Problems on Client Security Software

[cchsiao]

I got my T42p about two months ago. At the time I received my T42p, I tried to install every software I can get from IBM's website, and decided what software I will use in the future. I tried Client Security Software once, but I don't think I need it and therefore I removed it from my HDD.

Recently I thought of something, and would like to try Client Security Software again. However, I found that I forgot the password I set at the first time I used it. Even though I try to reinstall Windows XP, it doesn't help at all. Right now when I launch the program (Client Security Software), I have to keyin password which I don't remember. Could I remove the password from the security chip? Thanks for help.

By the way, I don't think the rules of password on using Client Security Software is very good since all my passwords won't work. That's why I forgot the password (because I have to set a new one).

[matyst]

I would advise you to download and thoroughly read the documentation for this software. As far as I recall, there is an option to clear the password from the CSS chip in the BIOS.
BE SURE FIRST that the software is uninstalled, since you will not be able to log into Windows.

I tried this software and I did not like it. First of all, it takes a loooong time to get authenticated and log on to Windows. The biggest drawback, however, is that it can only encrypt files on the C:\ partition. I prefer to keep my documents, e-mails, Mp3 etc. on a separate partition (so if I need to reinstall Windows I do not have to worry about them) and thus IBM solution is of no use for me. The password manager is also not very good. If you want a solution to keep some of your files private, I would recommend encryption utilities like BestCrypt by Jetico or TrueCrypt.

[cchsiao]

The reason why I ask is that I don't think the instruction is for Thinkpad. I mean, according to the instruction, you can remove forgotten password from BIOS. However, there are no such options in Thinkpad's BIOS. I would say it's an instruction for ThinkCenter or anything else, but not for Thinkpad.

I was wondering if I can remove the password by removing the backup battery or something like that. I try to contact IBM, but I don't really know whom I should contact. So...

By the way, the reason why I wanna "use" CSS is that I don't want my Thinkpad to be... malfunctional at any parts. You know... I am a Virgo, and this is certainly a inperfect part of my Thinkpad. A weird reason, right? Anyway, thanks for your help.

[BILLCROCKER]

Though it takes a little longer to start up, it looks really cool, and makes you feel like your doing something really important (I'm not).

If you cannnot remember your UVM secure logon passphrase, then you need to type in your administrator passphrase (you created it when you installed the software). You click I forgot my passphrase, and follow the instructions.

If you cannot remember any of your passphrases, then you need to clear the security chip and reformat your computer. Removing the backup battery won't work.

[cchsiao]

Something weird happened today. Since I tried too many wrong password, the security chip lockout for a while (actually it lockout for more than 8 hours). Even though I reboot the Thinkpad several times, the security chip is still locked. So... this only thing I can think of is to uninstall the CSS, and try to forget I have a malfunctional part...

Story ended? No! If you wanna uninstall the CSS, you have to keyin the Administrator's password (if it's not locked) or you just can't uninstall the software. Well then... I try to reinstall the CSS again. Of course the security chip is still locked, so it doesn't help. But... then when I enter BIOS, one weird option which never appeared before appears on the screen: clear all encrypted data on the HDD or something like that... So, I cleared all encrypted data, and then... something wonderful happened! The CSS asked me to setup the Administrator's password instead of keyining it... Therefore, finally, I get the control of the security chip back. Really a happy ending!

I still don't know how to clear the security chip because this is no such option in Thinkpad's BIOS. Anyway, thanks for help.

[JohnDrake]

Yes there is.

Make sure embedded controller and BIOS are most current.

Press F1 prior to OS boot to get into the CMOS settings

Choose >Security, IBM Security Chip. Make sure the chip is enabled. Save the configuration. May have to reboot at this point.

Go back into the same menu (F1, Security, IBM Security Chip). You should see the option to Clear the IBM security chip.

Save the configuration.

Reboot the system, reenter CMOS.

You may now enable or disable the chip, as you see fit...

[Ghostrider]

If it is that easy to clear the password of the IBM Security Chip why should I use it?

I have setup a BIOS-PWD, a harddrive-PWD and the UVM to protect my Thinkpad. So if someone will steal it he should not be able to to access anything or sell it as functional unit.
If you can delete the passwword that is stored inside the IBM Security Chip this function seems to be useless.

[Elhabash]

This brings up an interesting question. Assumed there is no sensitive data that brings damage when stolen, would it be better if the computer is unusable, or if the thief could use the internet? If it is unusable, one could argue that the thief just throws it away, and otherwise one might be able to track the computer when it's online. I don't know if this would be poddible at all...

[Ghostrider]

I'd prefer to have it unuseable. As long as it is useable a crack/hack or whatever may give access to the data stored!
A build in GPS system (as it is in some expensive cars) to locate the notebook would be much better.

[JohnDrake]

Sorry, I made a mistake in my menu selection...security chip is different on the T42, and therefore the screens are different (even though the same BIOS is used)

Looks like it can be enabled, disabled, and thats it.

In regards to theft of the system, and rendering it useless to a potential theif, there exists three types of passwords IN ADDITION to the security chip that have existing on T series for some time...

All of these are set in the BIOS.

1) Power on Password...just about every computer has this, including T's of course. This can be bypassed by removing the CMOS battery, so this is not especially secure.

2) System Administrator's CMOS password...NOT to be confused with any OS userid/password...USE WITH CAUTION. This sets a password to prevent access to the CMOS configuration area, and would cut off access to the ESS chip as well. IF YOU LOSE THIS PASSWORD, THE "FIX" IS TO REPLACE THE SYSTEM BOARD...very expensive....

3) Hard Drive password, encodes a password on the IDE controller of the hard drive of the system...so even if the hard drive is moved to another system, the password goes with it. Forget the password, and you have to buy a new hard drive.

Thinkpad systems are the most security capable systems you can buy commercially....

[lfeagan]

For those looking for a complete crypto solution for your hard drive I would recommend this:
http://www.gtgi.com/products_cryptcard.php