advertising information
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards




PC World

Pentium III squabble continues

May 3, 1999
Web posted at: 3:49 p.m. EDT (1949 GMT)

by Elinor Mills pentium III

(IDG) -- A privacy firm has posted a demonstration of how malicious code can steal a user's Pentium III serial number without the user's knowledge, and its demonstration program is now being targeted by Intel and Symantec.

Zero-Knowledge Systems of Montreal basically wanted to show Pentium III users the vulnerability the serial number poses, company President Austin Hill said Friday.

"It's a traditional shoot-the-messenger approach," he said. "Intel is holding us responsible because we've demonstrated that Intel's scheme doesn't work and is susceptible to security breaches."

However, Intel and Symantec argue that the program could cause harm to users who ignore the Web site's warnings that the program will reboot their system. They also argue that the code could be used by others with less noble designs.

  PC World home page
  FileWorld find free software fast
  Make your PC work harder with these tips
 Reviews & in-depth info at's desktop PC page's portable PC page's Windows software page's personal news page
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for computer geniuses (& newbies)
  Search in 12 languages
 News Radio
  Fusion audio primers
  Computerworld Minute

"Zero-Knowledge does have some warnings on their Web site, but it is possible that the code could be loaded on other Web sites without those warnings," said Intel spokesman George Alfs. "I don't think they have malicious intent... [but] others could use the code to create harm."

"Why have the executable and run the code and potentially cause problems?" said Enrique Salem, vice president of Symantec's security and assistance business unit. "Making it widely available to people and highlighting it in effect makes people know it's possible."

Labeled as virus

To warn users of the potential danger from the program, Symantec has included the program on its list of malicious programs in its Norton Antivirus software. Norton's Web site labels the program as a virus and warns users that the code could disrupt their systems.

However, all sides agree it's not a virus. Intel and Symantec say it's technically a Trojan horse, and they consider it malicious code since it crashes the user's system. A Trojan horse is a type of program that pretends to do one thing but actually does something else, usually something destructive to a system.

Users are warned

Hill of Zero-Knowledge disagrees with Intel's assessment.

"It's not malicious or harmful," he said. "We clearly warn users that this will reboot your machine in the demo."

Zero-Knowledge developer Mario Contestabile admitted that it's possible someone could reuse the code, which is digitally signed by the company, for malicious purposes, but said doing so would be much more difficult than just rewriting a new ActiveX control to accomplish the same thing as the demo does.

Specifically, the demo code grabs the Pentium III's serial number before a software utility developed by Intel to disable the serial number can run, said Hill. The code then puts the number in a cookie, tells the user how to look it up on a Web site, and then erases it, he said.

Seeing your BIOS

Meanwhile, Zero-Knowledge also has discovered, but is not demonstrating on its Web site, a way that the serial number can be made accessible through software at the BIOS level, Hill said.

"This is the first time anyone has proven that if you disable [the Pentium III serial number] in the BIOS it can still be reactivated," he said. "It's serious because Intel has gone to all the major manufacturers" and told them they can securely disable it at the BIOS. "Well, that is no longer a secure way," he added.

Nothing is hack-proof

Alfs of Intel pointed out that the potential for software hacks such as these with the Pentium III have been known about for months.

"Any software is potentially hackable, including the BIOS software, and our goal is to continually work with antivirus software to protect the serial number," he said, adding that Intel is working on resolving the security issues.

"Users need to be cautious of any attacks on their system that may attack any part of their user data," including sensitive information other than the Pentium serial number, Alfs said.

Intel announced earlier this year that it would embed a serial number in its Pentium III processors to protect against theft and help corporations keep better track of their computers. However, data-privacy advocates have filed a complaint with the U.S. Federal Trade Commission complaining that companies could use it to track user activity on the Web.

Privacy advocates concerned about Pentium III

Protest grows against ID in Intel's PIII
April 12, 1999
Processor face-off: K6-III vs. Pentium III
March 22, 1999
Intel mobile chips dispense ID numbers
March 12, 1999

Should you worry about Big Brother inside?
(PC World Online)
An alternative to Intel's Pentium ID method
(PC World Online)
Opinion: Privacy aside, why chip IDs are a bad idea
(Network World Fusion)
Intel checks reports of Pentium III flaw
(PC World Online)
Chip ID number continues to plague Intel
Privacy groups still push for Intel boycott
(PC World Online)'s Year 2000 World

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Intel Corp.
Zero-Knowledge Systems

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.