First of all this seems to be laptop specific things which I already said was a different beast…
But, if you were building a desktop you could easily match these technical specs and enable all the Windows options to meet secured core requirments. This does not counter anything I have said.
Again, this seems laptop specifc but, atleast from what I see about vpro, looks like all you need is a 13th gen or better intel cpu. My guess is the Ryzen Pro side is probably just about having one of the new gen models as well.
I will concede that if you are willing spend crazy amounts of money there are some business solutions that would be very hard to replicate on your own but it seems very unlikely that is what @Average_Joe or anyone else looking at this thread would be in the market for.
Which is true. Most users could follow the windows hardening guide on this forum and their pcs would meet all the “secured-core” requirments.
What is so hard about getting firmware updates from your motherboard provider?
Sure you could use an older CPU but that has other drawbacks and they have added more features to the new CPUs for this platform.
Not that it matters either way because none of this changes the fact, all of this can be done by buying the components indvidually and building the computer yourself.
This is getting ridiculous. Secured-core PCs have hardware and firmware requirements. You can’t get a secured-core device by simply adjusting some settings on a random PC.
The problem was never getting firmware updates in general. It was to get them fast, reliable and as long as possible. Many vendors will only provide them for a short period of time. And your motherboard is not the only part which needs firmware updates.
I never said anything about older CPUs. You just said that all it needs is a 13th gen Intel CPU, before you heavily edited your comments to make them look better. Which I replied with “no”, because generation is not the only criteria to get good security features.
None of which bar you from buying the components to meet those requirments.
Which you don’t seem to actually refute.
Im happy to conede that just buying a secure-core pc would be more convenient if those are the exact features you are looking for.
This disagreement has spiraled and it seems like you might pop a blood vessel if I keep responding but thats really all I was trying to get at. But its saturday so happy to keep going back fourth if you want too
To get back to OP it doesn’t seem to fit his requirments anyway as I don’t see a tower PC secure-core. I am also feeling like this is probably to much security for most peoples threat model.
running DBAN should only be done when buying used HDD. Too much read and writes would shorten the lifespan of the HDD. Granted running DBAN only uses a few pass so it may not really significantly reduce its life, but still it is unnecessary.
I havent really liked Acer, especially their low end consumer ones because they tend to have issues easily. For Dell, I have no experience - so I leave that up to you. What I do have is a few experiences with Gigabyte and Asus (particularly Asus laptops). On the 3 occasions that I’ve handled them, they tend to last longer/more durable than other brands. Gigabyte, I’ve used several times and it lasts ok enough I guess.
Dell offers machine with properly disable Intel IME… but they’re only for government/military use
Apple is secure, but it isnt really private all the time. If you are outside the US in some poorer third world country like I do, Apple will put your iCloud in a Mainland China server where it is cheaper and there is no privacy or security there.
It is possible but less likely as these are usually used for specific important targets and not randos like us. It could be you if you are somewhat important, like a local politician, journalist, rival businessman, etc. Exploits that enable these kinds of software cost money because they buy them from vulnerability platforms or traded in the dark web or they could be studied “in house” and that needs regular payroll money. For the vast majority of us, we are probably fine.
Sometimes Dell and HP and other enterprise companies use proprietary connectors (they do have DDR5 RAM but it doesnt fit the slot of other consumer devices, different power pin for PSU, etc). These are done to lock you in their ecosystem and are forced to buy only from them. Its a shady move and it actually dissuades me from using them.
With regards to motherboard support, sometimes if the motherboard is popular enough, they do roll out longer term BIOS/UEFI firmware updates the more exotic your device is (like the ultra high end motherboards), they less support you actually get. Get the more popular models sold and you should be fine. These days AM5 and a B650 board should be plenty. You could also go for AM4 and enjoy cheaper prices and cheaper RAM but it is end of life and no more upgrades could be gotten from them. But you get stability and platform maturity.
Honestly I feel like you are over paying for prebuilds but if it buys you comfort and peace of mind, it is also a valid option. Just dont expect MS to support you with your first Linux install. Dell may actually be more forgiving on OS choice during install as they do sell Linux laptops.
Intel actually have more vulnerabilities because they overused some of their CPU architectures instead of rebuilding from scratch and now you have Spectre and Meltdown speculative execution exploits (IIRC from their hyperthreading technology). The older hardwares cannot be patched to correct this so the only way to mitigate it is to disable hyperthreading and lose a lot of performance. AMD also has the equivalent issue but it is different for some reason (maybe harder to exploit? I am not so into the nitty-gritty of these).
If privacy and security is the same, then at least get the one with better performance, so get AMD
Agree. I tried to have my Fedora get a better security score. It turns out you need really specific hardware to get these like encrypted RAM. I havent looked into this because I have had availability issues. I’ve been refused Thinkpad laptop sales by big enterprise company because I am an “end user”
They want bulk purchase and extended support warranty contracts.
I don’t think that’s accurate; from a quick search about the patches delivered in the wake of Spectre and Meltdown, the implication is that it’s specifically speculative execution functions that were affected and potentially needed to be disabled on existing platforms, rather than hyperthreading as a whole. That said, worrying about hyperthreading/SMT unless you’re a cloud provider or very important person is pointless because the attacks are either super hard to pull off or get patched before the general public gets to learn the details of how they work or both.
Source? That would be huge news if it was true, as far as I’m aware it’s just Chinese citizens who get shafted like that
I don’t think there’s an established correlation between reads/writes and lifespan on HDDs (there definitely is on SSDs though). In fact it is probably better to do a full-disk write with something like badblocks (or perhaps DBAN) on an HDD to catch any potential defects right out of the gate. Usually HDDs will show signs of failure very early on, or they will last a very long time, so it’s good to catch it within the return period.
Outside of China iCloud is hosted on Google Cloud Platform which has no mainland China locations (unless you include Hong Kong), so I doubt it.
I live in a southeast asian country. I saw it myself that when my spouse tried to login to iCloud, I was greeted with a HongKong flag (with flagfox firefox addon) and Chinese characters on login.
Hosting isnt cheap where I am so Apple cheaps out with iCloud and maybe rents Alibaba cloud. A good portion of our internet exits via Hong Kong for some reason (the other one is Singapore). The DNS that my ISP use is also sadly in HongKong.
True. I posted this in the context of “more secure” vs “less secure” hardware. ARM probably has the same issue and no one has figured it out yet.
From everything I’ve learned, it seems fair to say that in general, it’s better to buy premium PC Towers, laptops, tablets etc over “budget hardware”? The profit margins for “budget hardware” devices is incredibly small so it seems more likely for a company to make a profit by bundling in software and advertisements/malware.
I truly feel for those users struggling in the current global economic situation, but it seems like giving up your privacy to save a few dollars is horrible in the long term.
That’s a great point but I’, not sure if users are able to do a fresh install of Windows 10/11 while also at the same time removing the bundled adware/bloatware that comes pre-installed on these pre-built towers?
During the reinstall of Windows, if you choose to reformat the disk, it should not reinstall the bundled apps. But do note that Windows itself does install its own set of apps as an advertisement. There are ways to disable this (just search somewhere in this forum).
Im gonna be that person that says that if you are sick of Windows installing things for you, you should consider something like Fedora Linux. It does have a learning curve though but it should treat you well in the long run if you are not into online competitive multiplayer or have specific use cases for Microsoft Office/Photoshop and the like.
I think recommending a user install and learn a whole new OS to avoid dealing with preinstalled Windows apps seems, to me, to be a very heavy handed approach to solve a minor issue.
Apparently its not going to be as secure as a secure-core pc (I don’t need to get more into this then I already have ) but those seem to offer very limited options in terms of form factor (I have not seen one true desktop version).
I would caution you to review your threat model when considering one. They seem, to me, to be marketed for a professional environments, such as a bank, where you need extremely secure PCs.
While they are marketed as such, they just go beyond the terrible hardware security of most X86 devices, but are still nowhere close to the firmware and hardware security features of normal consumer Google Pixels or iPhones. And you wouldn’t recommend the latter only to professional environments with high security needs, would you?
Also keep in mind that Microsoft might tighten security requirements in the future (e.g. with Windows 12). While this is pure speculation, a secured-core device might be more likely to be accepted in the future.
As long as someone wants to buy a device with a budget which is in the business model range anyway, I would recommend to get a secured-core device. For everyone with a low budget, it doesn’t matter, because you usually don’t get these devices in this price range anyway.
No, but Google and Apple are not specifically targeting business and enterprise consumers for their products, whereas Microsoft specifically targets business and enterprise costumers. The PCs are even sold in the business category.
I was going to argue that paying for a secure core pc when you don’t actually benefit from the extra security is a waste but, it looks like they are sold for as low as $500 so as long as you are not sacrificing something you actually need I don’t see the harm.
but thats really all I was trying to get at. But its saturday so happy to keep going back fourth if you want too 
