>>4806>AMT can be turned off in the BIOS/EUFI
How can you be sure that it's off? It doesn't matter if you turn off the AMT in the BIOS; the ME is still present, still running, and can still have network capabilities turned on.
>Second of all, even if you do have it enabled, some random person on the internet can't just open up a connection on that port on a machine on your network unless you aren't using a router, firewall, or anything between your computer and the internet.
I never said they could. However, if you make any connection to an Intel-controlled server, then--barring strict blacklisting of Intel domains/IPs at the router--Intel could relay the "magic" packets for remote code execution on the user's computer; and the router would happily forward them right to their computer, compromising it. Not to mention that the ME could make all of this transparent by simply disallowing those magic packets from being sent along to the OS (and thus able to be detected by the user). I'm not saying that Intel would do this, but I am saying that this is /possible/ and regardless of your stance on the ME, it is still a backdoor. OOB management is a backdoor _by design_ and its inclusion should not be something the hardware manufacturer decides for end-users. That's the problem with the ME--end users can't remove it or disable it in any meaningful way.
>A service that you can disable is not a back door.
It's still a backdoor regardless of whether it's on or not. I really don't know how else to get this through to you because it's a very simple concept: A spade is still a spade even if it's being used as a weapon, >>4802
, instead of moving soil or anything else for that matter.
Again, OOB management is a backdoor _by design_. This doesn't mean it's always bad, that'd be ridiculous, the problem is not being able to prevent it from running *and* remove it completely. I feel like I'm repeating myself here.