Tools overview: Secure laptops against theft

For several years now, notebook sales have been higher than desktops. This development is due in particular to the trend towards mobile working. An unpleasant side effect of this development is that portable computers are lost relatively often, either because the car is broken open or the device is left at the airport.

In order to limit the consequences of theft and loss, in addition to the now widespread encryption of drives, some tools can help to lock the laptops remotely in their position.

Tracking tools as a supplement to encryption

According to a survey by the Ponemon Institute (PDF), security awareness among German executives is relatively high in international comparison. Only a small proportion of those surveyed committed negligent errors such as writing down the password on Post-it notes or deactivating the encryption software. However, the prevailing view is that the coding of the data alone is sufficient as protection.

However, encryption is not sufficient in some constellations. This applies, for example, to internal thefts when the perpetrators know the passwords or can possibly guess weak passwords because they have personal information about the owner.

A locked laptop is unsaleable and worthless

This measure is completely ineffective if the thieves target the device more than the data. This applies, for example, to disgruntled or dismissed employees who “forget” to return their laptops or report it as stolen.

The Anti-Theft Technology (AT-p), a vPro feature of newer Intel chips, is the basis for solutions which can lock a laptop, even before the operating system boots. This hardware support makes it difficult to bypass and make a notebook worthless as soon as the administrator deactivates the device remotely.

Even changing the hard drive cannot get the laptop to start. However, many of the consumer tools do not use AT-p, so they can be undone by formatting the hard disk and reinstalling the operating system.

Comprehensive remote management of laptops

In addition to triggering a lock command (“kill pill”, also “poison pill” or ” brick it “), the enterprise tools offer a number of advanced functions that can prevent the misuse of a mobile working device or prevent the detection of stolen or lost notebooks help.

In addition, their remote maintenance functions are not limited to deactivating the laptop, rather some products can encrypt the data on lost devices, download them from there or delete them. As soon as the hardware is back in the hands of its rightful owner, the administrator can unlock it again via removal.

Preventive measures based on policies

What is particularly interesting about some of these management tools for mobile computers is that they can not only react to loss or theft but also offer opportunities to prevent such events. In this way, the client can be automatically blocked when certain conditions are met.

This includes, for example, that the computer is outside certain IP address ranges, the domain or the computer name changes, or that the agent installed on the end device does not contact the head office for a certain period of time.

Find the location of the stolen laptop

If a laptop is actually lost, almost all tools offer opportunities to locate the device. The basic functions include IP tracking, which can limit its location based on the laptop’s IP address. In addition, the tools report the UUID and the name of a WLAN if the client is logged into a wireless network.

You can also find a laptop location using Gmail or Microsoft account.

BIOS integration for reliable protection

The market for such security tools is relatively small. This would make selection easier, but the problem is that the best protection is achieved when the agent code is integrated into the BIOS. It is therefore important whether the home laptop supplier cooperates with the provider of the preferred tool. Otherwise, the agent must be installed on a hidden partition or directly to the operating system so that changing the hard drive would put it out of action.

Another criterion for the selection of the software is how trustworthy a provider is. All tools communicate with an online service from the manufacturer, which thus receives a lot of information about the equipment and location of a company’s laptops.

Phoenix FailSafe

Such software is an obvious extension for the BIOS manufacturer of its firmware because the agent code is only persistent enough if it can reinstall itself from the BIOS into the operating system if it has been removed by an unlawful user, for example by changing the hard disk.

FailSafe FreezeFailSafe is one of the most feature-rich products. It offers sophisticated prevention options, for example via freeze. It couples the notebook to the Bluetooth signal of a cell phone. If the owner moves away from the computer beyond a defined distance and the cell phone signal becomes too weak, the software locks the computer at the operating system level. It can also send it to sleep mode.

One of the advanced functions for tracking lost devices is that the agent can address built-in webcams or GPS receivers to take pictures of the current location or transmit its coordinates. The tool also includes a keylogger, which transfers the entered text to the control center. This function is secured by a separate password so that the online service cannot view the information encrypted with it.

Computrace One by Absolute Software

Absolute software numerous functions for the remote management of laptops in Computrace One, but also sells selected features as independent products. Thus limited Absolute Track on inventory management and the transmission of location data (geo-tracking).

The company works with some hardware manufacturers that embed the agent recovery code in the BIOS, including Acer, Dell, or Fujitsu. This component must first be activated by installing the separately purchased software and registering with the online service.

Absolute also offers a management pack for the System Center Configuration Manager 2007 so that lost notebooks can be locked from the SCCM console.

Retriever from Front Door Software

While Phoenix and Absolute Software want to bring their products to the market primarily through OEMs, Front Door Software is particularly suitable for private users and small businesses. If a portable computer is lost, its owner can use the provider’s online service to initiate several mechanisms to get his computer back.

The software offers functions to send messages (voice or text) to the finder or thief of a laptop and to inform them who owns the device. In addition, a striking message can be displayed on the screen that marks the computer as stolen. To protect the device from unauthorized access, its owner can send a lock code to the client over the Internet. However, the manufacturer makes no statements as to whether it also supports the vPro AT-p and whether the lock can be cracked by reinstalling the operating system.

To determine the location of a laptop, Front Door Software offers similar tracking functions as the other providers. It uses network information such as IP addresses or WLAN properties and shows the suspected position in Google Maps and in the latest version also in Google Street View.

Front Door Software offers agents for Windows XP, Vista, 7 (32- and 64-bit), Mac OS (Tiger and Leopard). The version for Linux is available as a beta. The use of the software for a computer is free of charge.

LocatePC from LIGATT Security

The focus of this software is on extensive tracking functions to find a lost laptop. Like practically all competing products, LocatePC collects information about the network in which the computer is logged in (IP address, WLAN SSID, etc.). In addition, it can also use a built-in webcam to take snapshots of the new “owner” or the surrounding area.

The advanced functions also include a keylogger, which can provide crucial information about the thief, if he uses social networks, for example. Finally, LocatePC offers every conceivable way to send messages to the unlawful user.

LocatePC is also able to shut down the remote computer as soon as it is switched on. There is no evidence in the manufacturer’s documentation that he uses Intel’s hardware-based theft data protection for this.

The software itself exists for several Windows versions (2000, XP, Vista, 7) and is installed like a normal application. However, the setup creates an individual file name on each computer and copies the program into one of the existing directories in order to disguise the presence of the tool. Of course, it does not create any shortcuts in the start menu or on the desktop; the call is made via a hotkey defined by the user.

If someone is just targeting the computer and is not interested in spying on data, then the usual formatting of the LocatePC hard drive in this case puts it out of action. Since it is not anchored in the BIOS like some other tools, the agent cannot reinstall it itself.

LocatePC is aimed at both private users and companies. A single license costs $ 15; a 50-pack for companies is $ 1200.

Snuka

With its product of the same name, the English company Snuko offers the common repertoire of functions for tracking a missing laptop. This includes the transmission of network data and recordings of a possibly existing webcam.

Possible measures against data theft include downloading critical information and then deleting the hard drive. The tool also allows the subsequent encryption of files. Snuka also offers a lock function, although it is unclear whether it supports Intel’s AT-p.

Snuka is available in versions for private users and business customers. The former costs 18 euros per license. In addition to English, the software also offers German user guidance.

Sybase Afaria

Sybase is known as the leading database provider in the 1990s and the provider of the popular 4GL tool PowerBuilder. Since the demise of this business area, the company has specialized in solutions for mobile computing. SAP just bought Sybase for $ 5.8 billion.

Afaria is a comprehensive framework for the management of mobile devices. In addition to Windows laptops, it supports a large number of clients, including Apple (iPhone, iPod Touch) and those running Windows Mobile, Symbian and Palm OS. The suite consists of numerous components that are responsible for data encryption, backup, the distribution of software and patches, and license management.

Essential functions for securing lost devices can be found in the Inventory Manager. They can block the devices in question from accessing the company network, delete data on the end device, and collect information that can be used to find the device again.

Mobile Solution from SafeFrontier

The software is a comprehensive package for the management of mobile clients. It can lock lost laptops, either explicitly or according to certain conditions, for example, if it does not respond for a certain period of time. The Mobile Solution collects the usual network information and can also request GPS data.

The software also creates screenshots of the illegal use and transfers them to the headquarters. In addition to helping locate laptops, SafeFrontier prevents abuse by deleting remote data on the target computer.

Adeona

Adeona is an open-source solution for tracking your lost laptops. It collects information such as IP addresses or WiFi data, on the Mac it can trigger the built-in camera. The Windows version requires Cygwin. It is not possible to lock the remote device. OpenDHT, which Adeona used to store tracking information, is no longer online. The developers of therefore currently advise against using the software.

Citrix XenClient

The XenClient is of course not primarily software for locking and detecting lost laptops, but rather a type 1 hypervisor for the client. For desktop virtualization, as pursued by Citrix, he primarily takes on the task of supplementing this centralized concept with an offline component.

Even if virtual machines then run on the client and are not always connected to the backend, the music also plays in this constellation on the server. One component of the overall central management is to put lost or stolen laptops out of action to prevent unauthorized persons from accessing sensitive data.