A hardware solution to the vPro / AMT vulnerability

Intel confirmed (here and here) that using a separate NIC card instead of the on-board NIC will prevent AMT from running, as only the NIC built into the chipset communicates with the ME and AMT. And it does not matter which chipset vendor -- Intel, Realtek, etc. -- or bus type -- PCI or PCIe -- the card employs. This solution won't work for laptops, but it's one way to prevent attacks.

And don't keep your modem / router powered-on when you are away from your computer(s), as ME runs whenever it is connected to a power source -- for a laptop, it runs as long as the battery has power -- and is connected to the Internet.