
Can anyone tell me what these services do? - laserDinosaur
https://communities.intel.com/thread/33910
======
_wmd
The moral of the story here for developers is, if you present the user with
some scary string they don't understand, they'll overreact and do rash things
like disabling chunks of your working, tested software, and probably accuse
you of being in bed with Holywood and the NSA in the same sentence. Better to
just bury the DRM bits so nobody would ever notice, saves a few hundred
threads over the lifetime of your product relating to random crashes caused by
machines with chunks of your code in a disabled/inconsistent state.

The moral of the story for users is, you should be used to this. 99% of the
code running (or regularly updated) on your machine has no scary labels
attached to it. You're running Chrome? Well, they're pushing fancy new ways to
fuck with your privacy every day. They just don't install services named
things like "address bar keylogger service", "automatic upload your bookmarks
service", "youtube DRM service" or whatever else.

~~~
PeterisP
The moral of the story is that if you have in mind something like "The
Intel(R) Content Protection HECI Service", which according to their
explanation really is intended to connect to intel's servers in order to
enforce some restrictions on hardware that I own, then perhaps the best way to
go forward is to :

1) not develop it in the first place;

2) if you really need to develop it, not install it on my computer;

3) if you really need to install it, not bundle it and ask explicit
permission.

Software connecting to the vendor for updates is one thing; software
connecting to vendor with scans of my machine in order to 'ask permission on
how to operate' is different. There can be valid uses for this (say,
PunkBuster), but that's why they need to come with (a) separate explicit
warnings, and (b) option to not install it (even if it will mean 'not being
able to play certain premium videos' as Intel explains).

Simply bundling it in without such a question at installation is definitely
wrong and should be made illegal - it might already be illegal under EU
privacy laws, but I'm not sure.

~~~
_wmd
Perhaps there should be better advertising regulation for tech like Blu-ray
that require features like online revocation checks, but Intel certainly isn't
the aggressor here, and kicking at its shins for implementing a feature that
you paid for seems a bit silly.

I don't like that the dominance of Blu-ray and DVD forced DRM systems upon the
mass market, and there's little we can do about it. But more than that, I hate
threads (that have been around since the DVD days) full of impotent, righteous
indignation. If insufficient people are willing to vote with their wallets (or
letters to their governments), then DRM is simply a fact of life we must learn
to cope with.

As far as health warnings go, as my original comment mentions, there is little
more dangerous in some online DRM check than the 99.99% of other code running
behind the scenes on the average user's system. If we're to talk about freedom
to use our appliances as we choose, at least frame the argument more
cohesively (and include things like Chrome in the process).

~~~
ihsw
> there's little we can do about it

Absolute nonsense. We can lobby to have DRM-encumbered media state it
explicitly on software packaging, not unlike the poison warnings on cigarette
packaging. It's a horrible concept that deserves little else than derision and
ridicule.

I'm in favor of a sliding scale of awfulness in DRM -- from simple watermarks,
passive interference with gameplay, to always-on spyware. Innocent users get
caught up in the DRM shitfest and their experience with the software is
severely degraded where it can get so bad that people cannot even use the
software/media _that they paid for_.

I'm not even going to get into the silliness of _not owning_ the
software/media that you pay for (eg: buying an ebook where _you don 't
actually own_ your copy, but instead you're licensing its usage).

------
robin_reala
On page two they have the answers[1]:

Thank you all for your patience. We were able to get complete clarification on
the services that were installed and running. The first service in question
was the Intel(R) Content Protection HECI Service.

That service does the following:

 _The Intel(R) Content Protection HECI Service is used to enable premium video
playback (such as Blu-ray) for Intel® HD Graphics. It does not collect any
user information. Disabling the service will prevent certain types of premium
video from playing on the system; however, unprotected video such as user-
generated content and YouTube videos will continue to play._

The second service in question was the Intel(R) Integrated Clock Controller
Service.

That service does the following:

 _“Intel(R) Integrated Clock Controller Service - Intel(R) ICCS” is a service
used for accessing the integrated clock controller in the PCH to adjust the
clocks to the CPU (BCLK, DPCLK, and DPNSCLK). The graphics driver uses this
service to adjust the graphics clocks (DPCLK & DPNSCLK) to perform clock
bending. Clock bending adjusts the display clock frequencies to reduce screen
flicker. Originally access to the ICC registers was only available internally
to the PCH’s embedded controller (ME) so the registers were exposed to host
through the HECI interface. On Intel® 8 Series PCHs and beyond, the HW has
changed allowing the graphics driver to directly access the display clock
registers, and the “Intel(R) Integrated Clock Controller Service” should not
be necessary with those chipsets. In addition the “Intel(R) Integrated Clock
Controller Service” is used by the Intel eXtreme Tuning Utility (XTU) to
perform overclocking. Overclocking is more complicated with its larger
frequency range and dynamic configuration, so the PCH’s embedded controller
and SW service are used to abstract the ICC implementation. Disabling
“Intel(R) Integrated Clock Controller Service - Intel(R) ICCS” on Intel 8
Series PCHs will only impact the ability to do runtime overclocking with the
XTU. With older chipsets, it will also disable the ability to do clock bending
(meaning you may get additional screen flicker). “Intel(R) Integrated Clock
Controller Service - Intel(R) ICCS” does not collect any information._

We apologize for any confusion or misleading that may have been created by not
having this information posted at an earlier time.

[1]
[https://communities.intel.com/message/205908#205908](https://communities.intel.com/message/205908#205908)

~~~
snsr
A bit more PR detail on the Content Protection HECI Service aka 'Intel
Insider' -

[http://blogs.intel.com/technology/2011/01/intel_insider_-
_wh...](http://blogs.intel.com/technology/2011/01/intel_insider_-
_what_is_it_no/)

~~~
ihsw
Makes me wonder why it's being bundled with drivers instead of being a stand-
alone software package. I could see the argument that it's _somewhat_ related
to the usage of video cards, but it's a shitty argument with little basis.

------
rorykoehein
They do explain on page 2:
[https://communities.intel.com/thread/33910?start=15&tstart=0](https://communities.intel.com/thread/33910?start=15&tstart=0)

~~~
georgeott
January to September? That is a LONG time to answer 2 simple questions. I fear
the lawyers had to get involved.

~~~
throwaway1460
Having once worked for Intel, that seems about normal for vital information to
pass from one fiefdom to another. The poor sap manning the forum wasn't saying
"we're not telling you", he was saying "they're not telling me".

(Now, if the other guy thinks you're encroaching on his turf, the response
time approaches infinity. In that case pretending to be a member of the public
on a forum might be an effective strategy; if I'd listened to Andy and thought
of it myself I might still be there.)

------
rjknight
"You have asked Firefox to connect securely to communities.intel.com, but we
can't confirm that your connection is secure"

Problems?

~~~
toyg
Their certificate is messed up, it doesn't seem to have an issuer.

~~~
danielweber
I think they've just fixed it, it has one now.

------
jwr
Why do people think it matters what they say?

I don't think it changes anything whether they say what their software does or
not. You run their software in binary form, having no idea what it does. You
have no way to verify whether what they say is true.

Mind you, I use Apple machines, so most software that I run comes in binary
blobs and I have no idea what it really does. But it wouldn't matter to me
what Apple "said" about it. What matters is what Apple does, and most
importantly, where I they make money and where their strategic interests lie.
This is what I base my (very limited) trust on.

~~~
lgeek
> You run their software in binary form, having no idea what it does. You have
> no way to verify whether what they say is true.

Sorry, but it's a bit tiring seeing this blanket statement. You can absolutely
verify what closed source software does. starting from low tech approaches:

* dissasembly, decompilation and debugging. This is standard old-school reverse engineering. Native code / bytecode is source code, it's just not optimised to be read by humans. :)

* monitoring systemcalls - on Unixes you have strace and other similar tools which allow you to monitor all the systemcalls of an application. This should show all interactions with local and remote data.

* dynamic binary analysis - tools like DynamoRIO and Pin run native code in a system similar to a JIT engine. You can transparently add code which will report what the application does.

* data tracing - using dynamic analysis or managed languages. Data can be tagged based on source (e.g. treating input from files as sensitive) as it is being processed by an application. When that data is pushed outside the application using systemcalls, you can determine where it was coming from, even if it's encrypted or obfuscated. There is a project which implements this on Android (and the results are quite scary): [http://appanalysis.org/](http://appanalysis.org/)

~~~
astrodust
That's a valid point, but there's a difference between what software _does_ ,
which you're recommending you divine based on historical activity, and what it
_can do_ , which remains unknown.

Even disassembling provides only a limited view into the code itself. If this
method worked every time, we wouldn't have viruses. There are ways of
concealing the true functionality of a piece of code to make disassembly and
interpretation extremely difficult.

Granted this is true with pure source code as well, but usually subversive
code is much more obvious. This is not always the case, though.

~~~
lgeek
You're right about this. Dynamic analysis instance is only useful if the
application goes on to the relevant execution path, and static analysis is
made quite difficult by dynamic generation and a few other tricks.

However, if hidden behaviour (e.g. backdoors) is a concern, you can implement
fine grained access control based on historical activity.

Anyway, my point is that for almost every problem in this area there's a
solution. But I think the main issue is that there isn't more pro/consumer
software for this kind of auditing / sandboxing. I guess that has to do both
with user education (no interest) and industry being afraid of transparency.

~~~
astrodust
Access control is going to be pretty hard to implement for something like EFI
firmware, CPU microcode, or other forms of embedded software.

As much as people whinge about sandboxing, I think it's a great idea and hope
there's more of it. Apple's model for OS X where certain kinds of apps come
with certain limitations, but there is a switch for people to opt out of those
restrictions, is a great compromise. Safe for users with limited technical
ability and wide open for those that need it.

------
rbanffy
Since it's binary-only closed-source, even if they told you what it does,
you'd have to take their word for it. Whatever the two new services are, for
all you know, they could be things the drivers already did, just now they are
neatly organized as Windows services and not just built into the driver
itself.

I really can't understand the reason to make such a fuss.

~~~
macspoofing
>Since it's binary-only closed-source, even if they told you what it does,
you'd have to take their word for it.

That's what's really funny about this. Had they just given some broad, general
answer, it wouldn't have been an issue.

------
ryanthejuggler
It makes me uneasy how pervasive DRM is becoming and how it's infiltrating
lower and lower levels of hardware. We're already 90% of the way to not
actually owning our own machines anymore.

~~~
tim_hutton
There's a great talk about the coming "War on General Purpose Computing":
[http://boingboing.net/2012/08/23/civilwar.html](http://boingboing.net/2012/08/23/civilwar.html)

~~~
toyg
Coming? It's already here. And your iPads are part of the problem.

~~~
rbanffy
Proprietary software is the technology that enables it.

~~~
toyg
Media-consumption devices are the problem. If the primary aim of your device
is to _consume_ media (and that's what tablets are for), then DRM playback is
socially unavoidable at this point. DRM begets DRM, and lo...

------
teddyh
> Intel refuses to say what the software they installed does

Is this not the very _definition_ of software in binary-only form?

~~~
buren
There is a difference between knowing what the software does and _how_ it
actually achieves it.

~~~
marcosdumay
Is there? Are you sure about that?

~~~
huhtenberg
Being a smartass, aren't we?

Is there a difference between knowing what pressing a gas pedal in a car does
and how it does that? Surely there's none.

~~~
user24
But you can test what the gas pedal does pretty easily. I think parent's point
was that without peer review source code audit, we just have to take it on
trust.

------
ck2
Linux adoption might get a serious kick the in pants if mainstream news
started reporting that Intel was installing unknown drivers in their cpus.

I am just about ready to switch to linux for desktop after windows xp updates
cease. I've been using it for over a decade in the server environment so it is
overdue.

~~~
toyg
_" Linux adoption might get a serious kick the in pants if mainstream news
started reporting that Intel was installing unknown drivers in their cpus."_

Because the general population cares so much about understanding what their
computers do, right? I don't give a damn about what my car engine does, as
long as it gets me from A to B without exploding.

Linux adoption will dramatically increase only if this sort of software starts
making serious trouble for final users, like refusing to play unlicensed MP3s
or deleting your family videos because they were encoded with unlicensed
tools. They are not that stupid... yet.

~~~
venomsnake
Well as TPP showed Hollywood demands are insatiable. So if we have in Windows
10 - Microsoft Genuine Media Advantage Validation that makes the built in
antivirus to mark unsigned mp3-s and mp4-s as viruses I won't be surprised.
That is assuming you could load your own files on windows machine by that
time.

~~~
toyg
s/Windows/Windows, OSX, iOS, Android and ChromeOS/g

------
acqq
On my new notebook I have some more services and _drivers_ from Intel (even
firefox add in!) that allow "remote management" and "remote authorization"
they are potentially even more worying. The hardware and drivers are supposed
to allow Intel to manage my notebook?

The notebook is made by Acer. If any company which has own drivers can have
remote access or have their hardware and/or drivers phone home with the data
from us, we're really in trouble.

Yesterday we've found that LG TV sets push to some servers all the filenames
on the local USB seen by the set. The comming years are going to be hard.

~~~
acqq
So I also have these Intel services for which I don't know the whole purpose:

-Intel Capability Licensing Service Interface

-Intel Dynamic Application Loader Host Interface Service

-Intel Management and Security Application Local Management Service

-Intel Managementand Security Application User Notification Service

I also observe that in the folder with HeciServer.exe that is in c:\Program
Files\Intel\iCLS Client\ there are also iclsClient.dll and iclsProxy.dll but
also openssl libraries and certificates, so obviously at least Intel's
HeciServer phones home.

Even stranger, all these services add immense amount of additional entries in
PATH, because there are 32 and64 bit versions and they need all every folder
thaey use (and they use a lot) in the PATH. Which also means that they somehow
don't know what they are doing as with manifests they wouldn't need PATH
entries for DLLs at all. And I can't imagine that one service invoke command
line for another one.

Intel made a lot of mess now.

------
corncobpipe
For what it's worth I've been trying to get NVIDIA to tell me what "NVIDIA
Capture Server Proxy" service does for a few days. It recently got installed
and if you search NVIDIA's website get get nothing.

I did a chat with a NVIDIA tech and they said "It is related to shadow play.
please do not worry about it"

I asked for some documentation and they replied "These are development
application so we do not have any documentation on this"

Uh, wtf?

I've recently figured out what 'shadowplay' is but the lack of documentation
and reluctance to talk about the service is disturbing.

~~~
pbhjpbhj
And shadowplay is ...?

~~~
corncobpipe
It's a video capture technology.

[https://en.wikipedia.org/wiki/Nvidia_Shadowplay](https://en.wikipedia.org/wiki/Nvidia_Shadowplay)

~~~
pbhjpbhj
So shadowplay is a way to record your screen without you noticing a slow-down
in the computer.

That Nvidia installed that without asking may actually be a rather worrying
thing.

------
Rockdtben
What bothers me is how they say "source codes" instead of "source code".

~~~
jcromartie
His name is probably not really "Michael" ...

------
veganarchocap
They've given a detailed explanation. They should have done so to begin with
instead of deploying their most cryptic forum rep.

------
Revisor
Today I found out I inadvertently bought an Asus motherboard with a service
called "Intel Management Engine Interface" (mei) which "enables remote
accessing to the PC including the management, monitoring and maintenance
irrespective of the operating system state and PC power state as well".

[http://intelmanagementengine.com/intel-technologies/all-
abou...](http://intelmanagementengine.com/intel-technologies/all-about-intel-
management-engine-interface.html)

It sounds to me like an official backdoor and I only found out about it
because it conflicted with suspend to RAM. I removed the kernel modules for
this service but couldn't find a way to disable it in BIOS.

Surprisingly - the product page doesn't contain any information about the
presence of MEI whatsoever.

Needless to say, I'm not very happy about it.

~~~
mschuster91
Oh, this is quite cool when you're in a corporate environment. It originated
from servers (iRMC and others) and is now a cheap alternative to additional
hardware monitoring cards.

~~~
Revisor
I understand that it's pretty nifty in corporate environments. At the same
time, however, it sounds an awful lot like a backdoor that works even with the
PC turned off.

------
timje1
Are the 'intel employees' the ones with _intel in their usernames on this
forum? These users aren't even marked as admins, just normal members... This
doesn't inspire confidence in these answers.

------
jotm
My HP laptop had a similar issue: the fingerprint software (made by Authentec,
owned by Apple) wanted an online connection for no good reason (I blocked it
with a firewall), and the control buttons software used to run a dozen
instances of a "DownloadAD.exe", taking up to 500 MB of RAM for no reason
whatsoever (I deleted the executable).

So duck these kinds of software/services that the owner of the hardware
"doesn't need to know/worry about".

------
mcguire
" _There is not a certain way the Intel Content Protection HECI Service, and
Protection FW Intel Integrated Clock Controller Service can be explain what
they really do. That information is kept with the engineers._

" _Also for the proper functionality of the graphics driver, I would not
recommend you remove them._ "

And I just got my new answer for technical questions that I don't want to deal
with.

Thanks, Intel!

------
chadwickthebold
I think this is an issue of incompetence rather than malice. Also, the title
is misleading.

------
wooptoo
That information is kept with the engineers in their ivory tower. Probably
mining Bitcoins with it.

------
skdjf
Premium content my _peep_

If someone els is running software on your system, it's not your system
anymore.

------
mikelyons
I morbidly wanted this to be another NSA scandal.

------
mephi5t0
For those who needs TL;DR - the The Intel(R) Content Protection HECI Service
is getting disabled :D

~~~
diggan
Those who want's a TL;DR probably wants a correct one.

Intel(R) Content Protection HECI Service

 _The Intel(R) Content Protection HECI Service is used to enable premium video
playback (such as Blu-ray) for Intel® HD Graphics. It does not collect any
user information. Disabling the service will prevent certain types of premium
video from playing on the system; however, unprotected video such as user-
generated content and YouTube_ videos will continue to play.*

Intel(R) Integrated Clock Controller Service

 _“Intel(R) Integrated Clock Controller Service - Intel(R) ICCS” is a service
used for accessing the integrated clock controller in the PCH to adjust the
clocks to the CPU (BCLK, DPCLK, and DPNSCLK). The graphics driver uses this
service to adjust the graphics clocks (DPCLK & DPNSCLK) to perform clock
bending. Clock bending adjusts the display clock frequencies to reduce screen
flicker. Originally access to the ICC registers was only available internally
to the PCH’s embedded controller (ME) so the registers were exposed to host
through the HECI interface. On Intel® 8 Series PCHs and beyond, the HW has
changed allowing the graphics driver to directly access the display clock
registers, and the “Intel(R) Integrated Clock Controller Service” should not
be necessary with those chipsets. In addition the “Intel(R) Integrated Clock
Controller Service” is used by the Intel eXtreme Tuning Utility (XTU) to
perform overclocking. Overclocking is more complicated with its larger
frequency range and dynamic configuration, so the PCH’s embedded controller
and SW service are used to abstract the ICC implementation. Disabling
“Intel(R) Integrated Clock Controller Service - Intel(R) ICCS” on Intel 8
Series PCHs will only impact the ability to do runtime overclocking with the
XTU. With older chipsets, it will also disable the ability to do clock bending
(meaning you may get additional screen flicker). “Intel(R) Integrated Clock
Controller Service - Intel(R) ICCS” does not collect any information._

~~~
toyg
TL; DR:

\- Intel(R) Content Protection HECI Service: Yo dawg, I've heard you like DRM,
so I put some DRM in your DRM'ed hardware.

\- Intel(R) Integrated Clock Controller Service: should help not frying your
gpu & getting less flicker on older cards.

------
snambi
if they knew, they will tell you. don't be too critical of them.

------
rjmarvin
There are answers on page two and this all played out months ago. Waste of
time.

------
bwf93
they do ssl error

