Forgot your password?
typodupeerror
Security Portables Hardware IT

Another Stab at Laptop Security 316

Posted by timothy
from the wonder-if-it's-linux-friendly dept.
kogus writes "LoJack is licensing its brand name to Absolute Software, which provides Computrace -- soon to be known as the 'LoJack for Laptops' line of computer theft recovery systems. When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law. In some cases, Absolute Software customers are eligible for a $1,000 guarantee payment when a stolen system is not recovered within 60 days.
This discussion has been archived. No new comments can be posted.

Another Stab at Laptop Security

Comments Filter:
  • Yay (Score:4, Funny)

    by Nick of NSTime (597712) on Wednesday July 06, 2005 @04:54PM (#12998154)
    My PowerBook cost more than $1000.
  • Not secure at all. (Score:5, Interesting)

    by TripMaster Monkey (862126) * on Wednesday July 06, 2005 @04:56PM (#12998176)

    From TFA:
    When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law.

    Unless you:
    • Block the outgoing signal with a firewall,
      and/or
    • Wipe the drive, removing the Computrace software.

      Nice illusion of security....wonder how many people will fall for it.
    • Yeah, but it's still silent! Unless you're some strange mutant person. In that case, get earplugs.
    • by cosinezero (833532)
      Likely this would be on firmware; wiping the drive would be pointless (and probably past the abilities of most crackheads anyways - wiping the drives means a reinstall before resell). Blocking outgoing traffic on a possibly random port with a firewall isn't as easy to do as you'd think.

      • It sure as hell is. You block everything except the few things you know you need or want. Most Win32 home firewalls also allow you to block specific applications.

        It's rather trivial, actually.

        And anybody who's going to swipe a laptop will probably wipe the drive with a reinstall because they won't be able to log into the system to poke around (unless they intend on hacking the login; again a rather trivial task once you have physical possession).
        • It's rather trivial, actually.

          Of course, the "phone home" message could be a garden variety http/s request. So unless you setup your firewall to deliberately block your own web access....

          It's rather trivial, actually.

        • by Qzukk (229616) on Wednesday July 06, 2005 @05:30PM (#12998494) Journal
          You block everything except the few things you know you need or want.

          You probably want http, so the firmware could do http://www.laptopjack.com/report.pl?laptopid=AF314 229B2C&gps=55N33E [laptopjack.com] or whatever the hell it sends. If the result comes back "you've been stolen!" it halts the computer and prints FBI! on the screen or whatever. If theres no network or the laptop is not stolen yet, it boots normally and waits until next time.

          The whole logic could be embedded in a boot rom on the card, with DHCP and all. Or, if you custom-made the ethernet card, it could even store the last IP address and gateway, and use that next time you boot if DHCP failed. You could even theoretically set it to do this every few hours or something when the network is idle-ish, so that if someone nabs it while its running and keeps it on all the time, it still gets a chance to report.

          If you wanted to be REALLY tricky, you could hit other sites first and test for the presence of proxies or what not, then go through a few options, like SSL client authentication using a stored certificate to identify the laptop if a direct connection can be established. Or using just normal client SSL if a proxy that will allow it is detected. Or last ditch, http:

          • Since the site itself tells me that this is nothing more than software, and that replacing an internal NIC (which almost every laptop sold today has) is prohibitively expensive (in most cases requiring a modified motherboard), I'll reiterate my comment about the blocking/discovery being quite trivial.

            Set up a non-Internet-connected pen and see what tries to get out of your fully locked down firewall system. Remove offending code. Rinse, repeat.

            Or, better yet, just boot from CD and wipe the drive (whic
      • by Anonymous Coward on Wednesday July 06, 2005 @05:08PM (#12998307)
        Blocking outgoing traffic on a possibly random port with a firewall isn't as easy to do as you'd think.

        Nah, it's easy. Just set Inside Any -> Outside Any -> Service Any -> Deny and hit then add it ^&^&^&$&%&^[NO CARRIER]
        • This, people, is why you shouldn't try every step of the instructions you recommend to people :)
        • by flosofl (626809)
          That's freaking hilarious!

          I just did that for real last week. Some guy came over and wanted to know how to tweak /dev/ethX settings (ethtool). Well, I was showing him (he's just getting into administering Linux stuff) and then I said if you ever need to bring an interface down you do this...and then I did it. On a box I was ssh'd into. Had to go down 6 floors into the test-lab to connect my laptop to the console port and bring the interface back up... Thank God it was only a lab box.
      • by TripMaster Monkey (862126) * on Wednesday July 06, 2005 @05:08PM (#12998315)

        Here's a snippet from their website [absolute.com]:
        Computrace Agent
        The Computrace agent is a small, software client that resides on the hard drive of host computers and enables Absolute's services. Easy to install and unobtrusive to the end-user, the agent requires minimal bandwidth in its communications to the Monitor Center.
        Doesn't look like it's on firmware to me...
        • by cosinezero (833532)
          What's the likelihood it will become firmware once wireless manufacturers hear about it? Think about it...
        • by Anonymous Coward
          it sits on the MBR of the HDD

          you just fdisk /mbr or run grub/lilo and it kills it.
        • by bhtooefr (649901)
          There IS a Computrace Agent BIOS edition, but that is only available on laptops that offer it as part of the BIOS, of course (IBM's i915-based laptops have it as an option, FWIW).
    • I suspect it isn't intended for people concerned just about losing the hardware, but actually the data that is on the machine.

      If someone steals a machine with the intent to stealing confidential information (god knows what people store on their laptops these days) then this sytem might be worth the money.

      Regardless of intended use its more likely that someone in this line of espionage would know about this software and have a disconnected LAN they can use to dissect the machine on, and if its just simple
      • If someone steals a machine with the intent to stealing confidential information (god knows what people store on their laptops these days) then this sytem might be worth the money.

        How do you figure? All I have to do is dump the data while airgapped. Problem solved.
        • I know nothing of this airgapping of which you speak... :)

          Don't forget the 'might'.

          Like I said, I'm not convinced.
          • I think "airgapped" referrs to being physically disconnected from a network. Unfortunately this term came into use before wireless networks became popular, hence the low usage today.
      • If you're worried about the data, then you should protect that, not the hardware. Have the system thoroughly encrypted locked to biometric data. Then have it keep back ups of critical data on a secure remote server. Then if you're laptop gets stolen, no big deal, they can't get the data and you've not lost much.
      • If I steal a laptop for the data on it the first thing I'm going to do remove the hard drive then trash the laptop. It's harder to trace a hard drive than the laptop. Then I'm going to hook the harddrive up to a decicated computer and mount it instead of putting it into another computer and booting off of it.

        Once I have the data I'm goign to trash the harddrive.

    • Well, how many thieves will have the knowledge necessary to block and wipe the related software? Not too many.

      While no half-competent crook will let himself be caught this way, all that counts is whether (price_of_Computrace)/(probability_of_laptop_being _stolen)<$1000.
    • by GrBear (63712)

      Nice illusion of security....wonder how many people will fall for it.

      - How many corporations continue to run MS IIS to drive their corporate websites?

      - How many people continue to run IE?

      - How many people continue to run Windows and download the latest spyware infected software because it's trendy, even after they've had their computers infected countless times?

      Your right, security is an illusion, and some people prefer to turn a blind eye rather than look at the root cause.

      • (Sans M$ rant)

        "You['re] right, security is an illusion, and some people prefer to turn a blind eye rather than look at the root cause."

        You were ranting on about data / network security which is a little different than physical security. Try and guess where most laptops are physically stolen from? Give up? The airport where bagage handlers are usually the guilty party. Not too long ago they made a whole slew of arrests here in my city of bagage handlers who stole laptops, cameras, camcorders, etc.. from pe
      • by pr0c (604875)
        GrBear (63712): Nice illusion of security....wonder how many people will fall for it.

        - How many corporations continue to run MS IIS to drive their corporate websites?

        - How many people continue to run IE?

        - How many people continue to run Windows and download the latest spyware infected software because it's trendy, even after they've had their computers infected countless times?

        Your right, security is an illusion, and some people prefer to turn a blind eye rather than look at the root cause.


        II
        • by Anonymous Coward
          Apache - 29 Advisories
          IIS - 20 Advisories

          Did I miss something?

          Yeah. You missed the fact that all of the IIS advisories were remote access vulnerabilities, while the Apache advisories were mostly DoS attacks and local privilege escalation.
    • reminds me of the security of Thinkpads (thumbprint), which in turn reminds me of a car with such a lock in...Malaysia I think it was... where the carjackers merely cut off the owner's thumb as a means to defeat security. When in doubt, use a bigger machete....
    • by NanoGator (522640)
      "Nice illusion of security....wonder how many people will fall for it."

      Depends on what kind of thief we're talking about.
      I shouldn't have to go into that kind of detail, though. Just because one can semi-easily get around it doesn't mean it's worthless. I mean, that'd be like saying "Welp, why bother locking the door? They'll just break the window."

      Let's talk about reality for a moment: It has been widely known, for DECADES, how to avoid leaving fingerprints at the scene of a crime. Despite being b
    • To say nothing of the following: how does the laptop know that it has been stolen, and not just taken on a business trip? Does it send a report to Computrace every time it connects to the internet?
    • by janic (102538) on Wednesday July 06, 2005 @06:09PM (#12998759) Homepage
      It is outright bullshit!

      We had a laptop stolen and called it in.

      "Oh, you need to file a police report"

      Fine, so we get the numbnuts who lost it to file the report and give us the report number.

      "Okay, yes... we have recieved a call home from the laptop, and we know where it is!"

      Great! Now when do we get it back?

      "Wellll, you cant..."

      and it just got worse from there. The police wouldn't retrieve the laptop, and these clowns wouldn't tell us where the machine was. But at least we knew:

      - it was in fact stolen and not in the hands of the numbnuts employee
      - it was in fact connected to the internet, being used, right then
      - we couldn't get it back
      - someone was at least enjoying their brand new laptop...

      damnnit! This shit just annoys me. I'm going home.
    • by HavokDevNull (99801) <eric@linuxsysteGINSBERGms.net minus poet> on Wednesday July 06, 2005 @06:42PM (#12998954) Homepage Journal

      I also wondered about that as well, so I jumped on the website and did a bit of research before posting here.

      FROM FAQ

      Q. Can ComputracePlus be detected?

      A. On most PCs, the Computrace Agent, which powers ComputracePlus, is silent and invisible and will not be detected by looking at the disk directory or running a utility that examines RAM. On many PCs - depending on their operating system - the Agent cannot be erased off the hard drive by deleting files because it is not visible in file directories. The Agent can survive a hard drive re-format, F-disk command and hard drive re-partitioning. The Agent can be removed by an authorized user with the correct password and installation software.

      On a Mac system, it is very difficult for a standard user to deliberately or accidentally delete the Agent as the files cannot be deleted by anyone other than the root user.

      Q. What happens if a computer's hard drive is removed? A. The Computrace Agent resides on a computer's hard drive so if the drive is removed and installed on another computer, the Agent will initiate contact with the Monitoring Center at its next scheduled call. It will then report its new location. The original computer will no longer be protected.

  • by JimmyJava (774754) on Wednesday July 06, 2005 @04:56PM (#12998183)
    should build this into the hardware or the bios. i know if i stole a computer i wouldn't be in a rush to plug into the internet. unless of course it's a windows machine, in which case i've got a good solid 12 minutes to play around with it.
    • unless of course it's a windows machine, in which case i've got a good solid 12 minutes to play around with it.

      yeah, but after the 12 minutes are up it's not much fun anymore, so then what? Wait for the cops to show up by looking at all them viagra pop up windows?
  • by Anonymous Coward on Wednesday July 06, 2005 @04:56PM (#12998187)
    The bastards have even developed very tiny cinder blocks which they leave the empty laptop skeletons propped on.
    • Ever been to a swap meet? A lot of that stuff is, uh, warm to the touch.

    • This works for cars. It's hard to tuck a car under your arm so they strip it of the easily removed items like tires.

      The more organized car heists either go to a chop shop or are put on a boat overseas.

      There's no point canibalizing a laptop when it can easily be taken in one piece. What you meant to say was that the laptops are put on a boat for overseas countries within minutes...

      Where perhaps they're to be used as spam relay bots?
  • by inkdesign (7389) on Wednesday July 06, 2005 @04:56PM (#12998194)
    Is the groundbreaking gorilla of stolen vehicle recovery committing Peter Lynch's cardinal sin of deworsification into the unrelated field of hard-drive hacking?

    ...could this perhaps use a little dewordification?
  • Ah... (Score:3, Interesting)

    by HillaryWBush (882804) on Wednesday July 06, 2005 @04:57PM (#12998200)
    1. Purchase $500 laptop
    2. Purchase $100 security
    3. Purchase $100 spyware remover
    4. "Lose" laptop
    5. Wait 60 days
    6. Profit $300 for 60 days work
    7. GOTO 1 (I never spaced lines by 10, what was up with that)
    • You spaced the lines by 10 in case you had to add more lines of code without rewriting everything that you'd already written after that point.

      For example, if you'd written:

      1. Purchase $500 laptop
      2. Purchase $100 security
      3. Purchase $100 spyware remover
      4. Wait 60 days
      5. Profit $300 for 60 days work
      6. GOTO 1

      You'd have to add line 4, the "lose" laptop option. Then you'd have to rewrite lines 5 and 6 then add line 7.

      On the other hand, if you'd written:
      10. Purchase $500 laptop
      20. Purchase $100 security
      30. Pu
    • Re:Ah... (Score:5, Informative)

      by slavemowgli (585321) on Wednesday July 06, 2005 @05:33PM (#12998521) Homepage

      7. GOTO 1 (I never spaced lines by 10, what was up with that)

      The idea was that if you needed to insert a line or two at some place in your program, you'd be able to do so without renumbering all lines.

      • There is no problem with using consecutive line numbers. If you need to insert a line between two other lines, use fractional line numbers.

        5½ GOTO 3.1

        No renumbering required, problem solved!

        Yes, I know what you are thinking: what if we run out of fractions? Don't worry though! In such emergencies, you can start using irrational line numbers. There are tons of those, so you will never run out. This does tend to increase the size of the program considerably, so they should only be used as a last resor
    • by ravenspear (756059) on Wednesday July 06, 2005 @06:42PM (#12998952)
      Profit $300 for 60 days work

      Well, if you work in IT, at least you'd be getting a raise.
  • Questions (Score:3, Interesting)

    by yuriismaster (776296) <tubaswimmer@gmail.TEAcom minus caffeine> on Wednesday July 06, 2005 @04:57PM (#12998205) Homepage
    How would one report if a laptop is stolen? How easy would it be for a thief to remove this after stealing said laptop (before connecting it to the computer)? How will the law know where to go (geographic IP location can't be THAT accurate, can it?) How much of a performance hit will this add to normal use?
  • I'm curious as to what kind of locating data it gathers, and how it gathers it. Seeing as this is just a software package, I can't imagine it can go much farther than an IP address.
    • I got the inside track on this. Here is a sample of the data chatter from a stolen notebook to the LOJack server:

      <LOJACK_Loc_DATA>HELP ME!!!!</LOJACK_Loc_DATA>
      <LOJACK_Loc_DATA_Response>What seems to be the problem?</LOJACK_Loc_DATA_Response>
      <LOJACK_Loc_DATA>I've fallen....AND I CAN'T GET UP!!!</LOJACK_Loc_DATA>
      <LOJACK_Loc_DATA_Response>Where are you? Can you describe your location?</LOJACK_Loc_DATA_Response>
      <LOJACK_Loc_DATA>HELP ME!!!!</LOJ

  • by rosewood (99925) <rosewood.chat@ru> on Wednesday July 06, 2005 @04:58PM (#12998218) Homepage Journal
    Unless you have a peice of radio transmitting hardware inside the laptop that will destroy the laptop if removed, how can any software really be worth while?
  • by djh101010 (656795) * on Wednesday July 06, 2005 @04:59PM (#12998232) Homepage Journal
    TFA is remarkably lacking in technical details, so I looked at LoJack's site, which doesn't mention a thing about this. So - is this a hardware solution, or a program that gets installed into an existing OS? If the latter, well, how useful is that? While the slashdot crowd and the laptop-stealing crowd probably don't have a whole lot of overlap, I can't see someone not just re-installing the OS to wipe the system in any case.

    The spyware and firewall questions seem important as well - if this is just a "Hey, this is box XYZ and I'm at this IP address", talking to lojack's servers, well, fine, but how does the end-user know that they haven't blocked that with their firewall?

    I'd love to see something technical on this, rather than some stock-tip-guy's interpretation.
    • Yeah, right. Why'll you're at it, ask them where they hide the lo-jack equipment on cars and how to disable it. Let me know when they get back to you.

      Most likely they are putting code on the disk and in the flash.
    • ...and it is useless. It is an application (not firmware) that is installed into the disk's MBR. It also requires a Windows OS. So, in a nutshell: if you reinstall Windows it will not kill computrace. Reformatting the MBR or installing a *NIX OS will kill it, however.
  • Call out the law?? (Score:3, Interesting)

    by pe1chl (90186) on Wednesday July 06, 2005 @05:00PM (#12998238)
    which then calls out the law

    What does that mean?
    Is there some law organisation in the USA that you can call saying "my laptop has been stolen and it is now on the internet at address 333.444.555.666" which will then go out to locate your laptop and return it to you??
    • BTW, it's strictly forbidden to report non-existing IP addresses to Teh Internets Police.
      • It is an example.
        But I think it would be useless here to report something like this to the police. They will put your report on some stack of "nice things to do should we have some time left" and it will be assigned zero priority.
    • FBI Hostage Rescue Team.

      Rappel down the side of the building, smash the window, flashbang the room. Whack the 15 year old who stole your laptop in thw chest with a CS grenade.

    • by joe_bruin (266648) on Wednesday July 06, 2005 @05:24PM (#12998445) Homepage Journal
      That IP address and its owner will be promptly banned from the Internet [uncyclopedia.org].
    • roundup! (Score:3, Funny)

      by SuperBanana (662181)
      Is there some law organisation in the USA that you can call saying "my laptop has been stolen and it is now on the internet at address 333.444.555.666" which will then go out to locate your laptop and return it to you??

      Well sonny I work for these here boys, and when I get a tellygram, I hop on my trusty steed 'Mac', and he and I head on down to russle me up some lappies. 'casionally I hook up with m' associate Ping; she's a real darlin' and knows how to ferret out the sneakiest son-of-a-guns, even them C

    • which will then go out to locate your laptop and return it to you??

      Fuck that. Just give me the address of the fuck tard that stole my laptop. I'll go round up some goons and recover it mysel...

  • is that would-be laptop thieves need to learn how to wipe the harddrive and reinstall before connecting to the internet. Probably a lot easier than removing a lojack from a car before you are busted.

    On the other hand, if thieves think will get busted by stealing laptops, this helps everyone. Schneier has an interesting note on his blog [schneier.com] about lo jacks in cars benefiting everyone.

  • by Anonymous Coward
    I want my laptop to emit knock-out gas and then send a signal via satellite to track it if it is stolen and wrong password are in the hardware.
  • by chill (34294) on Wednesday July 06, 2005 @05:01PM (#12998254) Journal
    If you don't have physical control, you don't have security. Okay, strong encrypted data may be safe from prying eyes but how many people, after getting a stolen laptop back, boot it immediately and "check" everything? Can you say keylogger trojan?

    Computrace is a piece of client software that "phones home" on a regular basis. It provides NO protection against things like formatting the hard drive before connecting to the Internet. http://www.absolute.com/Public/products/techplatfo rm.asp [absolute.com]

    Oooo... it uses an ENCRYPTED connection. Explain to me how this stops "fdisk; format c:" or "fdisk; mkfs /dev/hda1"? How about booting from alternate media like a USB key, floppy or CD?

    This must be designed to nab the stupid criminal, who jacks in as soon as they boot.

    On the other hand, with the prevalence of open WAPs, it is quite possible a laptop with a built-in wireless NIC will connect and phone home before the hapless thief realizes it.

    -Charles
  • by Hachey (809077) on Wednesday July 06, 2005 @05:01PM (#12998255)
    Absolute Software may be guaranteeing $1,000 after 60 days if the laptop is not found, but you'd be surprised what that actually means.

    I used to work for a computer store. We sold scores of laptop locks; all sorts of kinds of them. The Kensington locks sold like hotcakes because they had a $1,200 "guarantee" that the lock could not be compromised. The problem, we soon found out, is that the theif has to physically cut through the lock and leave behind the pieces. As we all know, some locks can be picked with even a bic pen [slashdot.org], and so a lot of good this "guarantee" did for some poeple. Some theives also just took the not-so-hard-to-steal item the laptops were attached too. (Lock it to a bed or desk people, please!)

    No evidence to send in, no money back. I am willing to bet in this case there are similar loopholes for Absolute Software to play with.


    --
    Check out the Uncyclopedia.org [uncyclopedia.org]:
    The only wiki source for politically incorrect non-information about things like Kitten Huffing [uncyclopedia.org] and Pong! the Movie [uncyclopedia.org]!
    • Sometimes it takes evil thinking to get around evil guarantees."Fight Evil with Evil" goes the tagline to at least one movie...

      Were *I* in this position, I'd buy a second lock, break it, leave pieces of it lying around the area where the notebook was stolen, take a photo, and then proceed to make my claim.

      Of course, there there is no way I would *really* do that officer...

  • corporations (Score:3, Insightful)

    by kebes (861706) on Wednesday July 06, 2005 @05:02PM (#12998260) Journal
    Not sure what the costs involved are... but I doubt that this will be of much interest to the typical personal laptop owner. However, I can see this being bought up in bulk by companies as a sort of "insurance." In fact, their insurance rates would probably go down if all company laptops were equipped with this software. I think it makes sense for a business to try to protect their laptops this way. Employees are going to be less careful with a company laptop, as compared to their own personal laptop, and it might be important for the company to get the laptop back.

    I think companies would be even more interested if there was a "kill-laptop" feature. So if the owner of the laptop goes to the IT department and says "my laptop was stolen!" (or lost), then they activate a flag so that when the laptop makes its secret connection, it receives a signal to erase itself, thereby protecting valuable company data. For many companies, protecting the data on the laptop might be more valuable than the laptop itself.

    On the flip side, I would think that most people who steal laptops are going to wipe them or snoop around in them for awhile before connecting to the net and surf for porn. So this should hardly be viewed as a perfect solution for catching thieves (although WiFi certainly helps).
    • On the flip side, I would think that most people who steal laptops are going to wipe them or snoop around in them for awhile before connecting to the net and surf for porn. So this should hardly be viewed as a perfect solution for catching thieves (although WiFi certainly helps).

      It is amazing what you can do remotely with a stolen laptop before the thief notices anything. [wired.com]

      Above article is a story about a guy who retreives his sister's computer by using Timbuktu Pro (a VNC like client/server solution fo

    • I beleive thinkpads can be configured to encrypt the hard drive and require a bios password every time you power it up. Not sure how effective the hard drive encryption is, but Intel relies on this mechanism for keeping their company data secure.
  • Wow, What Garbage (Score:5, Informative)

    by Protocron (611778) on Wednesday July 06, 2005 @05:03PM (#12998268)
    Come on Slashdot. What is this, news for AOL users? This kiddie crap. Yes, most thieves will just boot the computer with Windows and try to get on the net. But this is Slashdot. We're nerds or something. And this ain't F***ing news. If I got a laptop that was stolen, hell if it was used, I would format it:

    From the website: www.absolute.com

    Q. Can Computrace Personal be removed?
    A. The Computrace Personal software is a low-level utility that is as tamper resistant as a disk-based utility can be. The software can only be removed by an authorized user with the correct password so please be sure the password is stored in a safe location and not on the protected computer.

    Q. What happens if a computer's hard drive is removed?
    A. The software resides on a computer's hard drive so if the drive is removed the computer will no longer be protected and can not be located if stolen or lost.

    http://www.absolute.com/Public/computracepersonal/ faqs.asp [absolute.com]
    Wow, what great protection.
    Come on!!!!! This ain't even hardware!!!
  • ..then use fdisk to wipe the disk. Really, am I missing something here? (Other than a possible BIOS setting to force boot from internal HD in preference to CD/USB/Floppy/LAN, which can always be gotten around).
    Oh, I get it - it's just designed to recover stolen laptops from non-slashdot readers ;o)
  • $1000? please... (Score:3, Insightful)

    by finse (63518) <rpkish@gmail.com> on Wednesday July 06, 2005 @05:05PM (#12998283) Homepage Journal
    There was a time when laptops were stolen due to their price, and possible resale value on the black market. I personally think we are now in a new era where laptop theft (at least the corporate type) is no longer about getting a shiney new powerbook, and possibly selling it off the back of a truck. Today laptop theft could be for the information contained on the hard drive. Now lets think about the componsation, if my HR director "loses" his/her laptop with important information about me/co-workers, is $1000 really going to cover the loss? No, not even close. 1K in most cases will not even cover the cost of the laptop. For my money, I want a techonology that will encrypt the contents of that hard drive, and be easy enough for an HR director to use.
    • If your HR director is porting around a laptop with unencrypted data on employees you have bigger problems.

      The data shouldn't even *be* on a laptop in the first place.

      What exactly does an HR person need to do remotely? Keep sensitive data on an internal server and use a VPN to access it.
  • by dallask (320655) <codeninja@gmail.COBOLcom minus language> on Wednesday July 06, 2005 @05:06PM (#12998292) Homepage
    So when the bank official looses his laptop with my bank data on it and the thief dumps the data to another system and reformats before it connects to the net then what do I get for my stolen identity?
  • Not just stolen! (Score:5, Interesting)

    by Telastyn (206146) on Wednesday July 06, 2005 @05:08PM (#12998311)
    It's not just stolen laptops that send information to their servers. Any laptop with this software installed sends periodic heartbeats to the computrace people.

    Our PHB ordered it installed after getting a call from a golf buddy. It was ripped out a week later. The heartbeats contain enough [cleartext] information that the increased chance of the laptop being broken into, or the salesguy socially engineered using the info was deemed higher than the chance it'd ever be stolen.
  • like cell phones (Score:2, Interesting)

    by fermion (181285)
    If your cell phone is stolen, it should be easy to connect the called numbers to the person who has the phone. In some cases this will work, and I have seen cell phones returned.

    However even the young kids who casually steal cell phones appear to have some sophistication, and are able to reprogram or wipe phones for resale.

    Given that wiping and reinstalling the OS for laptop is trivial compared to reprogramming a phone, I do not see how this would stop anyone but the most casual of laptop thief.

    I w

  • by imuffin (196159) on Wednesday July 06, 2005 @05:23PM (#12998435)
    I've been doing this for years using DynDNS's free dynamic DNS service. [dyndns.org] I run a client on all my machines that updates their IPs with dyndns's database. If my laptop disappears, I just look to see what mylaptop.dyndns.org resolves to.

    --
    watch funny commercials [tubespot.com]
  • This company just proves the saying "A fool and his money are soon venture capital".

    I seriously can't believe this concept ever got past the drunken-scheming-businessplan-on-a-napkin phase.

    Yes, this might catch your average completely clueless snatch-and-grab thief, but I wonder how often those guys go through the trouble of connecting a stolen laptop to an internet connection anyway?

    What would be really fun is to report some PHB's laptop stolen while he's on a business trip with this software installed
  • How does the stolen computer know it's time to transmit the homing signal... unless it's always transmitting anytime you're connected to the internet?

    I'm not entirely sure how the LoJack on cars works, but I seem to recall it requires you to report the theft, and then the cops/LoJack have some means for tracking the car's device. With a physical device, this might not require an always-transmitting approach so much as always-ready-to-transmit - that is, it could have enough battery power to start transmi
  • Simply put a small charge of explosives in the case and when it gets stolen, boom, check the news for "fence killed by stolen laptop", wait for the /. posting "innocent man killed by exploding Windows laptop", and comment here.

    These situations are just fodder for more posts, so why noy enjoy it?
  • Literally. 10 years ago. I called them up and asked if they did laptops. They did not.

    A better solution is to make it work like the car LoJacks - when the unit receives an "I'm stolen" message it replies with its location. Only major problem would be power - if a theif removed the batteries it could be a long time before some sucker replaced the batteries, and by then LoJack might've stopped broadcasting.

    Of course, any kind of security won't work well if it can be disabled or removed without disabling
  • I've been thinking of anti theft protection for laptops recently, and the flaw in most software is that they assume you will somehow end up on a open network which isn't firewalled.

    One way around that is to put in a celluar radio, not only will it allow net access almost anywhere where coverage exists, it can be used to call home and do lots of things easily. Perhaps port LinuxBIOS to the laptop (if you can get the docs) and set it to self destruct on bootup remotely, not sure if any trapping is possible v
  • Absolute Software customers are eligible for a $1,000 guarantee payment when a stolen system is not recovered within 60 days.

    1: get a laptop
    2: install this "security" software
    3: report laptop stolen
    4: wait 60 days
    5: put in claim for money
    6: profit


    Just because I claim it's stolen and make sure I don't plug it into the internet for 60 days, or claim it's stolen then wipe the drive clean, does that mean I can make $1000??

    It sounds about as ridiculous as

    1 - collect underpants
    2 - ???
    3 - profit
    • well yes, but that's no different from:

      1. get x
      2. insure x
      3. report x stolen
      4. claim insurance
      5. profit

      its called fraud.
      • its called fraud.

        .... which makes me question the wisdom of their guarantee policy. I'd imagine that will be revised very quickly when they realize most laptops reported stolen are not actually, and that those that really are won't "live" long enough to report themselves.
    • 1 - collect underpants
      2 - ???
      3 - profit

      It's a great idea, but I think it should be a function of the BIOS.
      Underpants as a BIOS function? I know us Mac guys are a different breed, but when I hear stuff like this I severely doubt Steve's decision to switch to Intel.
  • When a stolen Computrace-equipped system is connected to the Internet, it automatically and silently sends locating data to Absolute Software, which then calls out the law . . .

    And the law proceeds, uninterrupted, with their donut break.

    Seriously, "the law" doesn't pursue stolen cars all that aggressively. Instead, they say, "we'll take a report that you can turn in to your insurance company. What? You didn't have theft insurance? You're one dumb sonofabitch." The manufacturer implies that, once th
  • 1) Buy $500 Dell laptop
    2) Install Computrace
    3) Throw laptop away and file police report as stolen
    4) Apply to Computrace for $1000 guarantee
    5) Profit!

Chairman of the Bored.

Working...