Locate lost/stolen notebooks

[selvan777]

Has anyone tried using Absolute Protect or something similar that's also free?

[monty cantsin]

Has anyone tried using Absolute Protect or something similar that's also free?

First off: this software isn't free.

http://www.absolute-protect.com/cgi-bin ... GISTER.CGI

But now for the main part: In order for that software to work properly, you would have to leave your notebook completely unlocked, i.e., without any harddisk, supervisor or Windows passwords (this crappy piece of software doesn't even register as a Windows service!), so that the thief could use it freely. I do not see a reason why anyone should consider doing that. Why? Because, as a thief who has just acquired an unlocked notebook, the first thing I would do is wipe the hard disk, of course. I wouldn't be interested at all in the stuff that is left from the original owner, because now it would be my own notebook and I would set it up from scratch as mine. So, you see, provided that the thief isn't one of the totally dim-witted kind, you'd actually do him a great favor if you decided on 'securing' your notebook that way and put all your trust into that questionable software. A locked notebook would also be lost anyway, ok, but at least the thief could only use it as a doorstep and would probably learn from it for the future.

They advertise their software on the opening page of their web site as being "[r]esistant to file deleting and hard disk formatting"...

http://www.absolute-protect.com/index.htm

...which is blatant nonsense. Then somewhere buried in a help file...

http://www.absolute-protect.com/full_des.htm#formatting

...they silently admit that "[o]f course there is no 100% guarantee - it depends how the files were deleted or how HD formatting was performed". Now draw your own conclusions... Would you call that trustworthy business practices in the field of security-related software?

I'd say that the chances you'd really get back your notebook with the help of such software are abysmally low, in fact I believe that actually it even plays into the hand of thieves. Stay away from it!

My recommendations:

1. Never leave your notebook alone.

2. If you think you have to leave your notebook unattended for a while, always put a mechanical lock on it.

3. Always have all possible passwords set (supervisor and hard disk password are a must in order to render the notebook unusable, but additional power-on and Windows log-in passwords won't hurt).

[selvan777]

My error, I should have gone to their homepage before posting, it's not free. But, none the less, I am looking for one from a reliable source that is.

I don't see why you came to the assumption that you'd have to leave the notebook unlocked. And, besides, even the power-on password can be defeated.

Crappy or not, I don't know but the reason it's not a windows service is because they claim it runs hidden from the user so only you know how to access it via a command line provided during install.

Like any other retailer, I had to only click on "Full Details" to read all about it. Nothing was buried anywhere.

As for a guarantee, come on, even LoJack's guarantee has a recovery rate of 90%. Even Norton doesn't guarantee 100% that I'll never get a virus.

Aside from the obvious, I'd recommend doing all you can to assist in protecting your stuff.

P.S. I don't see how this kind of software can play into the hands of a thief, could you elaborate?

[monty cantsin]

I don't see why you came to the assumption that you'd have to leave the notebook unlocked. And, besides, even the power-on password can be defeated.

The software needs Windows to run on, right? So, tell me, how can the notebook boot up into Windows when it is locked with passwords? How can a notebook that rests at the plain hardware password prompt execute the program and connect to the internet in order to report its location? If you want to 'benefit' from the program, you have to make sure that the thief can boot into your Windows installation without any hassles, and he can only do that if he isn't stopped by passwords. So your notebook has to remain unlocked. What you do is pin your hopes on the foolishness of a thief who doesn't take any precautions. I can tell you one single thing: If there would be more people like that who are so naive I would probably consider to become a thief myself! Ok, I'm just kidding, but I hope you get the point... Ordinarily, as a thief I run the high risk that the notebooks are locked and almost worthless, I would have to throw away at the least the hard drive and replace the system board or do some quite complicated soldering in order to get them running. With that kind of software protection, I'd only have to erase the hard drive! Now that makes work a lot easier for me as a thief.

Besides that, I wasn't talking about the power-on password. I closed my statement by explicitly pointing out that the supervisor and hard disk passwords have to be set in order to make the notebook virtually unusable, and that anything else is only the icing on the cake.

Crappy or not, I don't know but the reason it's not a windows service is because they claim it runs hidden from the user so only you know how to access it via a command line provided during install.

I've examined this tool. Yes, it needs to be started with a special qualifier in order to reveal its true nature to the user, that's correct, but by default it also lists up in the process view of the task manager like any other program, just with the small difference that it has a very suspicious name to crown it all. That also means it will still be there if you killed all tasks and therefore draw all attention towards itself. There would be more elegant ways to hide it. Anyone who is only a little bit computer-savvy will know that there's something wrong, become suspicious, consider a worm infection or other kinds of malware and take appropriate measures against it. As he won't depend on your individual Windows installation, he will most probably wipe it out completely as the simplest solution to the problem and start again from scratch.

Like any other retailer, I had to only click on "Full Details" to read all about it. Nothing was buried anywhere.

As for a guarantee, come on, even LoJack's guarantee has a recovery rate of 90%. Even Norton doesn't guarantee 100% that I'll never get a virus.

Think it over, the examples you come up with are something totally different. That the software we're talking about here can't be removed easily is an extraordinary claim that calls for extraordinary evidence. After all, it is still a Windows application of the simplest kind. Imagine the following: you don't boot into Windows, but start some nifty LINUX tool (well, also some old DOS-based stuff would already suffice) from external media and nuke the whole harddrive. How could such a Windows tool that's not even running do anything against a deletion of the whole hard drive? Actually the basic procedure for removing this tool wouldn't include more than wiping the partition table, creating new partitions and setting up an OS of your choice anew. I'd even go as far as to say the claim that this software is hard to overcome is almost an act of evil deception.

Just compare this to some similar kind of software from another manufacturer, who makes a rather good impression on me, because he's somewhat more down to reality:

http://www.secure-it.com/products/laptr ... ak_faq.htm

"Will LapTrak survive a hard disk format?
There are NO computer programs that cannot be completely removed from a computer, regardless of the program's location on the unit's hard drive. LapTrak will, however, fully survive an operating system reload, which is the preferred method of the typical computer thief to quickly make a stolen machine marketable."

This statement clearly and exactly outlines the limited conditions under which the software will continue to work and is in itself perfectly comprehensible. Only a simple "reload" of the operating system (a new installation without a complete deletion of the old one beforehand) will keep the software intact and in a working state. That sounds realistic and gives the prospective customer a clear idea of what he can and cannot expect from the product.

Aside from the obvious, I'd recommend doing all you can to assist in protecting your stuff.

I fully agree, without qualification. That's why I said that never leaving your notebook unattended is the safest way to go. Well, you say it's obvious, but when I wander through the smaller, more intimate libraries of my local university, I see dozens of notebooks that are left alone, sometimes even for more than half an hour, without any mechanical deterrents to theft.

P.S. I don't see how this kind of software can play into the hands of a thief, could you elaborate?

See above. Because it encourages you to leave your notebook unlocked, without any of the vital passwords activated (which are, I repeat it again, the supervisor and hard disk password)!

[whizkid]

So far (in my universe), there are three kinds of people who have a laptop that isn't theirs.

First, there are people who find a laptop. I've left my planner in an airport, and I'm sure people have left their laptop in a taxi or somewhere else. We should make it VERY easy for people to do the right thing. Something like www.yellowtag.com can do this, as can IBM's personalization editor. If someone tries to get into my BIOS, my phone number is there with an invitation to call me collect.

Second, there are people who want the information you have. I think this is a negligible number in my case, so I don't have a power-on password. I do have a Windows password, but that's not hard to get around. If your data is something you want no-one else to get at, use the power-on password and an encrypted file system. Windows 2000 and XP both have them.

Third there are theives who want the machine. We should do what we can to make life hard for them. I use a supervisor password, which also installs a hard disk password. Sure, the machine is perfectly usable as it is, but the hard drive and BIOS are locked and there's this nice reminder that the machine doesn't belong to you. I would hope anyone buying a number of ThinkPads would check for that.

Are there classes of people I've missed? People who bought locked machines in good faith but got stuck with a dud?

[selvan777]

The software needs Windows to run on, right?

Right, but neither I nor the software suggested to remove any present security measures taken.

So, tell me, how can the notebook boot up into Windows when it is locked with passwords?

By defeating all BIOS passwords. It's my believe that if wo/man made it, wo/man can un-make it.

Also, who is to say what the thief will do. Is he/she a pro, a curious and venturous kid, a desperate sole, an idiot? I don't know but whether or not this type of software will accomplish it's task pretty much depends on their intelligence which does leave a little hope for us.

Just compare this to some similar kind of software from another manufacturer, who makes a rather good impression on me, because he's somewhat more down to reality:

http://www.secure-it.com/products/laptr ... ak_faq.htm

Great, like I initially asked, has anyone had any experience with or know of another similar.

I currently utilize all the security features I find useful for my conditions but am in search for a way to add security for an already stolen notebook, I currently use inspice. For the honest one who found it, I depend on a hand made label next to the RAM cover with contact info.

[selvan777]

So far (in my universe), there are three kinds of people who have a laptop that isn't theirs.

Yup, that generally covers all types as I see it too. Let's just hope the ones that steal aren't very bright.

[mattfromomaha]

It won't do anything to protect your data, but I'm a firm believer that anyone wtih a TP should have a Business/Personal Property addition to their homeowner/renter insurance to cover the unit anywhere you go. Only costs me $60/year to know that if my ThinkPad grows legs I'll get a new one.

[Voodle]

So, tell me, how can the notebook boot up into Windows when it is locked with passwords?

By defeating all BIOS passwords. It's my believe that if wo/man made it, wo/man can un-make it.

Also, who is to say what the thief will do. Is he/she a pro, a curious and venturous kid, a desperate sole, an idiot? I don't know but whether or not this type of software will accomplish it's task pretty much depends on their intelligence which does leave a little hope for us.

If you've got a password set on the hard disk, then it's almost impossible for it to boot into windows unless this thief is able to decode the bios passwords into plaintext. As far as I know, it's not easily possible to brute force an HD password and certainly wouldn't be worth the time or effort required, laptop hard disks aren't prohibitively expensive either.

[selvan777]

Actually it's quite easy, open it up, reset the motherboard BIOS to it's default settings (no passwords) and if that doesn't do it there are additional methods just as simple.

The Power-on, Supervisor, and HD Passwords are all BIOS Passwords.

[JHEM]

Actually it's quite easy, open it up, reset the motherboard BIOS to it's default settings (no passwords) and if that doesn't do it there are additional methods just as simple.

The Power-on, Supervisor, and HD Passwords are all BIOS Passwords.

No, won't work, not a chance and no they're not!

POP resides in volatile memory in BIOS.

SP resides in non-volatile memory on an EEPROM.

HD PW resides on the HD's controller board.

The three together are highly effective!

Regards,

James

[selvan777]

Nope, on my beast they're in the CMOS. And, besides, that doesn't mean it's impossible to defeat.

[selvan777]

I must say that it's really odd to see a type of security measure available be shot down.

[monty cantsin]

Actually it's quite easy, open it up, reset the motherboard BIOS to it's default settings (no passwords) and if that doesn't do it there are additional methods just as simple.

The Power-on, Supervisor, and HD Passwords are all BIOS Passwords.

and, being the owner of an X20, let us remember this,

Nope, on my beast they're in the CMOS.

Selvan, you don't have the faintest idea of what you're talking about!

And, besides, that doesn't mean it's impossible to defeat.

Of course it's not totally impossible, but it takes much effort and a lot of knowledge and experience to do that. That means, more than you (and most other people, except a very few) have, for sure.

[JHEM]

If you've got a password set on the hard disk, then it's almost impossible for it to boot into windows unless this thief is able to decode the bios passwords into plaintext. As far as I know, it's not easily possible to brute force an HD password and certainly wouldn't be worth the time or effort required, laptop hard disks aren't prohibitively expensive either.

If you have a HD PW set it's far more than "almost impossible" to get the HD to BOOT.

On a properly setup system with the POP, SP and HD passwords set your machine and data are secure from prying eyes. While the POP is easily removed on newer machines by removing the CMOS battery, this will "change" the CMOS settings which will cause the SP to prompt on the next BOOT. Removing the SP is far from trivial and will require EEPROM reading or soldering skills that are beyond those of the average thief.

The HD PW is retained on the controller board of the individual HD. Removing the HD and plugging it into another Thinkpad will result in a prompt for the PW. Putting it in another manufacturer's machine that doesn't support HD PWs will result in a non-responsive HD.

Replacing the PW protected HD on a stolen Thinkpad which has a SP set will result in an SP prompt as the hardware has changed. Even if the exact same HD is installed in place of the PW protected one, the new HD will not have the PW that the SP is expecting and the machine will prompt for the SP in order to effect this hardware change.

While having all of the PWs set on my Thinkpads will not prevent them from being stolen, I can take some comfort from the fact that they will be little more than doorstops to the average thief.

Can all of the PWs be circumvented? Of course, but at a cost far higher than most thieves are willing or able to bear.

Regards,

James

[whizkid]

Nope, on my beast they're in the CMOS. And, besides, that doesn't mean it's impossible to defeat.

On exactly which ThinkPad is this?

[selvan777]

Monty,

Based on your initial reply, it doesn't surprise me to see you pass judgment on another.

Perhaps my understanding of how these passwords function is weak but it's only because it's not my desire to learn how to defeat them.

I do, however, wish to learn about how to add more security for an already lost or stolen PC. And a PC Phone Home sounds pretty cool to me (as an added measure) if it's free.

Even with eeprom chips or the latest stealth technologies Incorporated, if a passwords is forgotten, I'm sure an IBM tech could get it up and running in a matter of minutes. Even you admit it's possible.

Never under estimate the abilities of the ill full intended.

[JHEM]

Even with eeprom chips or the latest stealth technologies Incorporated, if a passwords is forgotten, I'm sure an IBM tech could get it up and running in a matter of minutes.

No, they can't.

A forgotten SP PW will result in a motherboard replacement AT COST if sent to IBM for repair.

No secret backdoors, no magic bullet PWs, no all-forgiving dongles!

Regards,

James

[selvan777]

On exactly which ThinkPad is this?

An x20

[selvan777]

No, they can't.

Hmm, interesting, but I don't think I have this EEProm in my X20.

None the less, why not have a Phone Home PC. If stolen, wouldn't you like the culprit nailed even with a remote possibility, I would.

[whizkid]

On exactly which ThinkPad is this?

An x20

Then you would do well to listen to people who know. It's already been written what happens on your X20. You access the passwords through the BIOS, but only the power-on password is stored in the CMOS memory.

The supervisor password is stored on a security chip. It is a very secure device and must be put in another circuit to re-program correctly. You cannot get the password out of the chip... you can only ask it if any particular password is correct. There's a guy in Australia who has done a lot of work in this area. He makes you build your own circuit board and run his program before he'll tell you your password, and then only after you pay him.

The hard disk password is indeed stored on the drive electronics. It may be possible to swap electronics on a drive to get at the data, or it may not. I don't know too much about that process. What I am sure of is that there are some companies who charge a pretty penny for that kind of work, and that it is far beyond the common thief. The easiest and cheapest way to get a working drive to use for your own data is to throw the protected drive away and buy another drive.

[selvan777]

Then you would do well to listen to people who know.

Sure, the experience is invaluable but I highlight that the topic is to add to what you already have.

When I learned of this PC Phone Home, I inquired. It was only assumed that it also meant a volunteered elimination of existing passwords used.

If there's a free service/software that's similar to the one mentioned in the topic that's also from a reliable source, why not use it? That's the question!

[monty cantsin]

Based on your initial reply, it doesn't surprise me to see you pass judgment on another.

Selvan, I want to apologize if I may have offended you with my (well, admittedly, a bit rough) remarks. I'm pretty much stressed out these days as three (!) hard drives have just been dying on me consecutively over the course of just a few hours... Arrgh... That's not at all good for my nerves.

And I'm just getting even more upset when someone (like you) asks questions, but doesn't listen to / does not accept the answers s/he is given. See, a whole lot of people are telling you how wrong your preconceptions are, but you don't care at all. So why are you asking then? Obviously you don't want to learn. In my eyes this is also very disrespectful towards the people who really want to help you. I've written long replies to your postings in this thread and invested a great deal of time just to warn you about this kind of service, that it cannot be relied on, but you almost turn a deaf ear to it. You can be sure that most certainly I won't post a reply to any of your questions here again, because I'm getting so tired of this.

Perhaps my understanding of how these passwords function is weak but it's only because it's not my desire to learn how to defeat them.

Selvan, don't you realize how much you are contradicting yourself in this whole thread? If you want to be on the safe side, you have to have at least a bit of an idea how things work in order to be able to assess the varying degrees of security that are offered by different solutions. You're always saying all that you want is "security for an already lost or stolen PC". Now you have expressed here numerous times your belief that passwords aren't safe. We're all been telling you that indeed they're the best way to secure your notebook (at least better than this simple kind of software you've presented to us). But that still doesn't interest you, you're not willing to accept the simplest truths and/or at least to educate yourself further. That tells me that although you constantly say you want security, you're actually not really interested in it. Well, ok, so be it.

And a PC Phone Home sounds pretty cool to me (as an added measure) if it's free.

Again, you obviously don't see the contradictions. I've explained to you repeatedly that this is no question of added security, but rather one of a decision between two options. Either you lock your notebook with passwords, or you use the tracking software. Both options cannot be reasonably used together, one cancels out the other. Having to decide between both, I (and not only I) would regard the hardware passwords as the better solution. But, well, ok, you don't care about that, I know already...

It was only assumed that it also meant a volunteered elimination of existing passwords used.

No, this is not simply an unfounded assumption. Another service provider, Computrace, points out that it has to be assured that the computer can easily boot up (Computrace, for that matter, at least pays you a thousand dollars if they can't retrieve the notebook, which I regard as a big plus). This means that no hard drive password must be set. It is only recommended that a (weak) BIOS password is used in order to lock the boot sequence. But remember: On a ThinkPad, if you only want to lock the BIOS setup (and nothing else), you would need a supervisor password. Yet that would mean that if the thief plays too much around with the computer, eventually (rather sooner than later) he will be presented with the password prompt and as he doesn't know about the right code, would be ultimately locked out. That's again counter-productive. This particular notebook wouldn't be able to phone back home again. The software depends on thieves that use the notebook without reservation (that's of course also why the software is hidden), which includes connecting it without hesitation to the internet or a phone line, but most probably they'll only do that if they think they have a fully functional machine that the rightful owner hasn't cared about much. If there is only one hardware password, they will first try to remove it, and in the case of a supervisor password on ThinkPads, they will just make things worse. This way, the notebook won't no longer boot up and cannot report its location.

The biggest success for Computrace, the most reputable service provider in the field, was to win the NASA as a customer (although the NASA has been critical -- not critical enough from my point of view -- of the software right from the beginning, when in 2000 first tests had been carried out):

http://sewpsc.sewp.nasa.gov/documents/A ... uTrace.pdf

"In SEWPSC testing, seven (7) of the eight (8) vendor claims were substantiated. One of the claims was not substantiated. The claim that the software is tamperproof was found to be somewhat overstated."

Btw, these claims were in particular:

1.Tamperproof
(the most important one, yet the software failed)

2.Internet-centric

3.Monitoring

4.Transparent/Dependable

5.Enterprise-wide applicability

6.Encryption

7. Imaging software tested

8. Device interoperability

But, anyway, now, just in March 2004, the NASA has decided to remove Computrace from the core load of its notebooks:

http://www.hq.nasa.gov/odin2/documents/BA31.doc

And here's the reason why:

http://www.hq.nasa.gov/odin2/do2-attachH.xls

I quote:

"LoJack type of tracking software. Decision made not to renew this software because of the high cost and the little return. 2-3 laptops were recovered."

Even with eeprom chips or the latest stealth technologies Incorporated, if a passwords is forgotten, I'm sure an IBM tech could get it up and running in a matter of minutes. Even you admit it's possible.

Of course it's technically possible, but the question is whether it is also economically feasible. Certainly it cannot be done in a matter of minutes, not at all! And, however, IBM techs themselves cannot / will not do it! Removing the supervisor password either requires the replacement of the EEPROM or the use of an interface soldered to the EEPROM in conjunction with some proprietary software. Involves a lot of hardware knowledge and only very few people around the globe can do it.

Never under estimate the abilities of the ill full intended.

Removing the hard drive password is even much more troublesome. In case of a single hard drive password (or one that is different to a supervisor password that probably has also been set), on top of all special knowledge about drive electronics you might be lucky to have you would also need access to a class-100 clean room in order to open the unit. The password is not stored on the outer logic board, but somewhere inside of the drive!

Hmm, interesting, but I don't think I have this EEProm in my X20.

Ah, yes, I see. It's getting quite childish now, I won't add anything to that, I'm done. Rest assured that I, on my part, won't try to help you anytime again. It's senseless, you don't really want to listen to what other people have to say.

[JaneL]

<looking on and still muttering darkly about private newsgroups and killfiles>

[selvan777]

Based on your initial reply, it doesn't surprise me to see you pass judgment on another.

Selvan, I want to apologize if I may have offended you with my (well, admittedly, a bit rough) remarks. I'm pretty much stressed out these days as three (!) hard drives have just been dying on me consecutively over the course of just a few hours... Arrgh... That's not at all good for my nerves.

And I'm just getting even more upset when someone (like you) asks questions, but doesn't listen to / does not accept the answers s/he is given. See, a whole lot of people are telling you how wrong your preconceptions are, but you don't care at all. So why are you asking then? Obviously you don't want to learn. In my eyes this is also very disrespectful towards the people who really want to help you. I've written long replies to your postings in this thread and invested a great deal of time just to warn you about this kind of service, that it cannot be relied on, but you almost turn a deaf ear to it. You can be sure that most certainly I won't post a reply to any of your questions here again, because I'm getting so tired of this.

Perhaps my understanding of how these passwords function is weak but it's only because it's not my desire to learn how to defeat them.

Selvan, don't you realize how much you are contradicting yourself in this whole thread? If you want to be on the safe side, you have to have at least a bit of an idea how things work in order to be able to assess the varying degrees of security that are offered by different solutions. You're always saying all that you want is "security for an already lost or stolen PC". Now you have expressed here numerous times your belief that passwords aren't safe. We're all been telling you that indeed they're the best way to secure your notebook (at least better than this simple kind of software you've presented to us). But that still doesn't interest you, you're not willing to accept the simplest truths and/or at least to educate yourself further. That tells me that although you constantly say you want security, you're actually not really interested in it. Well, ok, so be it.

And a PC Phone Home sounds pretty cool to me (as an added measure) if it's free.

Again, you obviously don't see the contradictions. I've explained to you repeatedly that this is no question of added security, but rather one of a decision between two options. Either you lock your notebook with passwords, or you use the tracking software. Both options cannot be reasonably used together, one cancels out the other. Having to decide between both, I (and not only I) would regard the hardware passwords as the better solution. But, well, ok, you don't care about that, I know already...

It was only assumed that it also meant a volunteered elimination of existing passwords used.

No, this is not simply an unfounded assumption. Another service provider, Computrace, points out that it has to be assured that the computer can easily boot up (Computrace, for that matter, at least pays you a thousand dollars if they can't retrieve the notebook, which I regard as a big plus). This means that no hard drive password must be set. It is only recommended that a (weak) BIOS password is used in order to lock the boot sequence. But remember: On a ThinkPad, if you only want to lock the BIOS setup (and nothing else), you would need a supervisor password. Yet that would mean that if the thief plays too much around with the computer, eventually (rather sooner than later) he will be presented with the password prompt and as he doesn't know about the right code, would be ultimately locked out. That's again counter-productive. This particular notebook wouldn't be able to phone back home again. The software depends on thieves that use the notebook without reservation (that's of course also why the software is hidden), which includes connecting it without hesitation to the internet or a phone line, but most probably they'll only do that if they think they have a fully functional machine that the rightful owner hasn't cared about much. If there is only one hardware password, they will first try to remove it, and in the case of a supervisor password on ThinkPads, they will just make things worse. This way, the notebook won't no longer boot up and cannot report its location.

The biggest success for Computrace, the most reputable service provider in the field, was to win the NASA as a customer (although the NASA has been critical -- not critical enough from my point of view -- of the software right from the beginning, when in 2000 first tests had been carried out):

http://sewpsc.sewp.nasa.gov/documents/A ... uTrace.pdf

"In SEWPSC testing, seven (7) of the eight (8) vendor claims were substantiated. One of the claims was not substantiated. The claim that the software is tamperproof was found to be somewhat overstated."

Btw, these claims were in particular:

1.Tamperproof
(the most important one, yet the software failed)

2.Internet-centric

3.Monitoring

4.Transparent/Dependable

5.Enterprise-wide applicability

6.Encryption

7. Imaging software tested

8. Device interoperability

But, anyway, now, just in March 2004, the NASA has decided to remove Computrace from the core load of its notebooks:

http://www.hq.nasa.gov/odin2/documents/BA31.doc

And here's the reason why:

http://www.hq.nasa.gov/odin2/do2-attachH.xls

I quote:

"LoJack type of tracking software. Decision made not to renew this software because of the high cost and the little return. 2-3 laptops were recovered."

Even with eeprom chips or the latest stealth technologies Incorporated, if a passwords is forgotten, I'm sure an IBM tech could get it up and running in a matter of minutes. Even you admit it's possible.

Of course it's technically possible, but the question is whether it is also economically feasible. Certainly it cannot be done in a matter of minutes, not at all! And, however, IBM techs themselves cannot / will not do it! Removing the supervisor password either requires the replacement of the EEPROM or the use of an interface soldered to the EEPROM in conjunction with some proprietary software. Involves a lot of hardware knowledge and only very few people around the globe can do it.

Never under estimate the abilities of the ill full intended.

Removing the hard drive password is even much more troublesome. In case of a single hard drive password (or one that is different to a supervisor password that probably has also been set), on top of all special knowledge about drive electronics you might be lucky to have you would also need access to a class-100 clean room in order to open the unit. The password is not stored on the outer logic board, but somewhere inside of the drive!

Hmm, interesting, but I don't think I have this EEProm in my X20.

Ah, yes, I see. It's getting quite childish now, I won't add anything to that, I'm done. Rest assured that I, on my part, won't try to help you anytime again. It's senseless, you don't really want to listen to what other people have to say.

It's your prerogative, do as you will. You certainly have a right to form an opinion.

[selvan777]

I am not, and would never, suggest to not use the optional passwords available to you but realize that they may not be as fool proof as you think. Take a look at all these success stories. A thief with a room full of brand new stolen HDD would have a field day.

Excerpts from the page:
Germany X20
Thank you very much!!! You saved me a lot of bucks!!! Your method of supervisor password recovery worked very well...

USA T21
It worked! I followed the directions on your web site and successfully read the EEProm, which resulted in the successful retrieval of my supervisor password...