[ISN] ComputracePlus deletes stolen data

From: InfoSec News (isnat_private)
Date: Mon Dec 30 2002 - 00:23:51 PST

  • Next message: InfoSec News: "Re: [ISN] Hacker threat seen as overdone"

    http://www.fcw.com/fcw/articles/2002/1230/web-comp-12-30-02.asp
    
    By Michelle Speir 
    Dec. 30, 2002 
    
    Theft happens. And in the case of notebook computers, it happens a
    lot.
    
    When preventive measures fail and a notebook is stolen, the focus then
    becomes recovery. One breed of recovery products tracks the machine
    via an agent that notifies a central command center every time the
    computer connects to the Internet. Then, with the aid of local law
    enforcement, the information can be used to pinpoint the physical
    location of the machine.
    
    We reviewed one such product earlier this year ("PC PhoneHome tracks
    missing computers"). That product, from Brigadoon Software Inc., can
    physically track lost or stolen computers but it does not have any
    control over the data on the machine, as is true for most products of
    this type.
    
    But now, a new feature in Absolute Software Corp.'s ComputracePlus
    product raises the bar for computer-tracking software. The feature is
    called Data Delete and, as the name indicates, it deletes data from a
    stolen machine.
    
    Like other tracking products, ComputracePlus tracks the physical
    location of missing computers by programming its agent to
    automatically call Absolute's customer support center at regular
    intervals when connected to the Internet. The default frequency is
    once a day, but once a machine is reported stolen, the frequency
    increases to every 15 minutes.
    
    The agent is invisible to the user and can survive a hard drive
    reformat, F-disk command and hard drive repartitioning. According to
    Absolute, ComputracePlus is the only product on the computer-tracking
    market that can withstand these attempts at removal.
    
    Before a theft
    
    Thanks to the many reports it produces, ComputracePlus is useful even
    before a machine is stolen. Administrators can use it to track the
    location of computers to make sure they are being used only in
    authorized locations (at the office and not at home, for example, or
    in certain departments). They also can use it to monitor the software
    loaded on each machine, check for outdated virus definitions, and
    track leasing information and inventory.
    
    Reports are accessible through Absolute's Web site, and we were
    impressed with the site's ease of use. All 19 reports are listed on
    one page and grouped into several major categories such as asset
    inventory and security. Various sorting options are available, along
    with download, print and save functions.
    
    In addition to reports, the Web site offers administrative functions,
    such as user management, data management, alert creation and account
    management. There is also an online theft report form.
    
    Data Delete
    
    To experience the data deletion process, we followed the same
    procedure a customer would follow. First, we called Absolute's
    customer support center to request the deletion. The company then
    e-mailed us a document packet with instructions and authorizations to
    sign. The cost per use is $200, which is not included in
    ComputracePlus' purchase price.
    
    The documents release Absolute from liability for the operation and
    also state that the company cannot guarantee the operation's
    completion. One certification signature and two authorization
    signatures are required, and customers can choose whether to have the
    operating system deleted along with the data.
    
    The document packet also includes forms for rescinding the delete
    order. However, once data is deleted, it cannot be retrieved, so if
    the process has begun, some data will be lost permanently.
    
    After signing the documents, we faxed them to Absolute and within an
    hour — a time frame the company says is typical as long as a machine
    is connected to the Internet — our data was gone. If the computer is
    not connected at the time the company receives the request, the data
    will be deleted the next time it is connected.
    
    When we checked our test notebook after the deletion, all documents
    and applications were gone except Internet Explorer, which was the
    conduit for the Internet connection. We chose to preserve the
    operating system and it remained on the machine as instructed.
    
    We received a confirmation letter that included a chart containing
    information about the deletion, such as the number of files deleted,
    hard drive space before and after deletion, and the Computrace agent's
    call history.
    
    Conclusion
    
    ComputracePlus goes a long way toward protecting computer assets and,
    perhaps more importantly, the data stored on them. The product is also
    a useful tool for managing and tracking an agency's inventory, even if
    a theft never occurs.
    
    Just remember that a product like this has limitations. For example, a
    thief could view data or copy it to disks before connecting to the
    Internet. Also, if the thief is at the computer while the data delete
    process is taking place, he or she might notice it and could
    disconnect the machine and stop the process. Finally, some thieves are
    sophisticated enough to disguise their locations with false IP
    addresses.
    
    Because the agent is undetectable, however, chances are good that an
    average thief would not think to take such precautions. But
    professional thieves might be familiar enough with this type of
    technology that they would automatically operate as though a tracking
    agent were in place.
    
    While ComputracePlus may not be foolproof, it's certainly much better
    than nothing at all, offering agencies a good chance at recovering
    physical property and keeping sensitive data out of the wrong hands.
     
     
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Dec 30 2002 - 08:07:12 PST