Slashdot Mirror
Phoenix Unveils Anti-Theft BIOS
linuxwrangler writes "According to articles at PC World, c|net, Internet Week and elsewhere, Phoenix Technology is introducing a new BIOS-based anti-theft system. Every time a TheftGuard equipped machine connects to the internet it pings a server at Phoenix which can instruct the machine to wipe its hard drive, report its location or disable itself. Given that most people don't want to have their every movement tracked and don't want someone else to have the power to wipe their drives, Phoenix figures that corporate clients are the prime customer. I just wonder who is liable when a company sells a surplus laptop on eBay but gets their inventory control screwed up and reports it as stolen..."
It was stolen. Police are investigating.
Last I checked, the BIOS was in a socket. What stops someone from swaping out the bios chip before turning on the box?
If this technology were to fall into the wrong hands (read government, RIAA, others) life could truely suck. I hope it never materializes in its current form, or we could have a rather large problem on our hands.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
"...which can instruct the machine to wipe its hard drive, report its location or disable itself."
And they would accomplish this how?
I wonder if that kind of system would be vulnerable to spoofing attacks? That would be a pretty nasty trick to play on someone; erase their hard drive by puting a phoenix spoofing server on their network.
What happens if the user is running Linux? I can't see the bios pinging anything without the help of the host OS. Let alone erasing hard drives. Linux will become the thieves OS of choice. It's my OS of choice when looking at a computer that's been disabled by a virus.
if somebody know you have this 'protection' simply use the computer without an internet connection, or even take out the harddrive and but it another machine.
read the article?! of course not...
I know you are psychotic, but please make an effort.
Damn Mozilla!
How the fuck do you send a format your hard drive / disable yourself / do a little dance command over a ping response?!? By changing the response time???
I logged more hours going back to corporate offices and disabling these "features" and assisting their admins mine out old data then I did installing them. I had to stand there and be told how "God damned stupid all of these features are, and how stupid Dell is for using them, and how stupid you are for working with Dell!!!!". This is when I was 19 and had no more business/customer support experience/skills then a guy serving fries at McDonald's. The shit sucked.
Murphy's Law dictates that the benefits of this idiotic and restrictive measure will be over shadowed by it's rare glitch and/or user incompetence which results in the loss of data.
What happens when your battery dies on the SQl server, and the default settings enact this horrid "feature" and your hard drive is slicked? How bad will it suck when it happens to the CEO's assistant's laptop and she comes storming into your pitiful excuse for a NOC right before you were supposed to go on lunch?
Just imagine (no, not a beowulf!) someone breaking into the Phoenix site and instructing every HD to wipe itself. Now Nimbda looks like a joke...
Opus: the Swiss army knife of audio codec
Aww! How do we expect to get an "early release" of Doom 4 now?
it pings a server at Phoenix which can instruct the machine to wipe its hard drive, report its location or disable itself
Umm, so it's got a built-in GPS receiver too?
I'm curious as to exactly how it's supposed to know where it is.
I am surprised that federal departments/agencies have not developed this yet given the large numbers of laptops that go missing every year. Some of them even have classified data on them with the classic example being a certain former head of the CIA who was a little loose with his Powerbook.
Visit Jonesblog and say hello.
Why not just encrypt the whole hard drive or the just sensitive data? To the thief, it's as good as it being erased.
Besides, in either case, if the thief were an enterprising individual they could recover the data. Empty hard drive? Just do a low level scan. Encrypted hard drive? Spend lots of time and resources trying to crack the key.
With that, why not go for the least destructive measure? Unless, of course, Phoenix is going for the Mission Impossible market -- this laptop will erase itself in 20 secs...
just a thought: how many corporate (or otherwise) IT admins would actually trust a system that enables someone beyond their control to remotely wipe their hard drive clean?
Block all traffic to Phoenix at the router.... block ICMP packets, etc - but definitely a deterrent to the common, low-tech thief.
what if you restrict the pings to the phoenix servers? i'm sure people will put up the IPs eventully.
and what if i completely disconnect it from the internet?
I'm the Devil the Windows users warned you about.
I would like to report that as a beta tester this new bios has served me flawlessly. I have 100 percent faith that I will never suffer any loss of data on its behalf. For all you skeptics out there I can guarantee....
<CARRIER DISCONNECTED>
As if it is not already easy enought to erase all the contents of your hard disk i am not going to intrust all that information to a computer & a company that i will never see and don't even know. Can anyone say BIG BROTHER. What will become of 2nd hand computer sales the world over if every time I run a machine with a Pheonix BIOS I can run the risk of destroying my hard disk. What sort of authentication does it take to set a machine to be erased? I could do my friend a favor and remove windows without even telling him. Sounds like someone has been talking to Microsoft.
(Without reading the article :)
How long do you think it will take before someone figures out how to fake those 'wipe harddrive' commands? Looks like a smiple case of packet-sniffin' to me.
"Hey d00d, watch what happens when I run THIS phoenix-nupe script...u r s0 0wn3d l0s3r"
All together now:
"I will place my trust and the fate of my harddrive in the hands of script kiddies"
Reports my location as well??!?
Huh?
Why? Do they have guided missiles lined up for nasty computer thiefssess?
Microsoft, the RIAA, and other such organizations have been misusing the words piracy and theft to such an extent lately that the instant i saw anti-theft in the headline my immediate, visceral reaction was to think okay, whatever this is, it has nothing whatsoever to do with preventing theft, and is probably just there to prevent you from fully using your computer, until a split second later when I remembered who Phoenix is, and that if phoenix were selling an "anti-theft" BIOS that would actually be what it is.
-----
I wonder if we're going to just kind of accidentally grow into some kind of wierd, reverse "newspeak", like in 1984, except instead of the government purposefully banning negative words, dodgy politicians, media outlets, and corporate officials will simply misuse all of the negative words there are until they've all lost their meaning in the public mind.
[Sometime in the indeterminate future, New Palestinian Liberation Army breaks into Joe Archetype's house and robs him of all his belongings to sell on the black market to finance their bombing raids, and spraypaints PALESTINE FOREVER on the inside wall. Joe goes next door:]
"Help me! My home has been breached by terrorists!"
"Hm? What's the problem? If you have anti-war protestors in your home, can't you just ask them to leave?"
"This is serious! They've stolen all my furniture!"
"So.. they've made copies of all your furniture? Not very nice of them, i guess, but what's the big deal?"
"ARGH!"
"Maybe you can file a DMCA complaint, i guess."
Something like TheftGuard? It's like saying "TheftGuard is OK. But check out things that are like it, and you'll really be impressed."
A growing number of boxes these days are behind routers or using winmodems, neither of which is easily supported by the limited space on a BIOS chip.
:-)
Then again, thieves are more likely to steal a dedicated T1 line on a BIOS-supported ethernet card than the rest of us
You can't judge a book by the way it wears its hair.
Personaly, I'd like to see this stuff set up to allow arbitrary code to be run after boot, so you can see just who stole your crap, and what they're doing with it.
I wonder how hard it would be to 'whipe' the system clean, though? A simple cmos clear? is it 'always on' and pheonix simply ignores the problem unless you call up and complain? Of course, one could easily strip out all the goodies and leave the motherboard, which isn't even worth all that much these days anyway. Kind of like how a stolen car, when found by the police, would be nothing other then a frame and a lojack box...
ReadThe ReflectionEngine, a cyberpunk style n
Why not just rewrite the BIOS and flash it to disable or eliminate these features. Of course only your Uber Geek would be able to do this (certainly not I) and IMO, if he/she can do it, they've EARNED the laptop.
Once this BIOS is hacked (assuming it can be), how long before copies of BIOS start going out over Kazaa?
There is nothing inherently safe about liberty. That's why so many people died protecting it.
Does this just stop people stealing computers, or will it stop them stealing product names also? ;)
(ducks for cover)
I just wonder who is liable when a company sells a surplus laptop on eBay but gets their inventory control screwed up and reports it as stolen...
Exactly the same thing that would happen if someone checked the serial number and found it was reported stolen. Police investigate, the owner provides a transaction history, the original owner discovers the mistake, charges get dropped, original owner gets sued for negligence.
And should the HD get erased the FIRST TIME someone connects to the internet, it's not likely to create any serious data loss issues. The owner would probably think there's just something wrong with the computer. They'll complain, the problem will be discovered, etc etc.
Of course, this theftguard assumes a number of things. Certainly the BIOS won't have any interaction with the internet unless the OS permits it. Any intellegent thief would wipe the drive and resinstall without ever booting it, let alone connecting it to the internet. There are many other ways to trace a stolen computer once it gets online, assuming the OS wasn't reloaded first. Having a machine "check in" isn't a bad idea in theory, but there's no particular advantage to using a hardware solution over a software one.
-Restil
Play with my webcams and lights here
I cannot seriously see anyone accepting this tech.
Corporations *might* but only if they can set it to poll THIER servers, and have it under their control.
Personally though.. it scares me that MS and their "Trusted Computing" scheme Might force this onto the users..
There is only three people/organizations that should have the ability to remove/restrict "owned" things... Me (the owner), The LAW (only after following the judicial system) or Judge Dredd.
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
people install windows xp everyday and it wipes your drive without asking: I'm not seeing the difference here
When a TheftGuard-equipped system is stolen, the owner provides instructions through the TheftGuard web site. The next time the lost computer connects to the Internet, TheftGuard is activated and either disables the machine, wipes its hard drive, or transmits information on the physical location where the signal originates.
The problem with this seems to be that TheftGuard only performs actions after the stolen computer is connected to the Internet. And by the time that happens (if that happens) it's too late. My understanding is that when computers are stolen, the data on them is what's sought, as it is what's most valuable. And once the data is in the wrong hands, it's too late. The data on it can be copied to another place, and perhaps individual hardware components can be removed and sold. Am I wrong about anything here?
Laura
Horrible conspiracy, evil company, dark secrets, omgtheyownyou yadda yadda blah blah This sounds like a great idea and I would the first one in line for a mobo equipped with such a BIOS.
In my organization, we have been using Computrace which serves the same function. The software installs into the computer's boot sector and is nearly invisible if you don't know to look for it. It contacts the Computrace NOC frequently over IP or modem and reports it's IP address (or caller ID). We now have a pretty nice log of where all our laptops go. The software isn't capable to destroying or disbling the PC, but it's invisibility and reporting features are enough to make it useful.
Computrace reports having retrieved a number of stolen computers based on the data reported by the software. It's definitely useful for any corporate IT department!
So I won't be buying any machines that use a Phoenix BIOS.
What's new?
http://jesus.everdense.com/
It seems as if this technology is built around protecting data that's already on the computer. I'm no thief or anything but if I stole a laptop the LAST thing I would do with it would be to hop on the internet.
From my experience, CEOs usually have very very fine assistants.
Hey, maybe she is actually very technically capable, and consciously activated the erase-all-data feature just so have an excuse to talk to you, give you a chance to ask for her extension etc. =)
Aww shutup and let me daydream.
My life in the land of the rising sun.
Try the veal.
"Since TheftGuard's also in the BIOS, even if you remove the hard drive, we can still track or disable the machine, or wipe the drive," he said. Another trick that can eradicate anti-theft software -- running FDISK to reformat the drive -- also is foiled by TheftGuard's place in the HPA section of the hard drive, which is immune to simple reformatting tools.
Any hard disk forensics person will tell you the wonders of dd and netcat working together. Adjust the dd parameters a tad, and the HBA is no longer a problem. If they think the bad guys don't have access to this knowledge, they're as FDISKed as they seem.
This is seriously stupid, so it must have come from marketing, not the techies.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
A 500V shock direct to the testicles?
... I guess anything with Phoenix BIOS can't safely be used for mission-critical systems then.
I remember reading an interesting article somewhere about a guy who got his mac back by using some remote software on there. It reported its IP address every time the theif connected to the net and as I recall, the guy was uploading scripts to it and so forth to get it to do various things to help recover the box.
I remember thinking at the time that this was a neat idea, but having a third-party with the power to frag my hard drive does not fill me with comfort.
Regardless of how the system works at the technology level, it is potentially open to attack via social engineering... "Hi Phoenix, it's Fred from SCO... those nasty Linux people have pinched my laptop... yep, frag it please..."
I hear people here rant about the evils of microsoft, which I will be the first to agree they are a big evil, but seldom do I hear about the BIOS monopoly.
I'm i'm not mistaken, award, ami, and pheonix are owned by the same company. Atleast Award and Pheonix seem to be at anyrate. I could be wrong about this, but this would be due to the lack of attention on this little piece of software you are required to buy.
Unlike the Microsoft software where you at least (all though arguably) have a choice to buy a system without it... the same can't be said about the BIOS. Now they have a good product... worth paying for, though I wish they would have added some more *nix like features quite frankly, and it's a pain when one motherboard has for example the Symbios boot for cheep scsi cards feature, where another motherboard with the same make bios is missing that feature, dispite the fact that it's been shown this could be added with ease, and heaven forbid any end user requests for these features present in one and not the other.
So, when Pheonix decides to be most irrating and implement systems like this, who are you going to turn to? I honestly don't know the actual cost of the bios licensing and it's cost per PC motherboard, but I'd wager to guess it's pretty cheep... based on what i've seen in old computer shopers, some companies were charging like $20 a chip. I assume it's a sub $20 per chip fee. I personaly am happy to pay it, as these companies pretty much became comercialy viable because they undersold Compaq and IBM, and dispite their flaws they are the lesser of the big blue and wannabe blue.
This is one of those products that you pretty much either *assume* you have legit license for, based on faith that the motherboard maker. For your average geek, it's pretty much a simple task to establish wether or not you have license for the product.
It's also one of those products that the end user doesn't typicaly pirate. Pirated, or rather, bootleged bios are typical found on the cheepest motherboards available. I do not feel that this is the solution as it's not typicaly the end user pirating their product, it's little no name companies that buy their product bulk from the likes of PC Chips and resell them without a licensed bios.
*SOLUTION* why not ask for cash? You may say what you will about these companies, but unless the freebios projects mature enough there isn't really much of an alternative, and it is a product worth paying for as it does make the system work, and i'm all for supporting them as they pretty much are, in part, responcible for the whole clone market, until something better comes out. If their product is indeed typicaly sub $20.00 for that little holographic sticker, this is a VERY small price to pay for updates. During y2k, they would have made a KILLING on all those cheep ass funky motherboards if they were able to provide on their website the correct bios based on it's ID number, explain that you need to pay $20.00 to download it, rather then the more foolish end users who bought copies of that Symantic product to compensate for only level 2 complience.
The alternative is getting bad press about some little old lady who bought a system on good faith, who in good faith bought a system, getting her hard drive wiped because of someone else bootleging a product she doesn't understand exists.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Yup, time to tighten up my outbound firewall rules.
the no
On how something like this would actually work. It would almost certainly be restricted to:
1) Onboard ethernet
a) Plugged in at boot, during PXE/BOOTP/etc.
b) On a network with DHCP, or at least forgiving gateway routers.
2) A modem that attempts to dial an 1-800 number or some such during boot.
Modern OS (i.e. not Win9x/ME) don't invoke the bios for anything major after the initial bootup; by the time they get the network settings enabled, the bios is left behind. (PPPoE, VPN, static IP, whatever).
Does anybody have an alternate suggestion? Am I off about something (can the BIOS hook itself into the timer interrupt and invoke itself or something?) Or is this fairly useless to anyone who knows it is there?
"'Tis great confidence in a friend to tell him your faults, greater to tell him his." --Poor Richard's Almanac
And when they go to capture the thief, and the HD has been wiped, resulting in loss or lack of evidence, how much harder is it going to be to build a case? It only has to be a little harder, and the authorities are going to lose interest in this idea, me thinks.
This is a far saner, less failure prone solution to "The Problem". I have already seen similar hardware solutions used by a friend who develops commercially sensitive commerce stuff, the laptop's a paperweight without the key-card.
Only keep your keys on a something like a USB keychain rather than proprietary hardware. Then attach it to said employee's security pass so they don't leave it plugged into the laptop (or keep a log that emails you every time the laptop is shut down with the USB key left plugged in).
But alas, I can see the PHBs of the world will demand the Mission Impossible version because it sounds cooler.
Xix.
"Everything is adjustable, provided you have the right tools"
It always amazes me when some student at my campus steals a lab computer and doesn't think that our DHCP server will let us know the next time it gets plugged back in to our network. Over half our stolen computers get recovered that way. Just last night, one was stolen (end of the academic year is always bad for theft) and the kid decides to plug it in in his room. He really should have waited 5 more days to use it and he would have graduated on time. Now he is facing expulsion. Idiots!
Wow. I can totally see something like the Slammer virus coming along and either wiping out Phoenix's computers and screwing them up badly, or just attacking all computers and forcing the ones with this BIOS to do some pretty nasty stuff. Of course, this will only teach more people to back up their data more often.
Kind of reminds me of Hackers. "Hackers of the world unite!"
woot.
I sell out to The Man every day.
Now, just how upset would you be if someone came to your door and said that the laptop you bought on eBay last week was stolen? Granted, you'd try to contact the seller to get your money back, but if he's been even the slightest bit clever about things, you might never find out who it was. Further, even if you *DO* find out who the guy is, you still won't get your money back because he'll probably be doing jailtime in the very near future, if he isn't already. Of course, you can legally sue him, but just how do you think you're going to collect?
Not that I'm saying that theft should be ignored... it shouldn't. But doesn't anyone think that efforts might be better spent on technologies that might enable them to catch the criminals *BEFORE* they exploit someone else?
File under 'M' for 'Manic ranting'
now that would be THE anti-theft feature. who would screw with that? /me wonders....
http://music.x757x.org/ - techno dj mixes for your pleasure
...if my network connection is down? Will my machine refuse to boot?
I think some of the technical folks on here have missed the point: A 'ping' signal doesn't have be the regular ICMP ping. It could be any sort of protocol that requests an echo back from the target.
...just my 3 cents worth (Canadian funds :-)
I do think that an awful lot of people on here are getting the point: What happens when I, mister malicious black
hat decides to spend a little money on research material and aquires, by one menas or another, a few of these units for destructive testing and reverse engineering? Now I can spoof the Pheonix server on any given LAN and - proof - Merry Christmas, Bob's your uncle!
I can see the military and paramilitary organizations liking something like this. I'd also be surprised if they don't have something similar under lock and key right now. If I recall, most of the concern over the laptops wasn't over the data on them, but more over how the security procedures when awry. There were one or two that went missing from internal areas that wouldn't have been equipped for travel, but they likely wouldn't have been protected by this system either.
Personally, I think people fall into one of two categories:
1) The stupid/ignorant. These people wouldn't buy this BIOS anyway. They're gonna be hooped when their data gets lost/stolen.
2) The paranoid. These people are probably already using strong encryption, finger print scanners, etc. They're gonna be hooped as well... unless they were paranoid enough to do regular backups! Admittedly, the thief won't have access to the data, but I suspect most of the stolen laptops get wiped shortly after the thief copies the porn off for his own amusement anyway.
I see IT managers loving this because it covers their arses. I see the users either not needing it or not liking it.
-Rob
It helps if a security feature isn't as easy to defeat as a 6 month old child in a karate match. Even a moderately savvy data theif is going to yank the drive and set it up as a secondary drive in another system, not boot the damn thing with a live internet connection.
So basically this keeps the data out of the hands of the inept theif who almost certainly doesn't have the desire or use for the data and wasn't attempting to access it in the first place, but does nothing to protect against the attacks it is marketed against. DOH!!! Other than that it is a pretty stupid idea though.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
I can't believe how many friggin people are asking how they would know location. Do you people think you really are anonymous or something? Maybe you just don't have any in depth knowledge of how this big network you use everyday works?? IP addresses...friend or foe?
- where can I buy one? :D
- how do I circumvent?
Uses onboard LAN only?
A blog I run for the wealth
I see all these posts about sniffing and other attacks but how about the question of how Theftguard's website actually authenticates that YOU are the owner of the pc being reported stolen. What if the data needed is ON the pc or some other easily bypassed measure. This is doomed.
It's cheep security, None of the peripherals seem to be protected and that's the meat of any system.
If you buy a used PC with that system in it you should have the ability to contact the maintainer of the system to work out ownership transfer. There should be no fee for this.
Prediction by MrPredicter:
One week after deployment a copy of the BIOS will be posted to usenet, Seventy Six Milliseconds after that it's cracked, patched and offered on WareZ sites with instructions on how to burn, unplug or desolder and install the new chip.
Fixing the above, off the top of my head:
Hardwired into the motherboard is a distributed encryption device that holds all of the motherboard chips, drives, ram and compatible installed cards in an inactive state until a USB or other device is insterted. The unlocking device needs to have been activated with a PIN prior to insertion so that the secret key inside can encrypt a challenge response with the devices in the computer. The device in the computer should also do realtime transparent encryption of the drives and offer network encryption as it would be trivial to add. Internal keys in the device would be the provence of the local IT security staff, they could not be changed by the user.
One nice feature of this method is that, with a well setup OS each users network presence (data, settings, drives ect) could be transparently encrypted, each PC would be generic with no user or company data stored on the PC just on the network. Other networkable protocols could be implemented. I think Linux is close to part of this done in software.
The device would need to be distributed, that way an attacker would have to compromise every device in the computer to make any use of the computer. Even the ram would not be of use.
It would be possible to do this in a compatible way to protect the addons use extenders/risers that contain the encryption receivers which would be epoxied to circuit cards, drives and ram would slightly reduce cost and void warranties but allow easier upgrades by just adding a riser. The other method is to order specially modified hardware and only the Motherboard needs this. Yes, there are all sorts of drawbacks mostly stability issues and the CPU is stil not protected from theft.
Isn't there some sort of specification for all this, this didn't just come to me a vacuum, well I vacuumed it up, most probably from the cypherpunks mailing list but can't remember.
Total added cost to the PC, too much:
Just hire a damned good degreed security specialist and a retain a good physical security consultantcy and let them work with a team of people to implement a reasonable security system and stick with it. Add to that good training for the security people and rigorous *reoccuring* background checks. Also a mid/upper level management that actually listens to the experts in this is needed, eviserate the dead weight as needed.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
here's another:
;-P
disgruntled fired admin, on his last day, instructs firewall servers to redirect pings to phoenixbios.net: boom! every computer in the company gets an empty harddrive
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
You've never had anything stolen, have you? Your laptop is unique in all the world right? You could pick it out in an instant, right?
What works better for the authorities...a stolen VCR, or a stolen VCR with a wedding tape in it?
Check out the property rooms around the nation...they are full of goods you'd think provided enough evidence to convict...but they are still full...wonder why?
So if an evil minded Hax0r gets his hands into Phoenix' server, or manages to get at the keycodes and to redirect the trafic, he can wipe all of any corporations laptops if they adopted this scheme?
That means they're introducing a risc to get their business fscked (or rather formatted) if they depend on those laptops and need to connect them to the internet. I think that's a high price to pay to protect against the theft of a few laptops.
Also it doesn't even work: maybe it's hard to change the BIOS chip (given a replacement BIOS and the right equipment it should be doable), but if the thief is really interested in just the data he simply reads it without conecting the laptop to the internet, or he even removes the harddisk altogether and analyses its contents.
If they really want to protect their data they should go for encrypted filesystems or at least encrypt the sensible data so only authorized persons can access it, problem solved.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
So a virus that rewrites your DNS to point Pheonex's servers to itself will allow it to destroy an entire company in one fell swoop... Excellent.
Sure, it might work in the lab, under a particular set of conditions.... But there could be work arounds that the bios may not take into consideration. In order for the bios to ping the server, I would surmise that it would need direct access to the NIC card. This particular laptop probably has one built in, and that's fine.
What if the theif never uses it?
He could use a PCMCIA NIC of a different brand. He could use a USB NIC. Maybe even one of those parallel port Frankensteins.
Would the bios be able to support the necessary low-level drivers for something like that? It's been my experience that it's actually *DIFFICULT* to get drivers to work sometimes. They don't usually work BY ACCIDENT. Oh well, maybe the bios waits for you to boot, and hooks into your OS.
Hmmm... How does it do that?
Does it know what OS I am running? What if I am running Linux? or OS/2? Or Windows 3.11? Or something even more strange that might exist?
What if Phoenix gets bought out? What if the economy causes them to drop support for this feature? What if my laptop just plain outlives the life of this service?
This is just plain Not a Good Idea. There are currently other methods to deal with the problem. Methods that exist right now. It could be a corporate policy prohibiting unencrypted secrets. It could be a pair of handcuffs attached to the laptop. It's just a dumb idea to implement all this stuff IN THE BIOS when a better solution would be to properly secure the data and equipment in the first place.
The technology for this is not new ....
: //www.sysopt.com/forum/Forum5/HTML/006707.htm l
o ducts/vbx.h tm
it was just under the radar for 3 years.
http://news.com.com/2010-1080-281524.html
http
* For those of you that said: "replace the bios"... you win... well, if the cpu+chipset are not working with the bios.
There is no protection against physical access.
(I worked in a company that designed smart cards, and the EE guys had to design silicium with fake gates and fake logic to foil (...um... delay...) the guy with the microscope and a whole protective layer to avoid probing. Still beatable with chemicals and electromagnetic imaging. But that becomes an expensive hack).
* For those that said fdisk or dd.
You might not win if the disk is encrypted using ATA-3 features.
http://www.e-smart.com.hk/veridicom/pr
You would have to find the key by tracing the bios. Which can be very time consuming if the bios gets help from the cpu+chipset for parts of the key.
* For those that said replace the mother board...
ever tried replacing a laptop motherboard?
This technology will deal with most thefts:
a company laptop with sensitive data that the thief did not specifically attempt to acquire.
--
jpa
Your average criminal is looking for some fast cash, and doesn't know a damn thing about IP, firewalls or flashing the BIOS.
Mea navis aericumbens anguillis abundat
There's an Outlook worm looking for a place to happen. Yeah, this is a good idea.
Somebody hacks into the company and flips the kill switch on all the bios's. Thousdands of laptops, most of them not backed up routinely, are wiped. Ouchy.
This sig has been temporarily disconnected or is no longer in service
You know the rest.
What happens when Phoenix sells 1000 systems? 10,000? 100,000?, 20,000,000?
What happens when those systems don't die, are handed down (but still used), and replacement systems have the same anti-theft system?
Assuming 10 million systems only reboot once a month, that's an *average* of about 4 authorisation requests going to their database each and every second, 24/7.
But notebook security is where this would be most used. And notebooks are frequently turned on and off several times each day. After sucessfully selling this product for 10 years, there could easily be 1000+ requests a second at peak times when people first check their email in the morning. While not impossible for a high-end datacenter, it's nothing to be sniffed at.
Talk about deliberately trying to slashdot yourself.
Make the case out of the same stuff as that no-contact jacket and if you thought the guy who cooked his thighs by operating his laptop on his laptop was bad... *ouch*!
One line blog. I hear that they're called Twitters now.
Now for some interesting April Fools jokes on my .when I'm sitting behind bars I suppose. .he'll still think it was funny, mind you.
co-worker. Of course, I'm sure it won't be well
received but way on down the line I'm sure he'll get
a chuckle . .
But . .
Can't wait to see the Dilbert for this one.
Just swap out the motherboard for a new one and use all the other components. A new MB without need for any other components wouldn't cost much.
True genius is grasping a situation like a peice of fruit, and peircing it just right so that it drains dry.
This whole thing reminds me of the phoenixnet (spyware) problem of a few years ago.
As it stands now, this looks like a bad idea, as expressed multiple times by many of the comments. Besides the technical problems, to me it points to a larger problem that is growing every day: Private businesses trying to provide law enforcement.
Assuming they could get past all the potential technical hurdles regarding security and authentication, we still are basically saying that a private company can alter/damage the contents of a computer legally without any coordination with law enforcement. That scares me.
Basically, this is sort of a computer version of low-jack. Which is cool. But in this version, it would be as if you could call up the low-jack people, have the car disabled, get a report of where the car is and take care of the matter yourself. Of course, as far as I can tell, low-jack doesn't work that way. My roommate can't find my documentation for the low-jack, make a phone call and leave me stranded just to play a joke.
I'd like to see this system in place. I for one sure would be happier to know that if somebody stole one of my laptops there was some method out there to recover it. But that's a job for the police, not some big business. Sure, Phoenix can build tools that I might buy that would assist the police, but I'd want to be dang sure that they can't do anything to one of my machines until the cops tell them it's all right. And the cops can't tell them that until I've filed a police report and asked them to do it.
Yes, I know that law enforcement has a long way to go to really get a handle on computer based crimes, and at the moment are pretty impotent in catching the bad guys. But what I don't like seeing is big faceless corporations coming in and picking up the slack.
The Internet is generally stupid
reasons behind the governments push for IPv6...Geo-locational information and router level locational caches....
Its not really BIG brother, but a LOT of his little cousins...
A bit here a byte there and a huge relational DB to collect, store and mine for data about you and I
Sure the government, RIAA, MPAA or such could use it against you. But, it can also be beneficial to you. Invision this:
;-)
Your house gets raided. Your computers are confiscated as evidence. To most people this would come as a surprise and you'd have no time to destroy the data on your drives.
But if you had Theftguard and whoever took it happens to plug your PC into a network, you can format your drive yourself.
And since the software stays in the BIOS, you could actually tell it to format a couple dozen times just to make sure the data is completely unrecoverable.
<I'm not condoning this action of course.>
"I filter at +6, and have yet to miss out on an important comment." (#822545)
This could give it a whole new meaning. MUHAHAHAH! >:D
Do most recent laptops have one?
I know most/many desktiop motherboards have a jumper that allows you to reset the BIOS.
Wouldn't that disable this "feature"?
B.
Eades hopes the TheftGuard logo--which could be presented in a visible place on the laptop--would itself deter thieves. By installing protection at the BIOS level, the standard process of reformatting or replacing hard drives won't work. The machine, then, is virtually useless to any thirds party (unless, of course, they can stay off of the Internet).
Exactly. As long as they stay off internet, nothing happends. And of course, the computer might be valueless then, if you don't wanna change any parts. But you can get out the data. And since the aim here is not to protect the computer (Well...that also since it can give location), but Data! And when you put a mark on a computer, it will say to the thief: Hey. Take me, but don't connect to the internet. If this shall work, it has to be hidden. I do not think I would connect such computer to the internet. So then you are back at starting line? Maybe a computer that called home, via satelite or GSM networks. Then it would be far more difficult to cut off. But again, then it would have to be "Don't call, we call you", the Phoenix side would have to call your box, saying hello, can you please get rid of that sensitive data?. Anyway, the BIOS is hardwired...so go on....change.
Assembling etherkillers for fun an profit
Every time I open a system case, I feel like stealing the BIOS. Screw the CPU(s), memory, video card(s) and hard drive(s), just gimme that BIOS chip!
OLPC Australia
a computer gets stolen, thieve removes the harddrive, sticks it into a second computer (with an older BIOS) ..... and reads the disk.
How does this Hot New Protection from Phoenix protect business information/secrets ?
a full-disk encryption seems to be more effective
I have seen 3rd party firmware for Overclocking reasons. Couldn't you just flash the bios with a clean firmware and low-level format the HD??
That's a no-brainer. Whoever was responsible for inventory control and whoever has vicarious liability in regard to that person. Since that latter person will be the company who sold the lap-top they'll probably be liable in contract as well as in negligence.
Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
No, it's the company! This article is really about a database that can detect if it is stolen; if so, it'll delete all records.
************XFree86 Panic***********
*********No Pointing Device Found***
***************Halted***************
That really sounds like the web browser! Those mozilla guys really should think about suing these name squatters.
Banaaaana!
Oh gee, like thats gonna be REAL popular with people.. How long will it take an enterprising young 14-year-old to write a little hack that sits on a network, opens promiscuous mode on a NIC, watches for calls to Phoenix's verification IP, and answers back with a smurfed "AAGH! DANGER WILL ROBINSON!" reply before Phoenix, Inc. has a chance to?
And I, for one, don't want the operation of my machine to be wholly dependent upon whether or not it's connected to a public network.
Stupid idea, if you ask me.
You want PC security? A note on the wall that says "If you screw with this machine, I'll know, and i'm quite capable of kicking your ass, having you fired, or both." will do the trick nicely.
Seriously..When I was in HS, the guy who ran the computer room was massively anti-piracy. If he even *suspected* you were using pirated shit in the lab, he'd confiscate your disk and literally staple it to the wall. Got the point across.
Bowie J. Poag
*cut to scene of smoke seeping out of the side of the computer*
There are 10 kinds of people; those who know ternary, those who don't, and those now hunting for a dictionary.
Take an analogy with cars. Instead of being content with having Lowjack radio in, how about the owner hook it up to explosives? Can even set it so after arming, it doesn't go boom until it's in motion, thereby presumably taking the thief along with it. Shame about that crater in the interstate and the truck that happened to be next to it, but that's one thief who will never steal again! What? The thief had already sold it you say? Oh well, no system's perfect, move along!
No, the destructive countermeasures part is just too stupid. Only a PHB...
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
You are both correct, although the original poster added an unnecessary "i" in his usage.
However, while english accepts the plural "viruses", the technically correct plural form of "Virus" is "Viri". We are of course going with the Nominative plural form of the the latin noun Virus (meaning Poison). But you probably already new this fact and the fact that many english words are derived from latin (focus, foci would be another example of the same situation).
singular
-us
-i
-o
-um
-o
plural
-i
-orum
-is
-os
-is
You should make sure you know what you are talking about before you go slamming someone for being pretentious. Its possible he's just better educated than you are.
-rt
I just wonder who is liable when a company sells a surplus laptop on eBay but gets their inventory control screwed up and reports it as stolen...
... stolen". Isn't it obvious enough? The same people who'd be liable no matter how it was reported as stolen.
"company sells" "gets their inventory...screwed up" "reports
Or from an American viewpoint, I suppose, "whomever can successfully be sued".
- I am made of meat.
In latin the prural form of virus is virus.
I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
Besides, this is just far too simple to defeat. All but the absolute ignorant, (perhaps such idiots as the two DC snipers that stole a notebook and left it's data intact) will whack this simpleton device.
This is a mental pacifier for the suits.. Nothing more..
1 TheftGuard BIOS enabled computer suite
1 Source address spoofed packet
1 Broadcast address
200 dead machines, well, until it reboots, fails to boot from c, boots from the network and copys a harddisk image from the file server.
I think the main problem with computer theft is not the loss of some more or less cheap piece of hardware. That can be replaced easily. The major damage is that you'll lose your data. But security measurs like the harddisk security features that are stored in a hard disks firmware make it very hard to get access to the data. Especially considering that a normal thief is not an IT expert.
If industrial espionage is concerned then your enemy has enough knowledge to do bad things when he has real phyical access to the machine. So a BIOS won't help much to keep an expert away from my data if I don't do additional measures.
What would be really helpful against data loss is a BIOS that goes on strike if I don't do backups of my data frequently... but that leads us to the problem that there is no easy way of backing up 80 Gigabytes on a 3.5 inch floppy...
The word "dildo" likely comes from the Italian "dilletto", meaning delight.
Let's face it, the thief who steals it won't have the problem, it'll be the poor sap daft enough to buy it at the end of the chain. Just like the stolen coded (i.e. not-working) car radios which get sold at the local pub/garage sale/car boot sale - who's going to have all the necessary gear to check it at the time of purchase.
By the time the buyer realises, the thief is long gone - it just moves the problem, doesn't eliminate it. Just like the car immobiliser law brought in here in Western Australia - all cars have to have them. So now we get people being attacked near their cars or in the house so the thief can get the keys.
Go permanent? In your dreams and my worst nightmares.
Time for tin foil underwear!
The truth shall set you free!
This is what I don't exactly understand about the plan that's being implemented. If the person is a thief, then chances are they have no moral issues with pirating / aquiring an operating system. Seems pretty pointless to me. About as pointless as this compaq laptop I have that allows you to enter your serial number into the bios.
Typicaly, newly purchaced machines have modems in them, perhaps they are in use, perhaps not. Wouldn't it make a fair amount of sence to phone the police or some form of enforcement agency? Phoning 911 and using voice features, is capable would be a dandy away of alterting authorities. "Hello, i've been stolen, please retrieve me". I would say TDD features, but i'm unaware if any modems support this established standard.
If using the lan interface, this wouldn't work all too well, but it could at the very least send out requests that would log IP address, where enforcement agencys could request caller ID logs, and establish a physical location.
This is assuming a theif isn't quite smart enough to reformat the system that is... such features pretty much would pretty much have to exist on the operating system level.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
On my old PC-1 the buss controller is also in a socket.
On the old Commodore 64s, Vic 20s and maybe the PETs you can tell how far along this machine was but one fact.
The early units had all the chips in sockets.
But as they solved problems with those chips they went to be sodered in.
If they don't want you to upgrade the BIOS easly they need only go from socketted flash roms to sodered in classic roms.
classic roms have the "software" mapped directly into the chip so that the software is built in letterally. It's possable to set the chip timming so a slightly slower pROM or anything less than the rom itself would work.
However just an observation of what they CAN do.
What they will do is flash it into an easly upgraded flash rom.
It can't report to the Internet if it's not plugged into the net in the first place.
A crook could have a simple dos boot floppy that flashes the rom with an updated public domain bios (they do exist) or just install Linux directly into the bios.
BUT...
A smart crook knows better than to break into office buildings and steal computers.
A true story:
Back in the 1980's a small on-line chat service company had the bad luck of having every computer they owned stolen including the running systems.
What was not generally know was except for the running systems some vital hardware was removed from the computers so they'd never actually work.
The same company had to create some costume hardware for the computers so they could use them and that hardware was left in the systems.
The thieaf couldn't sell his computers (Becouse they don't work) and was eventually caught trying to sell them when the police identified the unique hardware that the theaf never bothered to remove.
It was possable to replace the hardware in question and removing the specal hardware was nessisary to return the computers to being useful for something other than running an online service.
So in short they don't know what they are stealing. It's a computer they'll sell it.
In the same situation a portable CD player was also stolen and that was never found.
Likewise, it doesn't take more than a little research to find someone who can make "Phoenix Theft-Guard Protected" stickers for your laptop for a few pennies a pop.
Personally, I'd go with the "This Laptop is GPS enabled and filled with C4 explosives set to go off when reported stolen. Enjoy life with your three out of ten fingers."
When I was a student at Unnamed University;
:)), a reboot and reaching a state where the network cards could function took less than 100 seconds.
The system simply pinged each machine connected to the netwrok every few seconds. If any of the machines failed to respond to pings for more than 100 seconds (depending on the time of day) it would be flagged as stolen/damaged. A security chap would come around to have a look see.
The real goal of the system was to prevent people from opening the case and flicking a little bit of RAM or a HDD. (loads of poor students in the place). The site was open 24 hrs you see and there were not many people around usually.
Most of machines were just X-Terminals. Nice, powerful machines -- that ran an X-Server. So there was not very much that could crash them; When they did (err.. for testing only
If you or a network admin wanted to move the machine or do anything like that, you had to send mail to a support@unnamed and they'd stop the pinger for your system for a given duration. They now have a lot of Windoze machines in the place. I am not sure how the pinger system is coping
However, while english accepts the plural "viruses", the technically correct plural form of "Virus" is "Viri"
"virus" is an uncountable noun for "poisonous secretions" (like English "butter")--it doesn't have a plural.
You are both correct, although the original poster added an unnecessary "i" in his usage.
Even if there were a plural, an extra "i" wouldn't be unnecessary, it would be wrong. The non-existent Latin plural of "virus" would be "viri" or "virus", depending on which declension it is in (which isn't entirely clear).
You should make sure you know what you are talking about before you go slamming someone for being pretentious. Its possible he's just better educated than you are.
Neither of you is apparently educated enough.
The only acceptable plural in English is "viruses". Anything else is just bogus.
If this system waits for you to connect to a network, then surely it must rely on the OS to send the ping packets... What if you run an OS which the bios doesnt support?
How about if someone spoofs or hacks the server at phoenix? it could be mass abused to take systems offline, or even to inject hostile code onto them... think denial of service networks or spam sending machines!
Also, wouldnt it be possible to reflash this bios with a version that lacks the protection? and if not, then what about when a major security flaw is found and an update is NECESSARY.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
No, no, no.. It's inelegant to extend a latin root by just adding extra "i"s.. To be true to the spirit of the language, surely it would be more appropriate to proceed thusly:
4 viruses = viriv
9 viruses = virix
1001 viruses = virmi
etc..
Sorry to put up such a provocative title to my post, but I've just run thru all the top comments to this article, and I'm amazed that a simple question has not been asked:
How is it that Phoenix (the BIOS writers) can indeed format the hard disk, when the system goes online? I mean, it implies that Phoenix is aware of a loophole in all common OSes (read Windows) that is unpatched and free for exploit. Granted, their intentions may be noble, and maybe legal as well (they have the consent of the owner), but should not the larger issue (a popular OS with an unpatched serious bug) be addressed rapidly?
Will MS sue the pants off Phoenix to even make such a claim? I've read a few fantastic theories that the system goes online 'before' booting the OS, but thiey are just crazy. Does it imply, the Phoenix site traps ALL systems connecting to the web? Who gave them this right?
Phoenix may be working on their own browser, but if they're going to format the disk without help from the OS, they'd need to keep 'flashing' the network settings into ROM everytime, to use them to connect without the OS.
I'd seriuosly like to see a demo of this stuff. If their method involves the OS, maybe we need to send warning letters to all Windows users, something like SCO did. That should scare corporate types off Phoenix and MS.
If you keep throwing chairs, one day you'll break windows....
I think this invention is largely useless, since it is not only circumventable (and thus unreliable) but also misusable.
Here are a number of reasons I'd refuse to ever use such a BIOS:
1. When stealing information do you take the whole box or just the HD(s)?
2. When stealing the whole box do you connect it to the internet when you work on it?
3. You can still exchange the bios chip or the motherboard since it is likely to be marked as being protected.. or simply plug the devices into another box.
4. If not stealing data but rather stealing expensive equipment, the theif will most likely not be the one plugging the box in.
5. The technology is vulnerable to spoofing, altering the database and false alerts.
6. There are more effective ways which may be cheaper or even free.
7. Imagine this in combination with Palladium.
My conclusion:
i want an "unprotective bios certificate" with my next motherboard
it's not about mimicking reality, it's about believability
You can't put an IP stack in the BIOS - it's far too big. It needs to be in the OS, and if it is, just wipe it and install Linux or something.
At the office: Worker turns computer on. And picks up the newest memo. It turns out that the network is down for the morning. "Well, i can work without the internet." says the unknowing worker. But the computer doesn't agree, and launches NUCLEAR STRIKE!.. or just wipes the harddrive.
... "Well, if you don't have backups just use our FirstWare Recover Pro, an application built into BIOS and the hard drive that lets users restore the machine's drive image without requiring a boot disk or recovery CD." (the program is announced at the bottom of one of the articles)
How is this system going to proceed if the network is down. If it does nothing, what is stopping thief's from using the computer without the internet?
And this: "We'll erase your precious information that can't leak ANYWHERE.. you have backups don't you?"
That's some heavy-weight security for sure!
since it's easy to circumvent if you know about it, better not to put the sticker on. Then there's a chance you might catch someone who's being careless.
We have been doing this where I work in software on the boot sector with a product called computrace for years....
...is run a custom Phoenix emulation server (which would be programmed to always say "you're fine") on 10.0.0.XYZ, and configure NAT on a hardware router (hardware, just in case the BIOS is "smart" enough to bypass the OS's network drivers) to redirect some specific IP packets to 10.0.0.XYZ.
void*x=(*((void*(*)())&(x=(void*)0xfdeb58)))();
-----------
Together, we will drive the rats from the tundra.
Says who?
Though www.ebcvg.com may get the technical details right, I consider What's the Plural of `Virus'? more authorative.
At least I spell it that way in my Virus Writing HOWTO.
Post tenebras lux. Post fenestras tux.
Actually, the grandparent post suggests the first viable attack on this that I've seen suggested here - the other attacks (network tricks, etc.) rely on Phoenix's BIOS designers being so amazingly technically incompetent that they wouldn't cryptographically sign the "kill yourself" message.
This attack, however, relies only on a single instance of minor social incompetence by a call-desk employee. Attacks like this have already been shown to work on large corporations who are supposedly in the business of verifying identity - remember when VeriSign handed out two certificates for "Microsoft Corporation" to people who just asked for them?
The disadvantage of this attack is that it would in all likelihood be relatively easy to trace who had done it - it's highly unlikely that Phoenix's call center would accept a "my laptop's been stolen" call from a pay phone, and their procedures may even call for confirming any theft report by calling the supposed rightful owner back.
However, depending on the relationship between Phoenix and the major OEMs, the attack may get easier - it may be much easier to get Phoenix to think that I'm a Dell call-center employee reporting the theft of Mr. BigWig's laptop than to convince Phoenix that I'm Mr. BigWig or his authorized representative. That's something we'll have to wait and see on - it all depends on how the social network between Phoenix and the large OEMs are designed.
I'm certain that there's no one thinking up a technical attack here on slashdot that's viable against this system in the field. However, I have a reasonable expectation of incompetence from large corporations when it comes to designing the social network half of this system.
Burn a CD with zonealarm and install it in safe mode. Or configure your router to deny it.
Ceterum censeo subscriptionem esse delendam.
Some guy in the Phoenix marketing has a brilliant idea ! Let's "market" the bios so that every year the user is forced to buy a "security upgrade" and let's call it a "security feature". At worse we'll blame either pirates like some other big company does, or we'll blame hackers. I hear the master hacker is hiding in caves...
It seems obvious to me they want to extract more money out of customers by crippling the bios rather then by really improving it.
The plural in Latin of "virus" would be "viri". The gratuitous addition of "i"s is redundant, inefficient and just plain wrong. Since we mostly profess to speak English, there is nothing wrong with "viruses".
The company is computech. Nothing new.
Just don't get on the internet. That's what I do.
Aych tea tea pea colon slash slash slash dot dot org slash
Uhhh... wouldn't that just conduct heat to the region in question?
Asoki Total System Care had this as part of their Systems Maintenance Agent(tm) product 2 years ago.
It's been done before, and better.
-a.e.mossberg
I can actually see it being a fairly popular utility in corporate laptops. So long as a company has very strict back-up policies, it would be far better for them if an executive's laptop got wiped than just have its location reported. Sure, you lose the opportunity to reclaim the hardware, but you also reduce the chances that the laptop can be used for industrial espionage.
The Slashdot standard rebuttal is irrelevant. To recap:
Phoenix: The most devastating part about having laptops stolen is forfeiting the information they contain! Industrial spies hglaugalghalghalgh! Our anti-theft system will protect against this!
Slashdot A: Uh, just disable the MAC address/change the hostname/change the MAC?/hack the BIOS?/Yank the hard drive?
Slashdot B: A, you fool! The average laptop thief doesn't know this! He'll probably just sell it!
The average laptop thief isn't an industrial spy. The average laptop thief doesn't give a damn about the data on the laptop. Industrial spies are presumably a wee bit smarter, and if they got burned on their first anti-theft protected laptop, they won't make the mistake again.
I wonder how much of my bandwidth is stolen from shit that just "pings" the internet, like spy programs, windows itself, crappily written programs, "ad supported" web pages, etc. Why not add one more thing to the list, it's not like I'm paying for DSL to surf faster or anything.
The article on geek.com has this gem of a contradictory sentence:
"Though independent of the operating system, the software requires that Microsoft Windows be installed on the PC."
How exactly can that be considered independent of the OS ?!
I have to say I know I am in the minority here but elsewhere I think more people will agree than disagree...
Most (but not all) laptops start life in the business world, they are a tool like a car, truck, or wrench. The person uses the tool to do their job. Unfortunately, the fact is anything that has value is subject to theft. It doesn't matter much that the value to the thief is much lower than the value the real owner places on it. Most thiefs will steal anything valuable enough to help them get their next high.
When it is hard to sell something the thief will pass on it and pick a riper plum. We aren't dealing with rocket scientists here so it won't always work that way but every little bit helps. That is why this is a good thing.
I would like to see a system that goes even further, a system that would be like On-Star (tm) for computers. Being a support person for numerous laptop users I'd love for them to be able to have the ability to track the stolen computer in real time to an IP address, telephone number and ultimately a physical address in real time. They could also lift some of my support burden by answering basic computer questions and be available 24/7!
I agree! Look, in Latin it may be "viri" or it may be "virus," I'm not certain. I don't even know if the word came from Latin at all. But I do know one thing: IT WOULDN'T BE "VIRII" IN EITHER LANGUAGE, LATIN OR ENGLISH. It's no more correct than "nexii" or "bonii" or (uhuhuhuh) "anii." By incorrectly constructing the word in an attempt to display your intellect, you instead reveal only your ignorance and pretension.
Another pretentious but less common mistake is to pronounce words like "processes" as "processEEZ." That would be correct if the singular were "processis," but it isn't. Once again your attempt to sound knowledgable backfires.
What Would Jesus Do
(for a Klondike bar)?
With the number of updates that software vendors pass down to the end users which wreak more havoc than good, I'm not too sure if I want a single entity responsible for determining when the laptop should and should not operate normally. If there is a software glitch on the server side, not only would I potentially be affected, but thousands upon thousands of laptops equipped with this "feature" would find themselves being wiped in a heartbeat - all because someone forgot a simple check in their code.
Think about it.
Otherwise, the method by which this system works is if the "thief" connects via the Internet. The coordinates are transmitted to the server during this handshake - then what?
Phoenix: Is this the Some City police department?
SCPD: Yes? Can we help you?
Phoenix: We have a stolen laptop in your vicinity. We find it to be within a six block radius of 24th and 7th. We know the originating IP address.
SCPD: What the hell is an IP address? Give us a real address! Do you realize how many people live in that area? Thanks - but no thanks.
Unless the laptop was hardwired to always be networked (embedded Bluetooth or 802.11), a thief would simply remove the PC Card to steal all of the data off the drive (if it were so important). I don't see how industrial espionage would be deterred if a smart thief looked on the laptop and saw "TheftGuard Equipped" and didn't allow the laptop to connect to the Internet.
I would also imagine that the BIOS would need some interaction with the host OS to communicate over the networking device - if it did so transparently, then it would be a more useful feature since a format could eliminate any potential drivers.
Ayup
So, I wonder when these people will get up to speed and include this "feature".
Perhaps it will call Linus himself for permission to boot?
Linux BIOS Project
Suncoast Linux - Sarasota, FL
If you're prepared to destroy something you own just so someone else can't have it, you don't deserve to have it.
..... and then of course are the other questions. Like what if it's behind a firewall? What if it's not connected to the Internet at all?
Wait till these things start falsely triggering
Stupid idea. Ting! Next please.
Je fume. Tu fumes. Nous fûmes!
Look here guy, the point of writing and speech is what? That's right, Communication. You understood him, so WTF are you complaining about? Quit your pedantic bitching about the proper plural form of a damned WORD and get on with discussing something of relevance to the fucking topic at hand.
English, like all forms of language, is a dynamic entity. It changes over time and with usage. This is why we can add new words to the dictionary. Saying that a spelling is wrong or that the grammer or whatever is wrong, when you UNDERSTOOD WHAT THE FUCK WAS MEANT, is fucking ludicrous.
So, get the fuck over yourself. It's VIRII, and it's damn well going to stay that way despite you and your fucking rules of grammer.
I had a SOYO motherboard with a phoneix bios. It was "phoenixNet" enabled....or some sillyness like that. The bios would put phoenixNet shortcuts on the desktop of a newly installed system! I can't tell you how many clients have called me asking about a "phoenixNet virus". To the uneducated user it looked like virus activity.
Luckily it only supported FAT and FAT32 file systems. NTFS and every unix filesystem i've ever used are not affected.
This is just wrong. A bios should not be this invasive. These guys are just asking for trouble.
-ted
I just wonder who is liable when a company sells a surplus laptop on eBay but gets their inventory control screwed up and reports it as stolen
No no no, that's a trivial fuck-up. The really interesting issue is how many pieces Phoenix will get ripped into by the lawyers after the first time the server gets hacked and starts telling corporate desktops to wipe their hard drives. Blood inthe water, sharks in full attack mode...
You are also wrong. Viri is the plural of vir, or man. Therefore, viri = "men".
Please read the entymology section on http://www.wikipedia.org/wiki/Virus
You do realize that in order to even get an IP or a network connection of any type, some drivers for the NIC have to be loaded somehow. Easy, you say? How about for every stinkin' NIC in production? What about the ones that come out after the BIOS is made? A reflash of the BIOS? Is that really all that practical?
This is all getting pretty sticky. My guess is that they will use software somewhere on the disk, whether it uses the current OS or if it has its own partition on the first drive available (similar to older Compaq CMOS Setup proggies)
"It's a very tangled subsystem." --Windows kernel guru
"Outside of the PC world"
Exactly. In the PC world, there are hundreds of NIC chipsets to support. You're going to cram all of that into a BIOS? What about new ones that come out later?
"It's a very tangled subsystem." --Windows kernel guru
No, it came from the management people, the same morons who dreamed up the DMCA, yet another Stupid Ideas That Don't Work (TM), to protect Stupid Ideas That Don't Work (TM).
You have to go to jail now, sorry. We know that this won't make data any safer, but it will keep the sheep happy.
Friends don't help friends install M$ junk.
When a company has a computer stolen the major loss to them is going to most likely be the data on it. The replacement cost of the hardware is almost always going to pale in comparison.
What will this give them. In the off chance that the thieves haven't already done it, wiping the hard drive will destroy any chance they might have of getting their data back.
What this product will really do is install a another vulnerability that will put them at the risk that some hacker will be able to remotely wipe out their hard drives.
Yeah, I'm going to line up to buy this!!
All I'll have to do is a little DNS spoofing or hijacking, or inject a route into the router of my choice, and guess what? A whoooooole bunch of people just got their hard drives wiped out.
Yep. This will sure make my life easier.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
Someone's taking this all a wee bit seriously...
:D
Ooo... here's one. In your attempt at demonstrating anothers ignorance (and thusly attempt to display your intellect), you instead only reveal your ignorance and pretension.
You're right! This is fun!
"transmits information on the physical location where the signal originates."
Er.. well, how? Built-in GPS on the BIOS? I mean, I might like to have some sort of GPS on my laptop, so that I could get immediate weather reports, disaster warnings, and all sorts of maps wherever I go. Don't you think that might be a better use of such technology than an anti-theft safeguard? How often are corporate machines stolen? Why not just use a key?
I'm obviously missing something here.
t's no more correct than "nexii" or "bonii" or (uhuhuhuh)
NexII is a nice MP3 player.
In a related story, Phoenix Technology announces its entry into the data backup market.
This idea goes completely against my most trusted and effective security practice. Don't give even the most trusted person more access than need, or in this case, don't give them an ability you wouldn't want anyone in the world to have. The idea of my computer being a tracking device, or for that matter wiping out it's hard drive is not appealing to me. Anyone know how good this things' authentication is?
Karma: Bad. Mostly because the only moderators that notice me are conservatives.
...it's a little hard to shock a woman in the testicles, after all. (It'd be almost as hard to shock us in the ovaries, methinks, but that's another kettle of scrod entirely.)
Personally, I think the ultimate anti-theft device for a computer would be a popup holographic simulation of Richard Stallman.
I'm not a geek, I'm just a clever script.
I remember seeing a presentation from Phoenix a few years ago...can't tell you what it was about (NDA), but just imagine some really cool features that could be available if the bios were appropriately enabled. We're talking really useful stuff. It never took off b/c the motherboard manufacturer (most of whom are in Taiwan) didn't want to spend any more money on the bios than they were already spending. So I predict that this product will get a lot of coverage by the press but will not be adopted by the motherboard manufacturers. Selling those guys a better bios is like selling General Motors a cool new-design lug nut for its wheels.
CowboyNeal is my anti-theft device!
Damn "staircase wit"! You always think of an even better line just after you've hit Submit!
I'm not a geek, I'm just a clever script.
What if some evil person were to tinker with a router to make it route any package sent to [the_good_auth_IP_0=)] would end up at [the_EVIL_IP_>=)], instructing the computer to erase itself.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
"Instant Internet access before you boot"
m l
http://www.theregister.co.uk/content/6/19992.ht
Two years ago my computer was stolen from my apartment and the police were basically useless. No fingerprints, no clue. A long chain of events that all went in my favor found my computer back in my hands and a suspect for many robberies in my area in police custody.
My computer at home was set up for complete remote access through several tools. The most important was a dyndns client that updates your ip on dns servers any time it changes. This way, you don't need the expense of a static ip to be able to get to your machine over the Internet. I also had VNC (sort of like a graphical terminal server), FTP, and a web site.
The first thing I did when I noticed that the IP addy changed in DNS (telling me my computer was brought online) was to find out who owned the IP address. Using a tool called VisualRoute, I was able to get a nice graphical image of where the IP traffic was originating from. Unfortunately, the user was using AOL and I have no idea how to trace the phone calls. I called up AOL anyway and told them to save the data about the user that was using the IP in question at the time given by the dyndns service. They won't give you any data of course, but a court order could get it out of them.
Next, I got clearance from the police to "snoop." I was told that you have the right by law to any and all info on a computer that you own, even if the data belongs to someone else using the computer. This data can then be used against the "perps" in a court of law. So I wrote a program that checked for a particular page on my web site every minute or so. If found, my computer was online (a simple ping won't work since someone else might be using the dynamic IP after my machine went offline). Anyway, my computer played "Bad Boys" to let me know it was time to check up on my stolen computer.
Using VNC in "read only" mode I watched everything that was done on my computer while it was online. I also used FTP to recover some files that were important to me. Then one day I watched as someone made an online purchase. I recorded everything they put in: name, address, credit card number, everything. I chuckled as the final checkout screen assured them that the site was encrypted and no one could see this information. It also so happened that they had a digital camera (probably stolen also) so I downloaded all their pictures as well (a painful process on dialup).
I showed the important info to the police and they were able to get a warrant and make a visit to the address I supplied and the house I had pictures of. While there, the detective called me up and I "took" control of my computer via VNC after they connected it to the Internet. The detective told me that the wife was quite shocked at this spectacle. Anyway I showed them several documents and things that helped show it was my computer. The Dell Service Tag was also helpful in this regard.
Anyway, thought this story from the front lines was relevant to the discussion, ENJOY!
No, it would not. It has never been "viri" other than by those who mistakenly think it's supposed to be that way, in MODERN times.
Latin already had a word viri, but it was the nominative plural not of virus (slime, poison, or venom), but of vir (man).
And although there actually is a viri form for virus, it's the genitive singular, not the nominative plural.
This apparently invariant use of virus as a genitive singular may also imply that it's 4th declension, as some scholars believe.
The crucial problem here is that, classically speaking, there appears to be no recorded use of virus in the plural. It was a 2nd declension noun ending in -us, which is rather common, but it was also a neuter, which is rather rare. I could only come up with three such 2nd declension neuters: virus (some poison), pelagus (the sea, usually poetically), and vulgus (the crowd). None appear to admit plurals. Perhaps this is because they are mass nouns, not count nouns.
I would like this idea better if I could set the address that my BIOS contacts... and obviously that the BIOS-server interface were documented. That way the server that controls the laptop would be under my control. I wouldn't need to trust Phoenix.
Another idea is to disable booting off of the floppy/CD and have a stripped down linux install with VMWare set to go full-screen on startup. Most theives will think they've wiped the HD, and you can have background processes that monitor everything and can do things even after bootup. Something to download and run a signed shell script at startup and every 24 hours would be nice. You could have it install tools as need be. Keystroke logs and sniffed network traffic should be sufficient to identify just about anyone within a month of acquiring the computer.
<aside>
I don't know what kind of theif breaks into a house, walks past the house weight room, and sees the composite photo full of 45 guys in their prime and stays in the house... It's almost as bad as breaking into a house and seeing five handguns on the mantle and pistol targets and awards all over the place. Most fraternities have a special word that means "bring everyone, a brother is in peril, most likely a fight". For instance, one of the other houses uses the word "Canada". A guy trying to steal a bike from that house couldn't figure out why the guy wrestling with him kept yelling "Canada"... until 30+ people arrived. He was lucky he picked one of the nice-guy houses. I think they just surrouned him and gave him a good talking to before escorting him out the back door. I'm pretty sure getting beaten by 45 fraternity brothers until they get borred and call the police about someone attacking them doesn't feel good. MIT frat boys aren't that much weaker than frat boys at other schools. Plus, there's always a good chance of someone thinking to grab the splitting maul on their way past the tool room and someone grabbing a couple of bats on their way past the athletics closet.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
OMG - a Slashdot chick who knows the phrase "esprit d'escalier" AND - from her journal - "zeugma." I think I'm in love.
Debunking the "59 Deceits"
10./90 9.9(.67)
20./.08.67.00if yes=stolen
30./.43.66.00if stolen=self disteruct in
40./1-2-3-4-5-6-7-8-9-..............
"Now he is facing expulsion."
Must be a good school, if being expelled from it is worse than facing criminal charges for theft.
-- I avoid spam by accepting only OpenPGP encrypted or signed email at this address. Clear-signed, RFC2015, heck, even
Everybody knows it's spelled: Virae
"I've been called worse things by better people." -Pierre Elliott Trudeau after being called an asshole by Richard Nixon