avoiding all modern Intel hardware: Intel Management Engine (ME)

[mmphosis]

Are there any security risks which these PowerPC machines are introducing?

PowerPC Macs are old machines, so I would think many of the vulnerabilities would be known by now. I know that the version of bash on my PowerPC Mac is at risk from Shellshock, so maybe don't run a VPN on your old Mac, or actually update bash to the latest version like I did or use a different shell like dash or zsh. I would think that newer software might pose more of a chance of introducing problems, although software testing has improved. Things are now way more complicated than they need to be and I think that those complexities are what introduce more risk.

This is my setup and I'm genuinely curious as it sounds like a whole lot of propoganda warding people off using their older computers in case they are attacked. Is it any different to warning people not to leave their houses just in case they are stabbed or shot on the street?

Yes, this sounds a bit like the spread of Fear Uncertainty and Doubt (FUD.) Even though I am posting about the potential risk of Intel ME, I am still going to use an Intel PC. I am not afraid to use my older PowerPC Macs. And, if we do fall victim to problems with Intel ME, I could fallback to the older hardware that doesn't have these new problems.

An Open Letter to Intel from Andrew S. Tanenbaum (www.cs.vu.nl)

It seems we are only learning a bit more now about Intel ME.

• A secret processor embedded in all Intel CPUs sold in the last decade. -- [ ten years is a long time. ]
• MINIX OS was launched in 1987 as an educational project by Dutch professor Andrew S. Tanenbaum, who wanted to show students that they don't need to write millions of lines of code to create a basic, functional operating system. -- [ Minix is NOT a modern open source OS, and I am not aware of it being audited or subject to software audits. ]
• A full OS always running in ring -3. -- [ that seems like a pretty big attack vector and risk. ]

Read that last one: always running. On all machines, not just PowerPC, you have maybe a risk of some obscure attack vector possibly being able to run something maybe at the user level, maybe at the root level, maybe even at the firmware or boot level. Intel ME is already running all of the time separately on the die with full access to everything on Intel chips of the past decade. I imagine that the older PowerPC chips are way more secure than this.

There is similar malicious hardware we don't know about, but this seems like a fairly recent phenomena: web cameras that call home, TVs that listen in on your conversation, smart meters with extra radios that can connect to appliances in your home, etc. I feel fairly confident that my PowerPC Macs are not subject to a secret OS always running on the die of the older PowerPC chip.

 

[Intell]

If I have multiple non-secure Panther/Tiger/Leopard PowerPC machines sitting behind an Intel Mac running El Cap with the latest security updates from Apple, sharing it's internet connection from Wifi to Ethernet for the older machines, with the internet connection via a 2017 modem. And the older Macs are used only within this private network, with minimal web browser usage outside of the occasional (latest release) TenFourFox or WebKit use, are there any security risks which these PowerPC machines are introducing?

This is my setup and I'm genuinely curious as it sounds like a whole lot of propoganda warding people off using their older computers in case they are attacked. Is it any different to warning people not to leave their houses just in case they are stabbed or shot on the street?

I wouldn't do my online banking or taxes on my PowerPCs, but I do feel there is little risk of an attack and an even lower risk of PowerPC-targeted viruses as it is such a minority that it would hardly be worth anyone's time to attack.

Even a 10.11 machine doesn't have all the security updates. Apple's current security model is only the most recent version, in this case 10.13, is fully secure. The older still updated versions will get most, but not all security updates.

 

[mmphosis]

Not a Mac, but this looks interesting ...

PowerPC Notebook Block Diagram done! (powerpc-notebook.org)

 

[LordeOurMother]

I'm actually in a weird spot as I recently moved to the UK. My old pride my Power Mac G5 is collecting dust at home in the US, while I have a "brand new" Mac Pro running Lion in the UK... I also have the highest model Powerbook G4, and I keep it around as a back up laptop and my current daily driver laptop as the thing is still kicking and plenty fast. Although it's starting to not connect to certain kinds of wifi networks... I was musing an aluminium macbook for awhile but the battery went dead, followed by the wifi, and now it's a glorified desktop that needs ethernet and a charging cable to work. I might just turn it into a media machine.

Excited to get the Mid 2013 Macbook Air in the mail in a few days. It's supposed to be in like new condition as well-never been opened.