Absolute Softwares Computrace Data Protection provides some nice insurance for corporations, allowing them to wipe clean critical data from laptop computers stolen in crimes of casual opportunity, but it wont deter knowledgeable and resourceful thieves more interested in the data than the hardware itself.
Click here to read the full review of Computrace Data Protection.
2
Absolute Softwares Computrace Data Protection provides some nice insurance for corporations, allowing them to wipe clean critical data from laptop computers stolen in crimes of casual opportunity, but it wont deter knowledgeable and resourceful thieves more interested in the data than the hardware itself.
The Computrace Data Protection service includes remote data deletion capabilities plus hardware, software and license-tracking information. Also available is ComputraceComplete, which includes the Data Protection features plus laptop tracking with a $1,000 recovery guarantee.
Pricing will vary depending on the type of Computrace service purchased and whether the service is bought directly from Absolute Software or from a laptop manufacturer. If purchased through Absolute Software, users can expect to pay $34.95 per system per year (or $52.95 for ComputraceComplete).
Computrace Data Protection relies on a client/server architecture, where software agents on protected laptops periodically phone home to a centralized server hosted by Absolute Software. The agent reports the inventory information and accepts new job requests from the central server. For ComputraceComplete customers, the agent also will report the laptops current local IP address while the central server determines the real IP for networks using NAT (Network Address Translation).
During tests, eWEEK Labs downloaded the client agent directly from the Computrace Data Protection services Web management interface. (The agent came preconfigured to correctly report for our Computrace account.) The installer package we received had to be manually installed on a system-by-system basis, but Absolute does offer an alternative installation mechanism that will work with enterprise software deployment techniques.
If a laptop is reported stolen, an administrator can initiate the data deletion process from the central Web interface. We could configure policies to target specific folders or file extensions for deletion, or we could choose to delete entire partitions or hard drives.
We associated our data deletion policy to our “missing” test laptop object, then submitted the job to the Computrace Data Protection service. To confirm our authorization to perform the data deletion, we needed to submit an administrator name and e-mail account plus the numeric value currently displayed on the token provided to us by Absolute. After authentication, the delete job was submitted to the client agent at the next scheduled check-in.
We received several notification e-mails throughout the entire process, letting us know that a job was first submitted, then accepted by the client and, lastly, completed by the client.
We found that deletion worked as advertised, shredding the data to Department of Defense specifications such that we were not able to recover the bits using data recovery software. ComputraceComplete customers should take note that using the data delete function will make it significantly more difficult to recover the hardware and will void the recovery guarantee.
It will survive
For Computrace Data Protection to work effectively, the service requires two things that cannot be guaranteed: network connectivity for the lost device and agent persistence—vulnerability gaps that a determined data thief could squirm through. Computrace also cannot guarantee that data will not be copied from the purloined device before the deletion policy is triggered, so the service does not replace strong client-side encryption.
At some point, a thief will need to connect the stolen laptop to an Internet-enabled network for the Computrace services capabilities to kick in. Without an Internet connection, the agent can never report its location back to the central server, nor can it accept deletion commands. Once connected, though, Absolutes software does everything possible to maintain network connectivity.
We found that the agent does some sneaky, spywarelike things to evade being blocked by desktop firewalls. Because desktop firewalls often block egress communication from unknown processes by default, the Computrace agent instead hooks into Internet Explorer. Monitoring the computer with SysInternals Process Explorer 10.06, we discovered that the Computrace agent triggers communication back to the central server as a subprocess of IE. This will help evade the local firewall rules, as the IE process likely has already been configured to allow IE to communicate to the Internet.
During the last year, Absolute inked partnership agreements with most major laptop vendors to include Computrace code in the BIOS. With this code active and in place, the software agent will automatically get reinstalled to the operating system, even if the hard drive has been wiped clean or replaced outright.
During tests, we looked at new laptops from Dell, Lenovo Group and Gateway and noted some interesting differences among vendor implementations of the Computrace service. For eWEEK Labs reviews of these Core Duo-based systems, go to “Laptops leap forward in power and battery life” at eWEEK.com.
All the systems ship with the BIOS agent disabled, and the agent is automatically engaged when the client software gets installed. Neither the Lenovo nor the Gateway laptop gives the user an interface with the BIOS settings, so the BIOS agent can be disabled only via a command from the central server. Dell allows users to manually engage or disable the code from the BIOS configuration pages, so administrators must make sure to configure a BIOS-level password.
Even without the BIOS component, we found the Computrace software agent to be fairly resilient. In one test case, we reimaged the operating system partition of a Computrace-protected laptop. Nonetheless, the agent reappeared when we booted up the fresh system image.
Next Page: Evaluation shortlist.
Evaluation shortlist
EVALUATION SHORTLIST
Everdreams Theft Recovery Managed Service Administrators can choose to remotely encrypt or delete sensitive data on stolen hardware (www.everdream.com)
Softexs Theftguard Similar to Computrace Data Protection, Theftguard also provides BIOS integration through a partnership with Phoenix Technologies (www.softexinc.com)
Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.