Slashdot Mirror

There's a list of where BIOS level Computrace is available on their BIOS compatibility page.

Depending on the laptop (in BIOS), you can use CompuTrace with Dell laptops.

http://www.absolute.com/en/products/absolute-computrace

Not cheap from third-parties

Au contraire:

http://www.absolute.com/products/endpoint-management/absolute-manage-mdm?tab=1

frankly, their sw seems like it would depend on OS side code quite a bit!

not just a little bit mind you. but so much that a fresh os install of any operating systems _on_ the list would render

this pdf explains the non-os side functions. http://www.absolute.com/shared/datasheets/ct-intel-ds-e.pdf . disable and poison pill. not dabbadabbadoo much(and for even that to work the computer has to connect to 'net).

While, I agree you should play safe, I have to also call BS on the ability of the BIOS to keylog a linux distro that isn't preprogrammed to allow it.

Take a look at the system requirements:

http://www.absolute.com/products/endpoint-security/computrace

Notice it doesn't support any distro of linux. I imagine you'd be quite safe using a live cd of any OS not on that list.

Keyloggers can be installed in the BIOS, though this is rare, it can be done.

Actually, it is not that rare. A company called Absolute is a pretty big player in the firmware level asset security control and recovery business. Every major vendor has models that embed their agent into the firmware of select machines. These agents persist through imaging/formatting. They allow tracking of IP address, geolocation on models with GPS, keylogging, remote bios lockdown, remote wiping, and more. You can see a list of models on their website at: http://www.absolute.com/partners/bios-compatibility

In short, I agree with the above posters. Play it safe and talk to your IT department. Ask them if you should buy your own laptop for non-work use or use a live cd.

do you know anyone who has actually recovered a laptop successfully using LoJack?

Yes.

http://blog.absolute.com/20000-recoveries-and-counting/

They don't 'bend the law' - They just do all the legwork for the police. They basically say here's a stolen computer, here's all the forensic evidence proving who the thief is and here's what you need when you go in front of a judge. They do all the (legal) investigative work that holds up in court.

Not entirely true. While they make the claim "Our software refuses to give up easily — even laptops with wiped or removed hard drives can be recovered." they also have a limited number of OSes they support, Windows and Mac only. IF the LoJack was truly hardware based it really wouldn't matter what OS you're running. LoJack doesn't support Linux so wipe it and put any version of Linux on the drive and you're in the clear.

Actually, I'd place good bets the real reason they stripped that feature out of Absolute Manage is that now they can make you buy two solutions instead of one to achieve the same task! (Hint: Absolute also makes LoJack for Laptops, which does exactly what the removed feature in Absolute Manage did. Nothing to do with lawsuits).

http://www.absolute.com/en/lojackforlaptops/home.aspx This company (based in Canada as I recall) has software you install on a laptop (could be a desktop) that logs where you log in each time you connect to the Internet. You can log in to their server and see it yourself. If it is stolen, they promise legal assistance to get the computer back. At a seminar years ago, they said that they relied on a network of retired law enforcement people, among others. And they said that usually when someone came to their door and insisted they had a stolen computer in their house, they usually returned it, saying they'd bought it on ebay, rather than face unknown consequences. They also have some relationship with ISPs apparently to get home addresses. Anyway, consider them for your next computer. Maybe give them a call or email with your information and ask if you can pay them to "work their magic". You seem to have the data they need. (and no, they aren't limited to Canada for retrievals, they also do the USA).

This in from Computerworld:

The company selling the software used by a Pennsylvania school district to allegedly spy on its students blasted what it called laptop theft-recovery "vigilantism" today.

Absolute Software said it dissuades users of theft-recovery software from acting on their own. "We discourage any customer from taking theft recovery into their own hands," said Stephen Midgley, the company's head of marketing, in an interview Monday. "That's best left in the hands of professionals."

Midgley confirmed that Lower Merion School District of Ardmore, Pa. was running Absolute Manage, formerly known as LANRev, which Absolute Software acquired last December. The suburban Philadelphia school district purchased and deployed LANRev prior to Absolute's acquisition, he said, noting that most school districts buy the software for power management features that let IT staff remotely power down systems.

Calling LANRev a "legacy" product, Midgley also said that Absolute would ship an update in the next several weeks that will permanently disable Theft Track, the name of the feature that lets administrators switch on a laptop's camera to take photographs of a potential thief after the computer is reported stolen. "It really doesn't serve any purpose," said Midgley of Theft Track.

All its theft-recovery software relies on a different model than the former LANRev, said Midgley. "We give no theft recovery tools to our [LoJack and Computrace] customers," he said. "The only truly proven model is a managed service model."

To kick off the recovery of a stolen or lost laptop, customers first must file a police report -- not a requirement of LANRev -- and only then contact Absolute, which in turn tracks the location of the missing machine via its IP address when the system goes online. Absolute employs a team of former law enforcement professionals who reach out to local police, provide them with the location information and then get out of the way. Software maker blasts 'vigilantism' in Pa. school spying case

Absolute Manage [LANRev] Automated Client Management for Mac and Windows Computers and Software

LoJack For Laptops

Google is your friend,

http://www.absolute.com/company/pressroom/news/2009/06/Absolute-Acer-IntelAT

Acer also have computrace, in fact it has the newer version, probably more secure. In fact, some Sony models also have it. Look for "ABSOLUTE" in a dmidecode dump. I think that most Netbooks don't have it, bot we don't have every notebook model to check.

Is disabled, yes. How do you know that? did you read the source? it's closed. If you want to have software that can remotely erase or read your data in your notebook, is up to you to trust Intel or Absolute.

Disabling it in the BIOS don't work.

Don't miss interpret us, they have a useful product. But it must be a little more secure, and *optional*.

I work for Absolute Software. Absolute reviewed the research paper, and the claims that there's a vulnerability in Computrace or Computrace LoJack for Laptops BIOS module are without merit and systems are secure:
- The Computrace BIOS module does not allow a special undetected path into the operating system. It is not a rootkit.
- In order for the Computrace BIOS module to work, it is activated by the end-user customer, not the computer manufacturer, upon receipt of the computer and activation of Absolute Software's products.
- The Computrace BIOS code alleged in the article to have this vulnerability is old code that was not officially released into a BIOS and, to Absolute's knowledge, has never been active in the BIOS of any computer.
- If a malicious attacker were able to alter the BIOS code, any popular anti-virus software would alert the customer.
- The Computrace BIOS module currently on the market is not susceptible to the risks claimed in the article and therefore none of our customers are at risk for this specific type of attack.
Absolute has issued a statement to the public, refuting these claims and explaining their position at length here: http://www.absolute.com/company/pressroom/news/2009/07/refutes_claim

A list of participating manufacturers is right there on the company's web site: http://www.absolute.com/partners/bios-compatibility

My company recently investigated the LoJack system after one of our laptops got stolen. It's impressive technology. The sales rep talked up how "fortunate" they were to get the cooperation of many BIOS implementations from the folks who make BIOSes. I don't think that's fortune at all -- it's a corporate deal. Whatever.

It's common but not all-pervasive. (yet?) I looked for my laptop on the list and didn't find it, though, so it's not exactly all-pervasive. It's intended for corporations and individuals who want it.

While the inclusion of this feature into many BIOSes is kinda creepy, I'm not terribly unsettled by it. It does, however, make me want to pursue the open BIOS initiatives.

When doing our research we couldn't find a notebook *without* the Computrace agent.

You didn't look very hard then, did you? Acer don't have CompuTrace and finding one of their notebooks is hardly challenging. According to the most recent data from NPD's DisplaySearch, Acer has the second largest unit-volume market share, with 16% of the global notebook shipments (excluding netbooks) to themselves.

Obviously you know that, because as the ZDNet article based on your presentation stated, fully 40% of all new notebooks don't include Computrace. With nearly half of notebooks not including the technology, it's obviously pretty darned easy to find a notebook without Computrace. Polemic statements like that still don't do your credibility any good, though.

From the Lojack compatibility list here is a list of company:

          ASUS, Dell Fujitsu, GammaTech, Gateway, GD Itronix, Getac, HP, Lenovo,,Motion, Panasonic, Toshiba

You can find a list of models on the "bios compatibility list"

I was just thinking the same thing. Considering that the list of models with this stuff in the BIOS doesn't include Acer, who ship more laptops than anyone else, or HP, or several other big players, I'm a bit sceptical of that figure. Still the list is quite extensive, I'm a bit surprised I haven't heard of this.

Website: http://www.absolute.com/products/lojack
FAQ: http://www.absolute.com/resources/public/FAQ/L4L-FAQ-E.pdf

Costs $59.95/year for the premium package which supports Remote Wipe. Embeds itself in the BIOS/EFI. Supports XP and OS X.

Website: http://www.absolute.com/products/lojack
FAQ: http://www.absolute.com/resources/public/FAQ/L4L-FAQ-E.pdf

Costs $59.95/year for the premium package which supports Remote Wipe. Embeds itself in the BIOS/EFI. Supports XP and OS X.

Reformatting the pc may not always be the solution.
There are tracking software that can be installed on the BIOS firmware.
http://www.absolute.com/products-core-technology.asp

Yes, there is a product, computrace makes a product that is installed at the BIOS level on a lot of corporate level laptops. Even if you replace the hard drive, it reinstalls itself.

We reviewed a similar, web-based product here at my place of employment that provides similar features such as tracking and remote "bricking." The rep claimed, like their website, "Most Computer manufacturers also provide embedded support for Computrace in the BIOS or Firmware of the notebook computer" which would indicate that any BIOS updates would include the firmware. The firmware rebuilds the client software on the machine so it may "phone home" and enable deletion of files and the OS. However, the software is dependent on Windows. The representative conceded that installing Linux renders the firmware useless.

The Agent can survive a hard drive re-format, F-disk command and hard drive re-partitioning.

dban.org How it Works :)

• You install the client software on your computers using your preferred method â" this could be an MSI installer, login script, image or any other deployment method that works for you. It's easy and itâ(TM)s secure. The client software is small, stealthy and hidden on the computer. The end-user will not even know it is there.
• Your computer reports location, user, hardware and software information to our confidential, secure Monitoring Center every day it connects to the Internet.
• You track and manage your computer assets, including remote/mobile computers, using reports, alerts and administration functions from the secure Customer Center website.
• If your computer is lost or stolen, the Absolute Recovery Team works with local law enforcement agencies to track the location of the computer, secure subpoenas and warrants and return your stolen computer to you.
• If you choose, and at your request, an optional Data Delete function can be performed on your stolen computer to keep sensitive data from falling into the wrong hands.

Them ten dollar words sure do make it sound like much more then glorified software over protective parents would use after they install on a governer on little snow flakes 93 civic....

What... where... am i?

I'm not entirely sure, in general. Some laptops (including mine) have part of CompuTrace built into the BIOS, so it can persist across hard drive reformats and replacements. I have no idea how it actually manages to integrate with the newly installed OS and access the internet to continue tracking the computer after a hard drive replacement, though. http://www.absolute.com/products-bios-enabled-computers.asp I discovered this by accident a few months ago when I was looking at a hex dump of my BIOS for fun and was quite surprised to see a "CompuTrace" message in there.

Q. Can ComputracePlus be detected?

A. .. snip .. The Agent can survive a hard drive re-format, F-disk command and hard drive re-partitioning.

http://www.absolute.com/computraceplus/faqs.asp

Here's the list of manufacturers who have Computrace pre-installed in their BIOSes:

http://www.absolute.com/products-bios-enabled-computers.asp

It's right here:

http://www.absolute.com/products-core-technology.asp

"the Computrace Agent can survive operating system re-installations, hard drive reformats and even hard drive replacements"

No offense but do some research and look at Computrace's website.

You can read more here:

http://www.absolute.com/products-bios-enabled-computers.asp

http://www.absolute.com/resources/theft-recovery.asp

>slightly smarter thieves will format the machine first,
>completely removing the tracking software.

Most thieves reformat anyway, so they can sell the machine.

When they reformat, Computrace will self-heal from the bios, re-install on the hard disk and make a call to the monitoring center. You can't defeat it through a format or hard drive swap.

http://www.absolute.com/products-core-technology.asp:
"If the hard drive is reformatted or replaced, the Computrace Agent support in the BIOS rebuilds the necessary application files on the hard drive as required by the customer."
So, if I wipe it and install Linux on reiserfs or something even less well known, its gonna read that, modify my files and boot config just so, and then launch this computrace software natively in linux (they couldn't depend on WINE being installed)?
Or what happens if I install an O/S using an encrypted filesystem? Where are you going to write your native client if the disk is all encrypted garbage?
Also, if you guys developed a Linux version, why not say so? Subterfuge?
ac

Absolute Software might have what you want:

Absolute BIOS-Level Protection

(Disclaimer: Not involved with these guys at all -- did a training session with some of their developers several years ago, and was impressed by their pitch)

You can read more here:

http://www.absolute.com/products-core-technology.asp

Browsed a little more on their website and found this tidbit: http://www.absolute.com/products-core-technology.asp Looks like the BIOS install I was talking about only works if an OEM mfrer puts it there. I'm not sure if as a personal product you can get that functionality (self-repair even after hard drive wipe or re-image of machine). We use Gateway machines here so we have it pre-installed into the BIOS so the hard drive wipe scenario or hard drive replacement or service disable doesn't matter. The BIOS will detect it and stick the software service back on automatically. Also, if it is just monetary they will pay you (under some conditions) if they can't recover your machine.

Dell has been embedding Absolute's Computrace in many of their laptops (I'm typing this on a SuSE 10.2 install on a Dell Latitude D820 that has it enabled). Once you enable it in the BIOS, there is no way to disable it without physically removing and replacing the chip.

Our University is using CompuTrace/Lo-Jack on our laptops. AFAIK, this is built into the BIOS and is not something that nuking the OS etc can remove. It allows for tracking location OR the option of remotely nuking the data on the drive to stop identity theft. It is a pretty widely used system and I think they are also responsible for the Lo-Jack system that Police Departments use to track physical equipment such as construction equipment when it is stolen. The website is here: http://www.absolute.com/laptop-security-solutions.asp

A friend of mine recently got a position with Absolute in Vancouver BC, and according to him, one of their biggest uses is in the business world to deactivate/sanitize computer systems rather than recover them. Basically the loss of the equipment for a company is not the biggest worry -- it is the possible compromising of their data. The installed software give some assurance that the stolen laptop has been wiped and that the company's liability for unauthorized access to private data has been minimized.

Sounds like the FBI needs to invest in tracking software such as Computrace: http://www.absolute.com/

We use this software at my job and have used it to successfully track and recover stolen laptops several times already. Many laptops from manufacturers such as Lenovo, Dell, Gateway and several others actually can store the tracking agent within the BIOS itself so that it cannot be removed (unless you change out the motherboard). If a new hard drive is installed into the laptop, the agent will reinstall itself onto the hard drive from the BIOS. It also has the ability to wipe the hard drive clean remotely if the laptop is found to be stolen.

I administer a network of over 8000 computers, half of which are Apple computers. We use a program from http://www.absolute.com/ called Computrace (Win/Mac) and it writes a piece to the BIOS that calls home REGARDLESS of OS reinstall. If removed, it will reinstall the software to call back home. Can it be stopped? Yes, but only with packet captures and other assorted goodies. Works really slick and it has been tested.

Clever idea. Here's something a bit more advanced, but it costs money ofcourse. It's called Computrace and it's available on just about any laptop (they even have an OS X version). Their tracking agent attempts to make a call out to their servers every 24 hours. If it doesn't have an active internet connection, it will attempt to dial out through the modem if a phone line is connected. Newer Dells and IBMs actually store the tracking agent in the systems BIOS, so unless they plan on changing the motherboard out they're out of luck. We use this at my workplace quite extensively now, and have even used it to track "missing" laptops successfully. Check out their website for more info: http://www.absolute.com/

See Absolute's, not LoJack's site http://absolute.com/Public/computracepersonal/note book-security.asp for details.

Computrace Agent
The Computrace agent is a small, software client that resides on the hard drive of host computers and enables Absolute's services. Easy to install and unobtrusive to the end-user, the agent requires minimal bandwidth in its communications to the Monitor Center.

Computrace Agent
The Computrace agent is a small, software client that resides on the hard drive of host computers and enables Absolute's services. Easy to install and unobtrusive to the end-user, the agent requires minimal bandwidth in its communications to the Monitor Center.

Come on Slashdot. What is this, news for AOL users? This kiddie crap. Yes, most thieves will just boot the computer with Windows and try to get on the net. But this is Slashdot. We're nerds or something. And this ain't F***ing news. If I got a laptop that was stolen, hell if it was used, I would format it:

From the website: www.absolute.com

Q. Can Computrace Personal be removed?
A. The Computrace Personal software is a low-level utility that is as tamper resistant as a disk-based utility can be. The software can only be removed by an authorized user with the correct password so please be sure the password is stored in a safe location and not on the protected computer.

Q. What happens if a computer's hard drive is removed?
A. The software resides on a computer's hard drive so if the drive is removed the computer will no longer be protected and can not be located if stolen or lost.

http://www.absolute.com/Public/computracepersonal/ faqs.asp
Wow, what great protection.
Come on!!!!! This ain't even hardware!!!

If you don't have physical control, you don't have security. Okay, strong encrypted data may be safe from prying eyes but how many people, after getting a stolen laptop back, boot it immediately and "check" everything? Can you say keylogger trojan?

Computrace is a piece of client software that "phones home" on a regular basis. It provides NO protection against things like formatting the hard drive before connecting to the Internet. http://www.absolute.com/Public/products/techplatfo rm.asp

Oooo... it uses an ENCRYPTED connection. Explain to me how this stops "fdisk; format c:" or "fdisk; mkfs /dev/hda1"? How about booting from alternate media like a USB key, floppy or CD?

This must be designed to nab the stupid criminal, who jacks in as soon as they boot.

On the other hand, with the prevalence of open WAPs, it is quite possible a laptop with a built-in wireless NIC will connect and phone home before the hapless thief realizes it.

-Charles

Their patent is so broad that it covers things like capturing an IP address, and visually notifying users on the computer screen. They hammered poor Tometa software into a licensing agreement because they didn't have the resources to fight back.

http://www.absolute.com/Public/main/patents.asp/

Our company had a few of it's laptops stolen recently and I took the liberty of investigatin in some of these Laptop Tracker tools.
What they do is randomly check for Internet connection and sends out a packet to help track it down. If it is not connected it will try to dial a predetermined number to help locate it. The company who keeps track of all this information will then work with the authorities to track it down. It is not really dependant on the OS and can survive reformats.
The only problem is that all is lost if the theifs wipe out the partitions (which happens if you do a full install of say..Windows 2000 or XP.)

Since then I've been looking at creating my own that is independant of the OS and does not reside on any partition.

Using LinuxBIOS as a replacement for the original BIOS this minature Linux has the potential to do whatever I need.
Set it up so it freezes on the lack of a dongle plugged in or have the ability to initialize the ethernet device and try to reach the outside world.

I doubt the the project managers of LinuxBIOS had any of this in mind and it needs to mature a little bit more before this could really work but once abled, but this project could really help out laptop owners.

Computrace, amongst others.

Absolute Software makes such a product. It periodically polls the company's servers with location data (like the phone number you are calling out to the Internet with, or your IP settings). It will even stealthily call out by itself to the Absolute servers by a 1-800 number even if you are not connected! Call-blocking, etc, is all covered, the software will get your phone number.

So when your laptop is stolen, you just contact the company and it will monitor the location of the laptop the next time it is hooked up, contact the cops, etc. A lot of corporations have used this, with recovery success. And the kicker is, the software is installed such that even if you reformat the hard drive, it still works! I don't know how this works but it does.

Check it out.