ComputracePlus deletes stolen data

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2002/1230/web-comp-12-30-02.asp

By Michelle Speir 
Dec. 30, 2002 

Theft happens. And in the case of notebook computers, it happens a
lot.

When preventive measures fail and a notebook is stolen, the focus then
becomes recovery. One breed of recovery products tracks the machine
via an agent that notifies a central command center every time the
computer connects to the Internet. Then, with the aid of local law
enforcement, the information can be used to pinpoint the physical
location of the machine.

We reviewed one such product earlier this year ("PC PhoneHome tracks
missing computers"). That product, from Brigadoon Software Inc., can
physically track lost or stolen computers but it does not have any
control over the data on the machine, as is true for most products of
this type.

But now, a new feature in Absolute Software Corp.'s ComputracePlus
product raises the bar for computer-tracking software. The feature is
called Data Delete and, as the name indicates, it deletes data from a
stolen machine.

Like other tracking products, ComputracePlus tracks the physical
location of missing computers by programming its agent to
automatically call Absolute's customer support center at regular
intervals when connected to the Internet. The default frequency is
once a day, but once a machine is reported stolen, the frequency
increases to every 15 minutes.

The agent is invisible to the user and can survive a hard drive
reformat, F-disk command and hard drive repartitioning. According to
Absolute, ComputracePlus is the only product on the computer-tracking
market that can withstand these attempts at removal.

Before a theft

Thanks to the many reports it produces, ComputracePlus is useful even
before a machine is stolen. Administrators can use it to track the
location of computers to make sure they are being used only in
authorized locations (at the office and not at home, for example, or
in certain departments). They also can use it to monitor the software
loaded on each machine, check for outdated virus definitions, and
track leasing information and inventory.

Reports are accessible through Absolute's Web site, and we were
impressed with the site's ease of use. All 19 reports are listed on
one page and grouped into several major categories such as asset
inventory and security. Various sorting options are available, along
with download, print and save functions.

In addition to reports, the Web site offers administrative functions,
such as user management, data management, alert creation and account
management. There is also an online theft report form.

Data Delete

To experience the data deletion process, we followed the same
procedure a customer would follow. First, we called Absolute's
customer support center to request the deletion. The company then
e-mailed us a document packet with instructions and authorizations to
sign. The cost per use is $200, which is not included in
ComputracePlus' purchase price.

The documents release Absolute from liability for the operation and
also state that the company cannot guarantee the operation's
completion. One certification signature and two authorization
signatures are required, and customers can choose whether to have the
operating system deleted along with the data.

The document packet also includes forms for rescinding the delete
order. However, once data is deleted, it cannot be retrieved, so if
the process has begun, some data will be lost permanently.

After signing the documents, we faxed them to Absolute and within an
hour — a time frame the company says is typical as long as a machine
is connected to the Internet — our data was gone. If the computer is
not connected at the time the company receives the request, the data
will be deleted the next time it is connected.

When we checked our test notebook after the deletion, all documents
and applications were gone except Internet Explorer, which was the
conduit for the Internet connection. We chose to preserve the
operating system and it remained on the machine as instructed.

We received a confirmation letter that included a chart containing
information about the deletion, such as the number of files deleted,
hard drive space before and after deletion, and the Computrace agent's
call history.

Conclusion

ComputracePlus goes a long way toward protecting computer assets and,
perhaps more importantly, the data stored on them. The product is also
a useful tool for managing and tracking an agency's inventory, even if
a theft never occurs.

Just remember that a product like this has limitations. For example, a
thief could view data or copy it to disks before connecting to the
Internet. Also, if the thief is at the computer while the data delete
process is taking place, he or she might notice it and could
disconnect the machine and stop the process. Finally, some thieves are
sophisticated enough to disguise their locations with false IP
addresses.

Because the agent is undetectable, however, chances are good that an
average thief would not think to take such precautions. But
professional thieves might be familiar enough with this type of
technology that they would automatically operate as though a tracking
agent were in place.

While ComputracePlus may not be foolproof, it's certainly much better
than nothing at all, offering agencies a good chance at recovering
physical property and keeping sensitive data out of the wrong hands.
 
 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.