2013 (UTC)

You almost said it yourself. The Management Engine's point being to "provide control of the system independent of any software that runs on the host (x86) CPU ", together with it being protected to the point that the user is not able to monitor its actions nor disable it in any meaningful way because BIOS configuration switches don't work and firmware not signed by Intel won't run (see Rutkowska 2015 blog.invisiblethings.org/papers/2015/x86_harmful.pdf and detailed references therein), coupled with potentially untrammeled in- and exfiltration capabilities (by virtue of being independent from the CPU and having total access to memory) and intransparency (none of it is open source and the details are supposed to be hidden from the consumer) seems to be the very definition of a hardware backdoor to me. Accusations of "sensationalism" make little sense when technology meeting all definitions of a backdoor is being deployed at scale, largely non-consensually, by a monopolist, never mind the purported or real intentions or marketing claims or the surmised limitations of the actual shipped AMT implementation! [ɯ:] (talk) 20:02, 16 January 2016 (UTC)

Hello fellow Wikipedians,

I have just added archive links to one external link on Intel Active Management Technology. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

• Added archive https://web.archive.org/20080326134854/http://communities.intel.com:80/docs/DOC-1129? to http://communities.intel.com/docs/DOC-1129

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Y An editor has reviewed this edit and fixed any errors that were found.

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 17:19, 20 January 2016 (UTC)

 Done, the archived link from above works. — Dsimic (talk | contribs) 01:16, 18 February 2016 (UTC)

This article goes into great and repetitive depth on the client side. However it only makes oblique references to the server or management control side. IT Console is mentioned numerous times, without discussing the specific systems or infrastructure required to operate the console. A paragraph on this topic by a knowledgeable user would be very useful.

Davemc50 (talk) 08:11, 25 May 2016 (UTC)