I want to get rid of Intel AMT!

i am using windows xp. i don't want intel amt on my t400 both because it looks like a security risk and because i have absolutely not use at all for it. i already disabled its configuration in the bios. yet, "pci simple communications controller" still shows up in device manager, and i can get rid of it only by installing the driver for intel amt, which i don't want! how can i make that entry in device manager disappear without installing the driver? the best i've been able to do is "disable" it, but it still shows up with a red X under unknown devices. since it is showing up under device manager, i know i haven't managed to fully disable it in the bios.

is it possible to fully disable it in the bios or using some other method? "uninstalling" the device makes it temporarily disappear off the device manager list, but after the next reboot, the "found new hardware" wizard will pop up. i don't want this! the way i want to disable it is the same way i disabled tpm. when i disabled tpm in the bios, the corresponding component in device manager (one of the "unknown devices") doesn't even show up anymore! it seems strange that the computer won't let me disable intel amt to that extent.

 

I have no use for this either and, as such, didn’t install the driver for it—so I also have a PCI Simple Communications Controller in Device Manager as well. Since there is no driver for it, Windows can’t use it and, as a result, there’s no risk. Life is good.

 

Just disable it in the device manager.

 

thanks! i think i've completely eliminated all the nonessential drivers that i have to install (or at least i've come close to it). it's surprising how much stuff comes preloaded. i'll just leave intel amt disabled then. it can't hurt, as long as it doesn't pop up anything when i reboot.

 

yea how do you turn this off. it is basically (to the home users mostly and even arguably to corporate users) a legitimized backdoor.

 

Ever try to disable the hardware itself through the BIOS?

 

dont you have to log into the amt before windows boots up to do the settings there too.

 

I have no idea what you are trying to say.

Just disable AMT by pressing F1 when your Thinkpad logo shows up. It'll take you into the BIOS.

If you read what the OP wrote, you can follow what he did and disable it in device manager as well.

 

you do know that one can enter AMT with cltl p before windows boots right

 

this didn't work on my computer. i pressed ctrl and p repeatedly from the moment when the computer was first powered on to when the windows splash screen came up. but i think i can see why. i did some research and found this:

http://software.intel.com/en-us/art...oftware-development-kit-sdk-start-here-guide/

here is the relevant passage: "Specific parameters must be set in the BIOS of the Intel AMT-capable PC prior to being managed using Intel AMT functionality. Because BIOS implementations vary by PC manufacturer, system documentation and the manufacturer web site should be consulted for specific configuration details. While one may embed the ME/AMT configurations inside the BIOS, others may display a message during boot up to enter CTRL-P to access these menus. Some may have an option inside the BIOS that hides or shows the CTRL-P during bootup. Not seeing the CTRL-P message may also be an indicator that the Firmware and associated drivers are not matching up."

i did not see a message to press ctrl and p anywhere. if this message did show up, it would be immediately obvious because i've turned on my computer many times. i still pressed ctrl and p, however, to no effect. this seems to indicate that as the article at the link above says, my AMT configuration is inside the bios. indeed, this suspicion was easily confirmed. i simply went into my bios, and found the amt section of it, where i could choose to either enable it or disable it. i disabled it of course.

this brings us to the reason i made the original post. when i made that post, my amt was already disabled in the bios, so i was puzzled as to why it was still showing up under device manager. i suspected that i hadn't fully disabled it, but others seemed to confirm that it still does show up in device manager, so the next best option is to disable it in device manager too.

so in short, amt is disabled in both the bios and in device manager.

here is yet another article that may be relevant. it walks you through the procedure of "unconfiguring" amt in the bios. it's probably not perfect, but hopefully it is useful as a guide:
http://aps2.toshiba-tro.de/kb0/TSB9102IM0000R01.htm

 

shouldnt it be on as default when it comes shipped

 

I disabled it in BIOS.

Press F1 when the Thinkpad logo shows up to enter configuration. When the BIOS configuration screenshows up, expand the first category, Config, by pressing Enter. Arrow down to the Intel AMT option. Then, press Enter again, and press F5 to change the value from Enabled to Disabled. Then, press F10 to save and exit.

When the Thinkpad continues booting, Intel AMT will say that it detected it was turned off, and whether or not to proceed. Press Y to proceed. After 30 seconds or so, the laptop will restart, and Intel AMT will never bother you again.

I wouldn't be too bothered by a device in Device Manager, though, as long as it doesn't bother you...

 

Could I ask what practical purpose does AMT provide and thanks.

Gary

 

None if you're using a Thinkpad as a personal computer.

 

Thank you and yes that is my use of T400.

Gary

 

It's basically a set of tools that makes it easier for the IT team in a large business to manage and keep track of the company's machines. It provides a lot of hardware information, even when the IT does not have physical access to the machine. For more information, Wikipedia has a great explanation, as usual.

Basically, it's useful for companies, but pretty much useless for personal use.

 

AMT is a technology for corporate systems administrators. It allows a system (with the proper management software) to be managed in ways ranging from remote control, asset/inventory tracking, bandwidth monitoring (to prevent a virus infection from spamming the network), and more, even if the system is powered down (as long as it is on the network).

Not very useful for individual users, but a blessing for admins when combined with Altiris or Microsoft System Center Configuration Manager.

 

i did some reading on this, and it says that amt allows some control even when the computer is powered off. how can this be? the reason i view it as a threat is because it seems to allow remote control at a level under that of the operating system, so if it's compromised, then the computer is in serious danger. i see it not only as useless for me, but a weak point in security.

 

It leverages standard Wake on LAN functionality to power on your machine over the network.

 

You have to have software capable of managing it. At this point, I don't know of any exploits involving AMT.

 

I only recently got my X200 and so AMT is new to me.

From what I've read so far it sounds like AMT could be very useful for doing remote assistance for family members and friends that are not very tech savvy. Using windows remote assistance is OK but even that requires some hassle to get set up as you have to talk the 3rd party through the initiation process. Also, I think AMT will let you do stuff in the BIOS or even reload an OS remotely. All of this sounds very useful for helping out distant tech illiterates.

Or am I off base?

 

It would still probably be difficult compared to a solution like LogMeIn, which, while not allowing BIOS access or OS reload, at least allows remote control without having to worry about firewall/router issues.

You'd need enterprise level software to access AMT. Assuming you can get that, you'll probably need to configure your tech illiterate's router to let you through, either using Dynamic DNS and a port-forwarding setup, or some other option. Unless someone comes up with an open-source option for working with AMT, it doesn't seem very feasible to me.

 

guess what? i just found an additional driver that enables support for intel amt. i installed this driver every time i formatted and reinstalled windows. it is found here:

http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-70315

it's called "intel chipset support". the description indicates that it includes support for mobile intel gm45 express chipset and mobile intel pm45 chipset. documentation on those can be found here:

http://www.intel.com/design/chipsets/embedded/GM45/index.htm
http://www.intel.com/Products/Notebook/Chipsets/PM45/PM45-overview.htm

as you can see, installing intel chipset support also enables support for intel amt. but if i don't install intel chipset support, am i missing anything important that also comes with the package?

 

you'd probably want their intel TPM right, isnt thay a security feature thing?

 

just the opposite.
http://en.wikipedia.org/wiki/Trusted_Platform_Module#Other_uses