Company posts way to expose PIII ID number

A Canada-based security company that posted a demonstration of how malicious code can steal a user's Pentium III serial number without the user's knowledge has had its demonstration program targeted by Intel and Symantec.

Zero-Knowledge Systems of Montreal basically wanted to show Pentium III users the vulnerability the serial number poses, company president Austin Hill said.

"It's a traditional shoot-the-messenger approach," he said. "Intel is holding us responsible because we've demonstrated that Intel's scheme doesn't work and is susceptible to security breaches."

However, Intel and Symantec argue that the program could cause harm to users who ignore the Web site's warnings that the program will reboot their system. They also argue that the code could be used by others with less noble designs.

"Zero-Knowledge does have some warnings on their Web site, but it is possible that the code could be loaded on other Web sites without those warnings," said Intel spokesman George Alfs. "I don't think they have malicious intent ... (but) others could use the code to create harm."

"Why have the executable and run the code and potentially cause problems?" said Enrique Salem, vice president of Symantec's security and assistance business unit. "Making it widely available to people and highlighting it in effect makes people know it's possible."

To warn users of the potential danger from the program, Symantec has included the program on its list of malicious programs in its Norton Antivirus software so it is labelled as a virus when users of the Norton software go to the site, and they are warned that the code could disrupt their systems.

However, all sides agree it's not a virus -- Intel and Symantec say it's technically a Trojan horse, and they consider it malicious code since it crashes the user's system. A Trojan horse is a type of program that pretends to be or do one thing but actually does something else, usually something destructive to the user's system.

Hill of Zero-Knowledge disagrees with Intel's assessment.

"It's not malicious or harmful ... it's clearly labelled," he said. "We clearly warn users that this will reboot your machine in the demo."

Zero-Knowledge developer Mario Contestabile admitted that it's possible someone could re-use the code, which is digitally signed by the company, for malicious purposes, but said doing so would be much more difficult than just rewriting a new Active X control to accomplish the same thing as the demo does.

Specifically, the demo code (located at grabs the Pentium III's serial number before a software utility developed by Intel and designed to allow the user to disable the serial number can run, said Hill. The code then puts the number in a cookie and directs the user on how to look it up on a Web site, but then erases it, he said.

Meanwhile, Zero-Knowledge also has discovered, but is not demonstrating on its Web site, a way that the serial number can be made accessible through software at the BIOS (basic input/output system) level, Hill said.

"This is the first time anyone has proven that if you disable it (Pentium III serial number) in the BIOS it can still be reactivated," he said. "It's serious because Intel has gone to all the major manufacturers" and told them they can securely disable it at the BIOS. "Well, that is no longer a secure way," he added.

Alfs of Intel pointed out that the potential for software hacks such as these with the Pentium III have been known about for months.

"Any software is potentially hackable, including the BIOS software, and our goal is to continually work with antivirus software to protect the serial number," he said, adding that Intel is working on resolving the security issues.

"Users need to be cautious of any attacks on their system which may attack any part of their user data," including sensitive information other than the Pentium serial number, Alfs said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elinor Mills

PC World
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?