ME capability should be fused
They use fuses in the CPUs to disable capabilities - i.e. if they have one they sell as not having HT they'll blow a fuse during manufacturing/testing and then it can't access those features.
Sure would be nice if there was a way in the EFI to disable the ME and cause it to blow a fuse so it would be PERMANENTLY disabled. Being able to turn it off is great, but it leaves open the possibility that it can be turned on again. ME is such a security disaster I wouldn't feel truly safe unless there was a way to turn it off that is as secure as when Intel disables capabilities like HT and VT.
Jumpers aren't practical for laptops, and corporations aren't going to want to open up every PC they buy to flip a jumper so there's no way Intel is going to make the default state "off". That would be admitting they can't make it secure, which they will never admit. Hell, Adobe didn't ever admit Flash was a security disaster, despite El Reg writing an article every couple months for years about the 85 new security issues fixed in it :)
Biting the hand that feeds IT
