One Small Step for Laptop Security
The goal of laptop security is threefold: Protect the laptop, protect the data and keep it all easy to use. eWeek Labs believes Caveo Technologys forthcoming Anti-Theft system takes a smart path that competitors will likely follow.
Caveo Anti-Theft is an internal device whose workings are transparent to the user. The daughtercard adds less than $10 to the OEMs costone-tenth that of external devicesand the PCMCIA form will cost less than $100.
Using a tiny motion detector (an Analog Devices Inc. two-axis accelerometer) on either a daughtercard or PCMCIA card (we tested the former), Caveo Anti-Theft integrates the elapsed time of a computers perceived movement with vector information and determines if the laptop has been carried beyond a user-defined perimeter.
If this deduced fix exceeds the perimeter, the boot routines are blocked and key data on the drive is encrypted (via Windows encryption). If that data cant be matched to key data on the card, the computer grants access only when the user enters a 16-digit access code.
Caveo Anti-Thefts closest competition is Lexent Technology Inc.s iSpy, an external attachment that includes motion-sensing and proximity-detection abilities. However, this multipiece system requires that the user be near and respond.
Although the Caveo Anti-Theft beta we tested had some rough edges, the product worked as advertised. Setup is straightforward. The user establishes a four-digit identification number, a 16-digit emergency PIN and a gestural sequence known as a "motion password."
Defining the latter was a problem until we deduced that we should not return to a home position from which to define the second gesture. Each position is forgivingly interpreted, which in use is probably a good thing, but it can be annoying because the user cant define positions that are too similar.
The system didnt always accept our second position, making it difficult to disarm. The motion password, offered as an intuitive way to arm and disarm the system, is a good feature that should be improved.
It would be better to allow users to set tolerances for recognizing positions so that, as they gained practice, the motion password could become subtler and harder to steal. As it is, Caveo Anti-Thefts voice mode calls each motion aloud when accepted, and a keen observer could steal the password.
Motions would be better acknowledged as vibrations or beeps. On the other hand, only a voice should warn that one is exceeding a perimeter. A voice can tell a thief that the PC is responding to being moved and what that means. Beeps cannot.
It was possible to engage in slow theft and fool the accelerometertemporarily. Caveo promises a fix. If stolen, the system restarts, displaying the screen "Stolen" and then an opportunity for the user to enter the 16-digit PIN.
Good security requires deterrence and response. The response here is easy to understand: encryption, warning and lockup. Deterrence is less evident: Caveos logo does not convey "Steal me and I become a brick." So its safe to assume that Caveo will seek a big-name partner in security branding whose logo will encourage miscreants to leave laptops where they find them.