Computrace *PIC*

[albo]

Hi Folks,

I'm interested in getting the computrace software on my T410. I've just realized how silly it is for me not to have the ability to remote wipe my machine, given how much I have on it.

The T410 is advertised as having intel chips that integrate with computrace to make tracking and wiping more secure (i guess). I'm about to buy computrace lojack here: http://shop.lenovo.com/SEUILibrary/cont ... de=0C47795

The service used to be advertised as "Absolute Computrace". I just want to make sure that what I buy does indeed make good use of the intel chips that this thing has.

Anyone else here using this software? I uninstalled the Intel management software from my machine as I don't need anyone managing this for me. Do I need to reinstall that intel software? Any other thoughts?

thanks!

[richk]

Computrace does not need/use Intel AMT. Intel AMT is for central management of a group of machines. The thing that is most important to protect is your data. On modern drives, drive passwords are encrypted and are the hardest security measure to defeat. I never say that anything is absolutely secure. I'm sure if the CIA wanted your data and disassembled your drive, then examined the platters with an electron microscope, they could get in, but nothing I have is THAT important. The machine needs to be connected to the internet for computrace to tell the thing to wipe your drive. By then, if you don't have a pw, it could be too late. For me, the pw is enough

[EOMtp]

+1.
... and if you are concerned about the "platters" vulnerability mentioned above, then use a drive which implements correctly(!) hardware-based full disk encryption, and that should be more than plenty good enough ...

Regarding "correctly(!)", you might be interested in the following:
http://vxlabs.com/2012/12/22/ssds-with- ... ncryption/

[Brad]

I had called a data recovery company and asked about recovering data on an FDE drive where the encryption key was changed. They said at the time that as of this moment they would not have a successful data recovery with that scenario.

That was good enough for me.

Brad

[jayton4]

I'm sure if the CIA wanted your data and disassembled your drive, then examined the platters with an electron microscope,

I am no expert, but I am almost pretty sure that the process where a subject gains access to a encrypted data stored on HDD does not involve an electron microscope, disassembly, or any other physical inspection of the drive or its platters. CIA likely has access to all the government-owned supercomputers at Lawrence Livermore and Oakridge to crunch out encryption keys, some of these being new high efficiency GPU-based brute force. Of course, if the data is in a stored state, it may be as simple as a cold boot attack.

albo:
I have had Computrace for about 2 years now. I have not had any computer stolen yet, so I cannot speak to how their returns work out. The web management interface does include the option to wipe the machine or to delete certain files. Here is what it looks like:


In my opinion, Computrace seems would better protect in the event of a smash-and-grab type theft. In those situations, the hardware is more important to the thief than the data. They want to quickly turn it around into a quick sale. If you are talking about data that the CIA or some other foreign agency can never get access too, the best bet is to write in a power surge to the firmware of an SSD that triggers the melting of the NAND when some sign of distress becomes apparent. The smart folks that are actually out for your data are typically well versed enough about Computrace that it is a non-issue for them.

Admin note: Please be aware that when posting inline images to a thread that was not started by you, there's no way for you to edit the OP's post with a *PIC* warning. It's best to use a link instead.

[albo]

Hi all,

Thanks for the replies. I'm not worried about the CIA. I am worried about laptop theft that turns into data theft. Yes, an encrypted drive (either hardware or trucrypt) would be the best solution. Perhaps I'll implement that in my next laptop. That's not going to happen right now, though. I purchased lojack and that has put me at ease. Not a perfect solution, but better than nothing. There's a chance I'll be able to wipe my data if my laptop is stolen now.

[richk]

Just for the record, I did not suggest electron microscopes for encryption - just disk passwords. They are stored on a part of the drive that cannot be accessed using sata commands. Encryption keys can be broken with enough time and computing power. As far as computrace, the first thing a thief would do is to pull out your drive. They could read it on another machine and there would be no problem for them. For data, a password is the best defense and it's free, unless you screw up and lose it.

[albo]

As far as computrace, the first thing a thief would do is to pull out your drive. They could read it on another machine and there would be no problem for them. For data, a password is the best defense and it's free, unless you screw up and lose it.

Nice to hear you've interviewed all the theives out there, and especially nice to hear that they're in universal agreement about their methods. Just in case you missed a thief or two in your interviews, I think I'll stick with computrace for now.

Regarding encrypted drives, it'd be nice if you bothered to read the previous posts before opining.

[EOMtp]

... I purchased lojack and that has put me at ease ... better than nothing. ...
... Nice to hear you've interviewed all the theives out there ...

A false sense of security is worse than nothing!

Tell me: What does an intelligent person gain from gratuitous off-putting sarcasm, let alone directed at individuals who are voluntarily giving you good advice that is based on their considerable technical knowledge and experience?!

The point made to you is a valid one: anyone of concern who is interested in retrieving stolen data is sufficiently savvy to attempt that data extraction on a different platform than the stolen machine. Consequently, there is little to be learned from having "interviewed all the theives (sic) out there", as you put it.

In simple terms:
If they don't know enough to remove the drive, then they are probably too incompetent to worry about. If they know enough to remove the drive, then your solution is not "better than nothing".

[albo]

you're right - sorry for the sarcasm.

I should have put it more simply: yes, an intelligent thief after your data would take the drive out. Are all thieves intelligent, and are they all after your data? If they're just after hardware, that doesn't mean they won't poke around to see what they might be able to find. I will strongly disagree with you about those kinds of thieves not being anything to worry about. My email client lives on my laptop, and a bunch of other stuff. I'm sure someone who isn't an expert of any sort could find stuff in there I'd rather they didn't.

I should also have pointed out more nicely that, while encrypted drives are surely great, it's not happening in this case, so please stop recommending them.

A false sense of security is a danger, but i'm not going to be leaving my laptop hanging around unattended any more than I would otherwise. And furthermore, it isn't "false" to say that there's a chance you'll be able to wipe your computer remotely if you have lojack installed and the comp is stolen. You just have to recognize it's a chance, and not a guarantee.

Anyway, whatever, my question has been answered. Sorry for my previous snarkiness.

[jayton4]

Admin:
Sorry for the *PIC* mishap.

albo: you could make a truecrypt container for the sensitive data and be done with it. What is your email client? Put the email client's profile in the truecrypt container. Use this plan for the password security for the truecrypt key: http://xkcd.com/936

[EOMtp]

+1 on TrueCrypt
... but since you stated already that you do not like that, then remember that Windows already provides native transparent encryption for files and/or folders on NTFS volumes.

Tell Windows Explorer which folders/files to encrypt, and thereafter it's all totally transparent after you login to Windows ... yet others would need to crack your Windows password to access those folders/files -- a task that's sufficiently technical to protect those folders/files from the "average" bad-guy you mention.

Of course, make certain to enable a password for Windows login, as well as for restarting from Sleep and Hibernate modes.

[fakeraol]

im astonished by "I'm interested in getting the computrace software on my T410.".

You never have read this?

• http://exploiting.wordpress.com/2009/09/11/138/
• http://corelabs.coresecurity.com/index. ... he_Rootkit
• http://www.securelist.com/en/analysis/2 ... _Revisited

Computrace is realy easy to defeat by setting file-rights, and easy to missuse, as you can read in the articles above.

best regards from germany, fakeraol

[RealBlackStuff]

For those in the know: it is relatively easy to deactivate or even remove Computrace.
AFAIK Computrace is limited to only work on machines with M$ Windows.
In other words: install Linux and give Computrace the finger!

[fakeraol]

Disabling is easy, but not the most important point.
The sessionkey for encryption of the current conversation between c-agent and c&c-servers will be transfered unsecured. That means, man-in-the-middle can not only read the whole comunication, but take full control over your computer because of the design-flaws of computrace by "absolute software".

the jumping point is: computrace lowers your security.

[RealBlackStuff]

With removing I meant removing it from the BIOS, not just removing some silly Winblows files...

[fakeraol]

I know, cp jumpadress from c-module to the prior module, at all "\W\d{2}" machines and X300. About "\W\d{3}" machines i'm not sure yet, how to do it.
But read the kaspersky-analysis, its horrible.