Not all laptop-recovery services work the same.
The Des Moines Register had an interesting story yesterday about how a stolen Compaq Presario led police to an apartment containing $20,000 worth of crystal meth.
Apparently the laptop was equipped with an "anti-theft feature that lets it phone home when plugged in," the paper reported.
Although there are several of these services on the market, probably the best known is Computrace, also known as Lojack for Laptops. (Absolute Software, makers of Computrace, licensed the Lojack name several years ago.) The software hooks into the computer at a very low level and is designed to make a phone call on a modem or send out a beacon on the computer's Ethernet at least once per day.
Absolute keeps track of each beacon that's received. If a computer is reported stolen, it can look at the caller ID from the phone call or at the IP address from the network communiqué. In this case, it seems, the laptop's thieves had participated in other criminal activities as well.
When the police showed up at the apartment to apprehend the stolen property, they found the drugs too.
It's great to hear that the laptop-recovery system worked for the victim in Iowa. But I've always suspected that the software wouldn't be too hard for a sophisticated thief to remove. Last week I found out that it's pretty darn easy, in fact--provided that you have a Mac.
You see, I bought Lojack for Laptops for my Mac back in August 2006.
Once I installed it, the software dutifully called back to Absolute every day. I could monitor these calls on the company's website. Then earlier this month I decided to do a clean reinstall of the operating system on my MacBook.
Reinstalling software on a MacBook is much, much easier than on a PC: you just boot from the CD-ROM, tell the computer you want to do a "clean install," and off you go. You can decide whether to do a clean install or an upgrade. You can even do a clean install while preserving your user accounts and applications. That's just what I did.
Well, apparently the clean install was a little too clean: the hidden software that Absolute had embedded in my operating system was wiped away with my old operating system!
I don't think that this is a real problem with the product today, as most crooks who steal a laptop probably aren't sophisticated enough to reinstall the operating system the very first thing--human nature being what it is, they're sure to turn on the laptop to see what's there. They might even be looking for information that they can use for identity theft.
Still, I do wish that the folks at Absolute wouldn't be so bold in their marketing claims. I can't speak about their PC product, but their Mac product is pretty darn easy to remove.
(As a side note, I should say that I both called and sent e-mail to the folks at Computrace, telling them that I was a journalist and asking them for a comment about the failure of their software. The nice person I spoke with in tech support promised that somebody would get back to me, but nobody did.)
Massachusetts Institute of Technology
Comments
if you wanted something to remain even after an OS install, it'd probably have to be a hardware thing, though i dont know of any out there.
brunascle
01/31/2007
Posts:68
RR15583
01/31/2007
Posts:1
jbaker
02/01/2007
Posts:1
But erasing the operating system is a surefire way to eliminate most types of these post-theft solutions. As another commentor pointed out, only going to the hardware level via BIOS is the only way you can implement such measures as it takes control prior the operating system being loaded.
sumwatt
02/05/2007
Posts:1
.. apparently the clean install was a little too clean: the hidden software that Absolute had embedded in my operating system was wiped away with my old operating system!
After reading Mr. Garfinkel's post above I contacted Lojack. It took two calls to tech support followed up by two emails.
The real question I had was weather LoJack provides protection after a simple reinstallation of the OS-X operating system, if it will still work when consumers install the new "Leopard," operating system, and will it still function if a thief upgrades the hard-drive.
Below are the answers from Lojack about these matters.
.. The information was correct that a clean install on a Mac could disable LoJack for Laptops software, however, in our experience, Mac users are less likely to re-install the operating system on their computers and in the case of theft, it is also rare. In a Windows world, an unauthorized user is forced to re-install the OS to bypass the password protection and access the machine. With Apple, it is a very different scenario; most often an unauthorized user can gain access to a stolen computer straight away. What’s more, the average thief is an unsophisticated technology user who will simply use the stolen Mac to jump online and surf the Internet. When this happens we, at Absolute, are able get the information we need to determine the computer’s location and, with the help of local law enforcement, recover the asset.
We are currently in discussions with Apple to help provide additional support to enhance the persistence of the security software on the Mac platform. Our software is currently compatible with the Mac OS-X version 10.3 and we expect that we will be fully compatible with the new Mac OS “Leopard” when it becomes available to consumers.
If you have purchased our software under the impression that it would survive a re-install of the operating system, we would be happy to offer you a refund for your purchase. TechSupportLojack@absolute.com
Sumflow
03/02/2007
Posts:1
I'm talking about the Firmware Password (FP) which comes with the Mac OSX install disk. Basically FP prevents anyone who does not know the password to:
1. Reformat your hard disk.
2. Boot from an external hard drive, CD, DVD, etc.
Two things to remember,
1. Only use the FP application that came with your Mac install disk (i.e don't borrow or download the program), and
2. By GOD don't forget your FP password!
As an added bonus, if you're using a recovery program like Lojack - since FP will allow anybody to log-in via the default disk - create a "Guest Account" with no password and no administration privilege. This will encourage the thief to use the computer which increases the chance of recovery.
Baldlars
09/30/2007
Posts:1