Phoenix Unveils Anti-Theft BIOS

linuxwrangler writes "According to articles at PC World, c|net, Internet Week and elsewhere, Phoenix Technology is introducing a new BIOS-based anti-theft system. Every time a TheftGuard equipped machine connects to the internet it pings a server at Phoenix which can instruct the machine to wipe its hard drive, report its location or disable itself. Given that most people don't want to have their every movement tracked and don't want someone else to have the power to wipe their drives, Phoenix figures that corporate clients are the prime customer. I just wonder who is liable when a company sells a surplus laptop on eBay but gets their inventory control screwed up and reports it as stolen..."

Murphy's Law

[mao+che+minh]

I worked a sub-contracter job with a Dell contractor when I was 19/20 setting up Novell and Linux (very, very rare back then were new Linux installs that were actually purchased from commercial vendors - 4 years ago) rack servers. They had odd little Phoenix BIOS features that allowed a person to reset settings with the touch of a key upon boot up (it did have a "yes or no" prompt, though it didn't always work right). Dell also shipped a piece of software that was like Gateway's "Go Back" too, which erased all changes made to an array since last boot up. Yes, it was an actual Novell module which my contractor refuses to acknowledge ever existed now.

I logged more hours going back to corporate offices and disabling these "features" and assisting their admins mine out old data then I did installing them. I had to stand there and be told how "God damned stupid all of these features are, and how stupid Dell is for using them, and how stupid you are for working with Dell!!!!". This is when I was 19 and had no more business/customer support experience/skills then a guy serving fries at McDonald's. The shit sucked.

Murphy's Law dictates that the benefits of this idiotic and restrictive measure will be over shadowed by it's rare glitch and/or user incompetence which results in the loss of data.

What happens when your battery dies on the SQl server, and the default settings enact this horrid "feature" and your hard drive is slicked? How bad will it suck when it happens to the CEO's assistant's laptop and she comes storming into your pitiful excuse for a NOC right before you were supposed to go on lunch?

Nice for cyber-assholes

[jmv]

Just imagine (no, not a beowulf!) someone breaking into the Phoenix site and instructing every HD to wipe itself. Now Nimbda looks like a joke...

corporate clients

[HornyBastard77]

just a thought: how many corporate (or otherwise) IT admins would actually trust a system that enables someone beyond their control to remotely wipe their hard drive clean?

Re:Shortly after the BIOS was unveiled

[EelBait]

I can't wait for the round of virii (outlook attachments) that trick this BIOS into thinking it's stolen.

Or, better yet, someone hacks Phoenix's server to tell all the BIOS's they are stolen.

This will be fun to watch.

Problems With This Idea

[Shackleford]

From the PCWorld article:

When a TheftGuard-equipped system is stolen, the owner provides instructions through the TheftGuard web site. The next time the lost computer connects to the Internet, TheftGuard is activated and either disables the machine, wipes its hard drive, or transmits information on the physical location where the signal originates.

The problem with this seems to be that TheftGuard only performs actions after the stolen computer is connected to the Internet. And by the time that happens (if that happens) it's too late. My understanding is that when computers are stolen, the data on them is what's sought, as it is what's most valuable. And once the data is in the wrong hands, it's too late. The data on it can be copied to another place, and perhaps individual hardware components can be removed and sold. Am I wrong about anything here?

Re:Replaceable Bios

[molarmass192]

Ok, so if you "acquire" such a laptop/desktop, just flash the BIOS before connecting to the net. Don't feel like scrounging around for a floppy? Ok, block the laptop MAC at your firewall, plug in the ethernet cable, log where it attempts to go, and redirect that hostname to 127.0.0.1, again problem solved. This is weak stuff that only the absolute dumbest of criminals would fall for.

That said, the interesting part would be to find out what the BIOS uses to identify the PC to the TheftGuard server. My guess is the (yawn) MAC address since it needs to be connected to the 'net to be effective. So change the MAC if it's programmable on the NIC in question, or (if it's not a laptop) just toss the NIC in the trash and spend $10 on a new one.

They'll probably sell a lot of these to CIOs who think they can outwit industrial spies. Yeah, it's better than nothing but the level of security they're making it out to be is way beyond it's piss poor practical value.

Wipe it's drive?! Oh come on...

[Bowie+J.+Poag]

Oh gee, like thats gonna be REAL popular with people.. How long will it take an enterprising young 14-year-old to write a little hack that sits on a network, opens promiscuous mode on a NIC, watches for calls to Phoenix's verification IP, and answers back with a smurfed "AAGH! DANGER WILL ROBINSON!" reply before Phoenix, Inc. has a chance to?

And I, for one, don't want the operation of my machine to be wholly dependent upon whether or not it's connected to a public network.

Stupid idea, if you ask me.

You want PC security? A note on the wall that says "If you screw with this machine, I'll know, and i'm quite capable of kicking your ass, having you fired, or both." will do the trick nicely. :)

Seriously..When I was in HS, the guy who ran the computer room was massively anti-piracy. If he even *suspected* you were using pirated shit in the lab, he'd confiscate your disk and literally staple it to the wall. Got the point across.