Slashdot Mirror
Phoenix Unveils Anti-Theft BIOS
linuxwrangler writes "According to articles at PC World, c|net, Internet Week and elsewhere, Phoenix Technology is introducing a new BIOS-based anti-theft system. Every time a TheftGuard equipped machine connects to the internet it pings a server at Phoenix which can instruct the machine to wipe its hard drive, report its location or disable itself. Given that most people don't want to have their every movement tracked and don't want someone else to have the power to wipe their drives, Phoenix figures that corporate clients are the prime customer. I just wonder who is liable when a company sells a surplus laptop on eBay but gets their inventory control screwed up and reports it as stolen..."
In other words, it will traceroute the ip and find out where it is geographically located, and then contact the ISP to find out who was on at that time. If it is reported stolen it shouldn't be that difficult for the police to get a court order to get the ISP to reveal that information.
Why do you view the BIOS as being able to do nothing without the host os?
If the BIOS pings a server using the onboard nic before it tries to bootstrap to a drive, it would be very difficult to disable this...
I imagine it'll happen by flagging not only the system BIOS, but the drive's IDE BIOS as well.
Well, all you would have to do is a trace route back to the offending computer and you could probably get pretty close. Several routers are registered so that they lat/long are known to various trace route programs, making it easier to pinpoint someone. But even if you don't have a program like that, most host names will have some clue as to what state/city you're in.
In my organization, we have been using Computrace which serves the same function. The software installs into the computer's boot sector and is nearly invisible if you don't know to look for it. It contacts the Computrace NOC frequently over IP or modem and reports it's IP address (or caller ID). We now have a pretty nice log of where all our laptops go. The software isn't capable to destroying or disbling the PC, but it's invisibility and reporting features are enough to make it useful.
Computrace reports having retrieved a number of stolen computers based on the data reported by the software. It's definitely useful for any corporate IT department!
That simply isn't the case. Lilo is resident on hard drives, so lilo isn't even in memory until BIOS reads from the master boot record. BIOS can choose to perform any number of tasks before it does that particular operation, including erasing the hard drive, or giving out its IP to anyone it cares to.
It always amazes me when some student at my campus steals a lab computer and doesn't think that our DHCP server will let us know the next time it gets plugged back in to our network. Over half our stolen computers get recovered that way. Just last night, one was stolen (end of the academic year is always bad for theft) and the kid decides to plug it in in his room. He really should have waited 5 more days to use it and he would have graduated on time. Now he is facing expulsion. Idiots!
http://news.com.com/2010-1080-281524.htmlm l
h tm
http://www.sysopt.com/forum/Forum5/HTML/006707.ht
http://www.e-smart.com.hk/veridicom/products/vbx.
--
jpa
How do you think things like the preboot execution environment (PXE) for netbooting work?
You can get a trivial ethernet driver + DHCP + TCP/IP stack + simple TCP client into 32K fairly easily. Let's not forget that Suns made since before 1991 have supported DHCP (well, bootp) + UDP/IP + TFTP to netboot.
Putting this in the BIOS now is insurmountable why?
How about they go online every 24H or every boot which ever comes 1st.
....
: //www.sysopt.com/forum/Forum5/HTML/006707.htm l
And see my previous post.
"
The technology for this is not new
it was just under the radar for 3 years.
http://news.com.com/2010-1080-281524.html
http
"
So it would seem that Phoenix has thought this out.
1000 hits per sec, each hit taking less that 1s to process. It only needs 5 servers running Apache @200 con/s.
And 10 million uuids (16 bytes each+1byte for the kill flag) that would only require a 170MB database (which can be chached in ram on each of the servers)...
--
jpa
BIOS doesn't have to be contained on a Flash chip, you know. It doesn't even have to be a socketed EPROM. Systems are cheap these days and the BIOS could easily be a masked ROM in a fine pitch package and soldered to the board. Under epoxy if necessary. It isn't like the average corporate IT site is gonna reflash the BIOS on their workstations. At the minimum it's something they'll no longer expect to be able to do on this class of machine.
You are both correct, although the original poster added an unnecessary "i" in his usage.
However, while english accepts the plural "viruses", the technically correct plural form of "Virus" is "Viri". We are of course going with the Nominative plural form of the the latin noun Virus (meaning Poison). But you probably already new this fact and the fact that many english words are derived from latin (focus, foci would be another example of the same situation).
singular
-us
-i
-o
-um
-o
plural
-i
-orum
-is
-os
-is
You should make sure you know what you are talking about before you go slamming someone for being pretentious. Its possible he's just better educated than you are.
-rt
In latin the prural form of virus is virus.
I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
There's already been a BIOS announced that contains a full web browser - why not this?
On my old PC-1 the buss controller is also in a socket.
On the old Commodore 64s, Vic 20s and maybe the PETs you can tell how far along this machine was but one fact.
The early units had all the chips in sockets.
But as they solved problems with those chips they went to be sodered in.
If they don't want you to upgrade the BIOS easly they need only go from socketted flash roms to sodered in classic roms.
classic roms have the "software" mapped directly into the chip so that the software is built in letterally. It's possable to set the chip timming so a slightly slower pROM or anything less than the rom itself would work.
However just an observation of what they CAN do.
What they will do is flash it into an easly upgraded flash rom.
It can't report to the Internet if it's not plugged into the net in the first place.
A crook could have a simple dos boot floppy that flashes the rom with an updated public domain bios (they do exist) or just install Linux directly into the bios.
BUT...
A smart crook knows better than to break into office buildings and steal computers.
A true story:
Back in the 1980's a small on-line chat service company had the bad luck of having every computer they owned stolen including the running systems.
What was not generally know was except for the running systems some vital hardware was removed from the computers so they'd never actually work.
The same company had to create some costume hardware for the computers so they could use them and that hardware was left in the systems.
The thieaf couldn't sell his computers (Becouse they don't work) and was eventually caught trying to sell them when the police identified the unique hardware that the theaf never bothered to remove.
It was possable to replace the hardware in question and removing the specal hardware was nessisary to return the computers to being useful for something other than running an online service.
So in short they don't know what they are stealing. It's a computer they'll sell it.
In the same situation a portable CD player was also stolen and that was never found.
Nope, d00d. The BIOS has full control until it loads the boot sector off of the hard drive. Everything from then on has nothing to do with the BIOS, except if a program chooses to call BIOS code. E.g. DOS relied on BIOS routines for hard disk access, so if your BIOS didn't support drives > 512MB, and you had a 20GB drive, you couldn't use it in DOS. Linux (and other 32-bit OSs, heck, even Win95) OTOH use their own hard disk drivers. If your BIOS didn't support drives larger than 512MB, you only had to have your boot partition within that space, but once the kernel was loaded, you could access the complete drive.
Did you know you can fertilize your lawn with used motor oil?