Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Stab at Laptop Security

Posted by timothy on from the wonder-if-it's-linux-friendly dept.

kogus writes "LoJack is licensing its brand name to Absolute Software, which provides Computrace -- soon to be known as the 'LoJack for Laptops' line of computer theft recovery systems. When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law. In some cases, Absolute Software customers are eligible for a $1,000 guarantee payment when a stolen system is not recovered within 60 days.

24 of 316 comments (clear)

  1. Yay by Nick+of+NSTime · · Score: 3, Funny

    My PowerBook cost more than $1000.

  2. Not secure at all. by TripMaster+Monkey · · Score: 4, Interesting

    From TFA:
    When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law.

    Unless you:
    • Block the outgoing signal with a firewall,
      and/or
    • Wipe the drive, removing the Computrace software.

      Nice illusion of security....wonder how many people will fall for it.
    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:Not secure at all. by Anonymous Coward · · Score: 5, Funny

      Blocking outgoing traffic on a possibly random port with a firewall isn't as easy to do as you'd think.

      Nah, it's easy. Just set Inside Any -> Outside Any -> Service Any -> Deny and hit then add it ^&^&^&$&%&^[NO CARRIER]

    2. Re:Not secure at all. by TripMaster+Monkey · · Score: 4, Informative

      Here's a snippet from their website:
      Computrace Agent
      The Computrace agent is a small, software client that resides on the hard drive of host computers and enables Absolute's services. Easy to install and unobtrusive to the end-user, the agent requires minimal bandwidth in its communications to the Monitor Center.
      Doesn't look like it's on firmware to me...
      --
      ____

      ~ |rip/\/\aster /\/\onkey

    3. Re:Not secure at all. by GrBear · · Score: 3, Insightful

      Nice illusion of security....wonder how many people will fall for it.

      - How many corporations continue to run MS IIS to drive their corporate websites?

      - How many people continue to run IE?

      - How many people continue to run Windows and download the latest spyware infected software because it's trendy, even after they've had their computers infected countless times?

      Your right, security is an illusion, and some people prefer to turn a blind eye rather than look at the root cause.

    4. Re:Not secure at all. by Qzukk · · Score: 3, Interesting

      You block everything except the few things you know you need or want.

      You probably want http, so the firmware could do http://www.laptopjack.com/report.pl?laptopid=AF314 229B2C&gps=55N33E or whatever the hell it sends. If the result comes back "you've been stolen!" it halts the computer and prints FBI! on the screen or whatever. If theres no network or the laptop is not stolen yet, it boots normally and waits until next time.

      The whole logic could be embedded in a boot rom on the card, with DHCP and all. Or, if you custom-made the ethernet card, it could even store the last IP address and gateway, and use that next time you boot if DHCP failed. You could even theoretically set it to do this every few hours or something when the network is idle-ish, so that if someone nabs it while its running and keeps it on all the time, it still gets a chance to report.

      If you wanted to be REALLY tricky, you could hit other sites first and test for the presence of proxies or what not, then go through a few options, like SSL client authentication using a stored certificate to identify the laptop if a direct connection can be established. Or using just normal client SSL if a proxy that will allow it is detected. Or last ditch, http:

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    5. Re:Not secure at all. by joto · · Score: 5, Insightful
      2. If your laptop is stolen, by the time it manages to report it to the police, it will be too late.

      Too late for what? For recovery? No. For prosecution of the thief? Probably. For prosecution of the moron who bought it and knew it was stolen? No.

      It's unlikely anyone but the last buyer will even attempt to connect it to the Internet. So whether the police uses 12 weeks or 4 months to get to him doesn't matter much, they will still find the laptop, and someone to put in jail.

      On the other hand, the mechanism only works on idiots. If I were to buy a stolen laptop (not that I'm into that kind of thing anyway), I would of course wipe it clean, just as I do with any other new or used computer that gets into my hands...

    6. Re:Not secure at all. by HavokDevNull · · Score: 3, Informative

      I also wondered about that as well, so I jumped on the website and did a bit of research before posting here.

      FROM FAQ

      Q. Can ComputracePlus be detected?

      A. On most PCs, the Computrace Agent, which powers ComputracePlus, is silent and invisible and will not be detected by looking at the disk directory or running a utility that examines RAM. On many PCs - depending on their operating system - the Agent cannot be erased off the hard drive by deleting files because it is not visible in file directories. The Agent can survive a hard drive re-format, F-disk command and hard drive re-partitioning. The Agent can be removed by an authorized user with the correct password and installation software.

      On a Mac system, it is very difficult for a standard user to deliberately or accidentally delete the Agent as the files cannot be deleted by anyone other than the root user.

      Q. What happens if a computer's hard drive is removed? A. The Computrace Agent resides on a computer's hard drive so if the drive is removed and installed on another computer, the Agent will initiate contact with the Monitoring Center at its next scheduled call. It will then report its new location. The original computer will no longer be protected.

      --
      Sig
    7. Re:Not secure at all. by Anonymous Coward · · Score: 3, Insightful
      Apache - 29 Advisories
      IIS - 20 Advisories

      Did I miss something?

      Yeah. You missed the fact that all of the IIS advisories were remote access vulnerabilities, while the Apache advisories were mostly DoS attacks and local privilege escalation.
  3. manufacturers by JimmyJava · · Score: 5, Funny

    should build this into the hardware or the bios. i know if i stole a computer i wouldn't be in a rush to plug into the internet. unless of course it's a windows machine, in which case i've got a good solid 12 minutes to play around with it.

  4. Most Stolen Laptops are stripped within minutes by Anonymous Coward · · Score: 5, Funny

    The bastards have even developed very tiny cinder blocks which they leave the empty laptop skeletons propped on.

  5. huh? by zoloto · · Score: 4, Funny

    ...you insensitive clod???

  6. Ah... by HillaryWBush · · Score: 3, Interesting

    1. Purchase $500 laptop
    2. Purchase $100 security
    3. Purchase $100 spyware remover
    4. "Lose" laptop
    5. Wait 60 days
    6. Profit $300 for 60 days work
    7. GOTO 1 (I never spaced lines by 10, what was up with that)

    1. Re:Ah... by slavemowgli · · Score: 5, Informative

      7. GOTO 1 (I never spaced lines by 10, what was up with that)

      The idea was that if you needed to insert a line or two at some place in your program, you'd be able to do so without renumbering all lines.

      --
      quidquid latine dictum sit altum videtur.
  7. Hardware, or software? by djh101010 · · Score: 4, Interesting

    TFA is remarkably lacking in technical details, so I looked at LoJack's site, which doesn't mention a thing about this. So - is this a hardware solution, or a program that gets installed into an existing OS? If the latter, well, how useful is that? While the slashdot crowd and the laptop-stealing crowd probably don't have a whole lot of overlap, I can't see someone not just re-installing the OS to wipe the system in any case.

    The spyware and firewall questions seem important as well - if this is just a "Hey, this is box XYZ and I'm at this IP address", talking to lojack's servers, well, fine, but how does the end-user know that they haven't blocked that with their firewall?

    I'd love to see something technical on this, rather than some stock-tip-guy's interpretation.

  8. "Guaranteed" is a loose term these days by Hachey · · Score: 5, Informative

    Absolute Software may be guaranteeing $1,000 after 60 days if the laptop is not found, but you'd be surprised what that actually means.

    I used to work for a computer store. We sold scores of laptop locks; all sorts of kinds of them. The Kensington locks sold like hotcakes because they had a $1,200 "guarantee" that the lock could not be compromised. The problem, we soon found out, is that the theif has to physically cut through the lock and leave behind the pieces. As we all know, some locks can be picked with even a bic pen, and so a lot of good this "guarantee" did for some poeple. Some theives also just took the not-so-hard-to-steal item the laptops were attached too. (Lock it to a bed or desk people, please!)

    No evidence to send in, no money back. I am willing to bet in this case there are similar loopholes for Absolute Software to play with.


    --
    Check out the Uncyclopedia.org :
    The only wiki source for politically incorrect non-information about things like Kitten Huffing and Pong! the Movie !

    --
    Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
  9. Wow, What Garbage by Protocron · · Score: 5, Informative

    Come on Slashdot. What is this, news for AOL users? This kiddie crap. Yes, most thieves will just boot the computer with Windows and try to get on the net. But this is Slashdot. We're nerds or something. And this ain't F***ing news. If I got a laptop that was stolen, hell if it was used, I would format it:

    From the website: www.absolute.com

    Q. Can Computrace Personal be removed?
    A. The Computrace Personal software is a low-level utility that is as tamper resistant as a disk-based utility can be. The software can only be removed by an authorized user with the correct password so please be sure the password is stored in a safe location and not on the protected computer.

    Q. What happens if a computer's hard drive is removed?
    A. The software resides on a computer's hard drive so if the drive is removed the computer will no longer be protected and can not be located if stolen or lost.

    http://www.absolute.com/Public/computracepersonal/ faqs.asp
    Wow, what great protection.
    Come on!!!!! This ain't even hardware!!!

    --
    CAPS LOCK: ITS LIKE THE CRUISE CONTROL FOR AWESOME
  10. $1000? please... by finse · · Score: 3, Insightful

    There was a time when laptops were stolen due to their price, and possible resale value on the black market. I personally think we are now in a new era where laptop theft (at least the corporate type) is no longer about getting a shiney new powerbook, and possibly selling it off the back of a truck. Today laptop theft could be for the information contained on the hard drive. Now lets think about the componsation, if my HR director "loses" his/her laptop with important information about me/co-workers, is $1000 really going to cover the loss? No, not even close. 1K in most cases will not even cover the cost of the laptop. For my money, I want a techonology that will encrypt the contents of that hard drive, and be easy enough for an HR director to use.

    --
    Paranoid tinfoil hat crowd say Y here, everyone else say N.
  11. Not just stolen! by Telastyn · · Score: 5, Interesting

    It's not just stolen laptops that send information to their servers. Any laptop with this software installed sends periodic heartbeats to the computrace people.

    Our PHB ordered it installed after getting a call from a golf buddy. It was ripped out a week later. The heartbeats contain enough [cleartext] information that the increased chance of the laptop being broken into, or the salesguy socially engineered using the info was deemed higher than the chance it'd ever be stolen.

  12. Nice marketing idea, but... by imuffin · · Score: 4, Interesting

    I've been doing this for years using DynDNS's free dynamic DNS service. I run a client on all my machines that updates their IPs with dyndns's database. If my laptop disappears, I just look to see what mylaptop.dyndns.org resolves to.

    --
    watch funny commercials

  13. Re:Call out the law?? by joe_bruin · · Score: 3, Funny

    That IP address and its owner will be promptly banned from the Internet.

  14. Worse than just an illusion... by janic · · Score: 5, Interesting

    It is outright bullshit!

    We had a laptop stolen and called it in.

    "Oh, you need to file a police report"

    Fine, so we get the numbnuts who lost it to file the report and give us the report number.

    "Okay, yes... we have recieved a call home from the laptop, and we know where it is!"

    Great! Now when do we get it back?

    "Wellll, you cant..."

    and it just got worse from there. The police wouldn't retrieve the laptop, and these clowns wouldn't tell us where the machine was. But at least we knew:

    - it was in fact stolen and not in the hands of the numbnuts employee
    - it was in fact connected to the internet, being used, right then
    - we couldn't get it back
    - someone was at least enjoying their brand new laptop...

    damnnit! This shit just annoys me. I'm going home.

    1. Re:Worse than just an illusion... by pcmanjon · · Score: 4, Interesting

      Yes, I used this service before as well -- last fall I think. The police were very unhelpful --

      and Computrace wouldn't share the location of the stolen laptop, she was nice to tell me that they were online with it right now though.

      Jesus Christ, it was a waste of money

  15. Better than some other options by ravenspear · · Score: 4, Funny

    Profit $300 for 60 days work

    Well, if you work in IT, at least you'd be getting a raise.