undefined | Better HN

0 pointsowenmarshall6y ago0 comments

Enterprises will absolutely want nothing to do with this; they’ll have a team that handles endpoint provisioning and management from a gold image & other distribution tools. The endpoints will be as homogeneous as humanly possible because they are all leased in huge bulk orders, so you won’t need a tool for diverse drivers.

Besides, an end user will never have enough permission to download and install a driver - because if they did they’d be in a position to defeat the DLP, VPN posturing, shitty antivirus and disk encryption tools that have to be installed to satisfy the four nearly identical checklists produced by at least as many independent IT security organizations who most likely hired the same auditor multiple times.

Small to mid sized businesses would probably be all over this though.

0 comments

natmaka6y ago

AFAIK a fair fraction of mid-and-large enterprises use the Intel Management Engine, which seems to be considerably more dangerous than this.

It is "an autonomous subsystem ((...)) incorporated in virtually all of Intel's processor chipsets since 2008. ((One)) can use it to turn the computer on and off, and they can login remotely into the computer regardless of whether or not an operating system is installed. ((It)) always runs as long as the motherboard is receiving power, even when the computer is turned off."

According to the EFF it "has full access to memory (without the parent CPU having any knowledge); has full access to the TCP/IP stack and can send and receive network packets independently of the operating system, thus bypassing its firewall".

https://en.wikipedia.org/wiki/Intel_Management_Engine

owenmarshallOP6y ago

I regret if my comment was misconstrued - I'm not claiming enterprises wouldn't use this specific tool because it is dangerous. I'm claiming they wouldn't use this specific tool because it does not fit within the "how do I manage tens of thousands of endpoints while meeting multiple defined and audited security and compliance goals" box.

You might even say that quality and security are orthogonal, at least in this particular case. That might not even be wrong.

natmaka6y ago

I understand and agree, thank you!

j / k navigate · click thread line to collapse

0 pointsowenmarshall6y ago0 comments

Small to mid sized businesses would probably be all over this though.

0 comments

natmaka6y ago

AFAIK a fair fraction of mid-and-large enterprises use the Intel Management Engine, which seems to be considerably more dangerous than this.

https://en.wikipedia.org/wiki/Intel_Management_Engine

owenmarshallOP6y ago

You might even say that quality and security are orthogonal, at least in this particular case. That might not even be wrong.

natmaka6y ago

I understand and agree, thank you!

j / k navigate · click thread line to collapse