By Andrew Garcia  |  Posted 2006-04-17 Print this article Print

Absolute Softwares Computrace Data Protection provides some nice insurance for corporations, allowing them to wipe clean critical data from laptop computers stolen in crimes of casual opportunity, but it wont deter knowledgeable and resourceful thieves more interested in the data than the hardware itself.

The Computrace Data Protection service includes remote data deletion capabilities plus hardware, software and license-tracking information. Also available is ComputraceComplete, which includes the Data Protection features plus laptop tracking with a $1,000 recovery guarantee.

Pricing will vary depending on the type of Computrace service purchased and whether the service is bought directly from Absolute Software or from a laptop manufacturer. If purchased through Absolute Software, users can expect to pay $34.95 per system per year (or $52.95 for ComputraceComplete).

Computrace Data Protection relies on a client/server architecture, where software agents on protected laptops periodically phone home to a centralized server hosted by Absolute Software. The agent reports the inventory information and accepts new job requests from the central server. For ComputraceComplete customers, the agent also will report the laptops current local IP address while the central server determines the real IP for networks using NAT (Network Address Translation).

During tests, eWEEK Labs downloaded the client agent directly from the Computrace Data Protection services Web management interface. (The agent came preconfigured to correctly report for our Computrace account.) The installer package we received had to be manually installed on a system-by-system basis, but Absolute does offer an alternative installation mechanism that will work with enterprise software deployment techniques.

If a laptop is reported stolen, an administrator can initiate the data deletion process from the central Web interface. We could configure policies to target specific folders or file extensions for deletion, or we could choose to delete entire partitions or hard drives.

We associated our data deletion policy to our "missing" test laptop object, then submitted the job to the Computrace Data Protection service. To confirm our authorization to perform the data deletion, we needed to submit an administrator name and e-mail account plus the numeric value currently displayed on the token provided to us by Absolute. After authentication, the delete job was submitted to the client agent at the next scheduled check-in.

We received several notification e-mails throughout the entire process, letting us know that a job was first submitted, then accepted by the client and, lastly, completed by the client.

We found that deletion worked as advertised, shredding the data to Department of Defense specifications such that we were not able to recover the bits using data recovery software. ComputraceComplete customers should take note that using the data delete function will make it significantly more difficult to recover the hardware and will void the recovery guarantee.

The DOD received an F in security on a report card from the Federal Information Security Management Act. Click here to read more. It will survive

For Computrace Data Protection to work effectively, the service requires two things that cannot be guaranteed: network connectivity for the lost device and agent persistence—vulnerability gaps that a determined data thief could squirm through. Computrace also cannot guarantee that data will not be copied from the purloined device before the deletion policy is triggered, so the service does not replace strong client-side encryption.

At some point, a thief will need to connect the stolen laptop to an Internet-enabled network for the Computrace services capabilities to kick in. Without an Internet connection, the agent can never report its location back to the central server, nor can it accept deletion commands. Once connected, though, Absolutes software does everything possible to maintain network connectivity.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog. We found that the agent does some sneaky, spywarelike things to evade being blocked by desktop firewalls. Because desktop firewalls often block egress communication from unknown processes by default, the Computrace agent instead hooks into Internet Explorer. Monitoring the computer with SysInternals Process Explorer 10.06, we discovered that the Computrace agent triggers communication back to the central server as a subprocess of IE. This will help evade the local firewall rules, as the IE process likely has already been configured to allow IE to communicate to the Internet.

During the last year, Absolute inked partnership agreements with most major laptop vendors to include Computrace code in the BIOS. With this code active and in place, the software agent will automatically get reinstalled to the operating system, even if the hard drive has been wiped clean or replaced outright.

During tests, we looked at new laptops from Dell, Lenovo Group and Gateway and noted some interesting differences among vendor implementations of the Computrace service. For eWEEK Labs reviews of these Core Duo-based systems, go to "Laptops leap forward in power and battery life" at eWEEK.com.

Read eWEEK Labs reviews of these Core Duo-based systems. All the systems ship with the BIOS agent disabled, and the agent is automatically engaged when the client software gets installed. Neither the Lenovo nor the Gateway laptop gives the user an interface with the BIOS settings, so the BIOS agent can be disabled only via a command from the central server. Dell allows users to manually engage or disable the code from the BIOS configuration pages, so administrators must make sure to configure a BIOS-level password.

Even without the BIOS component, we found the Computrace software agent to be fairly resilient. In one test case, we reimaged the operating system partition of a Computrace-protected laptop. Nonetheless, the agent reappeared when we booted up the fresh system image.

Next Page: Evaluation shortlist.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel