Computrace

Can anyone confirm if the m15X has Computrace imbedded in the bios? I have gotten yes and no from Dell chat support and I know the average user on this site is probably twice as sophisticated as a level 3 Dell chat employee. Thanks

 

Well, last time i checked Lo-Jack was implanted in your bios. But that doesn't mean you don't have to purchase a plan for it to work ^^

 

Right but the threat is still there even if it is inactive. The have full access to your computer at will and so does anyone with access to it through them such as a savvy hacker. This is NSA spyware and I will avoid it at all cost.

Thank you for reply

 

Real secret agent stuff eh?

 

Well if u ever get investigated for anything even if u r completely innocent you will wish u had not had this on ur machine. trust me

 

I know the mod's limit speculation threads,
dont they limit paranoia threads too?

I use Computrace, I travel the USA constantly.
IF my machine is taken, not only will I know about it
I have the option to have my hard drive erased, including all accounting info,
and proof of theft for court purposes and its recovery.

Paranoia kills and my machine is safe. How r u doin'?

 

You must be a shill for the company or Dell or Lenova. How about this:


These things are not speculation much of which can be found on Absolute software website.

1. Abosulte software can not ever be removed by any means if it is imbedded into the bios which is how Dell and Lenova are doing it. If you find a way to stop it from running it will force a reboot and reinstall itself.

2. You can not benefit from this on your machine unless you pay them a subscription fee.

3. You are right they can wipe your hard drive. They can also access or alter any file on your computer as well. Any savvy hacker can use their non-removable software as a way to your machine and files and perform any action Absolute can including taking your passwords, keyloggers or deleting your hard drive. They have installed a permanent impenetrable security flaw and charged you for it without your consent.

Have a read: "The service — called Computrace LoJack for Laptops — contains design vulnerabilities and a lack of strong authentication that can lead to “a complete and persistent compromise of an affected system,” according to Black Hat conference presentation by researchersAlfredo Ortega and Anibal Sacco from Core Security Technologies."

http://www.zdnet.com/blog/security/researchers-find-insecure-bios-rootkit-pre-loaded-in-laptops/3828

or the follow up that states:

"Should LoJack customers worry? Common sense in the current threatscape will position the practice of hijacking the service for malware serving purposes as highly exotic one. But yes, the flaw is there. What the customers of the service should be really concerned with, is the ease with which a potential thief can block it from phoning back his location." Which means your precious security of recovering your machine can be rendered useless.


http://www.zdnet.com/blog/security/absolute-software-downplays-bios-rootkit-claims/3936


4. If your computer's stolen your information -- by far the most valuable part of it -- isn't protected by Computrace anyway. The thief may extract it and do God knows what with it before he is caught -- if he is caught. Computrace can only wipe your hard drive if the thief goes online which to a theif who is stealing laptops for data probably knows this and stays offline until he gets what he needs. So use encryption software. TrueCrypt is free, and open source (therefore thoroughly tested). You can encrypt your entire computer if you want. In one case the Brazilian government sent a computer to the FBI to have it cracked, and they gave up after five months effort. Buy insurance if you think it's worth the cost.

5. Absolute states that if you dont pay for a subscription their software lays dormant but I caught it accessing the internet by Peerblock and ZoneAlarm firewall. So they are lying.

6. Not getting your computer stolen it's called personal responsibility and it is a virtue. Handing over to authority of one's responsibility to think and solve one's own problems, hows that working for ya?

7. Check out this link of user comments such as this:

"It is indeed Computrace. You can remove it, but the BIOS will push it back. This is mainly seen on Lenovo and Dell but others are jumping on. Your IT guys can now track you on a map and see an inventory of everything on your PC. In fact, with Absolute, they can remote wipe your PC. Then can snap a photo of you with the webcam and you would never know. I know what I'm talking about because I am that IT guy."

or

"Absolute' claims it can remotely destroy HD on command, but when asked how that power is protected from accidents they provided NO technical assurance, just marketing/salesman BS. It acts like spyware, works like spyware, and can destroy your computer. If it could spread we'd call it a virus!"

File Information - How to remove rpcnet.exe error problem

8.They may have already stolen from you. If computer manufacturers pay them for this "enhancement" -- or at least somebody does. Obviously the cost gets passed onto the consumer who buys the laptop. And you were never informed it was there, so they MADE you buy it without your consent. That's fraud. Even if you weren't paying for it, they are giving you something dangerous to your right to privacy, and without your consent, or even knowledge. That's criminal deception. But by all means take the word of a thief who says he can access your files but wont.

deleted as per suggested.

 

I appreciate your grave concerns over privacy, however my opinion is your last paragraph plays between the lines of respect/disrespect. Whilst your post is backed up with some relevant research which is indeed not overlooked I'm certain, with a little more thought, there would have been a better way to close the post.
Respect is found in the last place most people would ever look.

 

^ Agreed
Your post had some very useful and informative stuff, but there wasn't any real need for the last paragraph. No need to disrespect here.

 

overbet, the tone of your last post is not just defensive but hostile and aggressive. Back down if you want constructive responses.

 

It was intended as hostile. He pissed me off calling me paranoid when he is clearly uninformed and just shouting off at the mouth. My therapist is helping me work on my intolerance for ignorance issues. I concede you are right I should have not responded in that manner and it devalued my post. Sorry it wont happen again.

 

Not to offend mate, but you state that you are an IT guy, perhaps you could
Find a better way to know this without starting such a speculative thread. If a TRUE hacker wants your info he will take it, there are MANY ways to do it!. Do you still think that internet is safe? Come on you are giving ALOT of info when you post here... Someone with brain and skills would
Track your email, then get your ip and personal info then they would take your global location and then they would break in to your house and give you a lesson... All IF they want. Trust me I know what Im talking about . Even if you encrypt your info there are many ways to take the info with smart hardware based solutions...

 

i tend to agree with overbet,
while i do like the idea of extra security, allowing a company to have such access (even if they never use it) is just too much.

I can confirm that my m15x (1st revision) has the computrace option in the bios. once enabled or disabled it's stuck on that option, unable to be changed.

 

Well, i have to say that i much less agree with u, overbet, and thank you for all the useful information. But your last post is a little hostile, i must say. 6 months ago, i was about to subscribe to Lo-Jack service but i didn't. Now, i'm happy with my decision. In the end, it's all about how YOU protect your pc and YOU alone, don't let anyone else do it.

 

there are many ways into a house, it does not mean you should not lock your doors.

there's a difference between accepted risk and being plain silly. being on the internet, having a wireless (secured with wpa2 and a decent password), the convenience of online banking (with verification) are some of the risks most of us will take.

allowing a company into our private and personal lives to protect us from a theft which might happen.... no. i'd rather insure the laptop if it came down to that tbh.

 

It doesn't matter what somebody else does, what matters most is what you do. Nobody was holding a gun to your head telling you to be that way.

Any way I was always concerned about Computrace, at times I hold others sensitive data on my system. Your posts have helped with my decision in:
1. Saving $$$ for a service that is questionable.
2. My duty of care in protecting others privacy.

I extend my thanks to you and regardless +rep point for the useful info.


edit* my system is locked via bios on bootup and drive is bitlocked (and yeah I do know that removing the button cell clears cmos, mainstream crooks are a little dumb.)

 

It really depends on the size of the door , perhaps you don't even know and you have a 3 meters door open because of a java update and you are worried because you have a small mouse hole on your garden... Yeah its silly if
You dont protect yourself, but it is more silly not thinking about this.

Wpa2 can be cracked too... A plain and simple keylogger would take your info on internet, someone could poison the cookies of a mod and then take the info of almost all the accounts of a site... €'@&? happens dude and you cant really stop someone decided to defeat you... But I understand the point... I have a lojack 2 years licence
Over my desk which came with a computer I just bought, Ill never install it not because they know my location, not because of precious personal info, Ill not install it because I dont want them to know the contents of the disk and what I do...

 

haha touché.

yeah there are points for either side really.

 

Hi, glad the information helped. I am not an IT guy that reference is a "quote" from a person in the link provided below it.

Again I am sorry I responded hostilely, it wont happen again. I was having a bad day and had all I could take.

Anyway Computrace is still not off my XPS and Dell is telling me they are working on it and I am holding my breathe.

 

+rep for useful info overbet. I had no idea about the computrace vulnerabilities. I didn't read the "hostile" portion in question, but it's good of you to admit you were wrong and apologize. We're all human after all.

So am I to assume that as long as Computrace is disabled in the BIOS, the vulnerabilities in question are a non-issue?

 

once you set your option in the bios it cannot be changed.
i've not noticed any of the said system files in my current OS. did a complete search just in case, came up with nothing.
(my system has computrace disabled - permanently)

 

Same here. I added a BIOS password just in case someone tries to mess with it.

 

I think Overbet makes some seriously good points. However, no matter what you do their is just not a substitute for being "off grid". Whether your credit cards are zapped while walking around in a town or cams or whatever. It's one of those things that if you think about makes you sick to your stomach. So I just try not to think about it. I don't want to be a victim, but you can only fight so many battles and you have to choose them wisely.

Good post Overbet. One of the more interesting ones I've read in a long time.

StevenX

 

Good point Steven. The entire world being connected can be a convenience and a curse at the same time.

 

I really would like someone with the skills and time, to do a video showing a hacking of this kind, through Computrace or LoJack.

Of course, using black squares or blurring on certain specific parts, to prevent someone from repeating the steps and learning how to hack... I mean just to prove it can be done.

 

Did you read Overbet's post? There are some credible sources there. Not sure how much more proof is needed.

 

I don't say I don't believe it, I just say I'd like to see it...

not to learn how to do it, just for entertaining purposes...

 

Been looking into this a bit more. Found this article that goes into detail about Computrace, which they label as a Rootkit. Disturbing stuff:

The BIOS-Embedded Anti-Theft Persistent Agent that Couldn’t: Handling the Ostrich Defense Core Security Technologies

Here is the original PDF publication from the guys who discovered this:

http://corelabs.coresecurity.com/attachment.php?type=publication&page=Deactivate_the_Rootkit&file=Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf

BTW, do you recall that school scandal a little while back where school staff was supposedly spying on their students at home while they were using school laptops? Well the software is made by the company that makes Computrace.
LANrev | Threat Level | Wired.com


EDIT: Actually, here are some videos:
http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=Deactivate_the_Rootkit

 

Kosti that is a good find. Thank you for the info.

Glad there are others who care about their right to privacy being taken without their consent.

My understanding is computrace can be compared to herpes in that it never really goes away once it has infected you. I have disabled it in the bios but absolute has the power to enable it at will. The company stated they disabled it on their end but I then caught it trying to access the internet after that and peerblocker showed it. I have a screen shot of that too.

Here is an email I got from them after threatening them with legal action and CCing the top execs at Dell, Lenova and Absolute.



In looking at your Service Tag, it looks like Dell either accidentally activated the Computrace agent on your machine before sending it out, or may have sent you a machine that was originally meant for a customer who wanted Computrace. This resulted in an agent on your computer trying to reach our monitoring center (which explains the rpcnet.exe process), but not being associated with any account.



From our end, we have sent a command for the agent on your computer to remove itself on the next call to us (should be next time the computer connects to the internet). While we can’t remove the technology built into the BIOS (BIOS will still list ‘Computrace’, with no agent active on the computer you will not see a running process from us nor will the computer have any connections with our monitoring center.



For details on how the agent was activated on your computer, Dell may be able to provide more information as it was done completely outside the control of Absolute Software.



If there’s something else I can clarify or assist with, please let me know.

 

other attachment

 

Honestly, after doing the reading, I can say that I would feel very uneasy that something is running on my system that can eventually lead to unauthorized control. How is this any different than a trojan horse that a hacker uses? But from what I understand, as long as it is disabled in the BIOS, it will not run. In that regard, M15x owners are somewhat lucky. Did you see that Lenovo tablet in the video? It didn't even have an option to disable it in the BIOS. But once it is enabled, it automatically loads the Windows agent, regardless of formatting or swapping hard drives (the agent files are located in the BIOS).

According to the article, there is a way to simply trick the agent into reporting to a bogus IP address instead of Absolute's servers.

I don't understand the e-mail they sent. They claim to have sent a command to remove the agent, yet by design, the agent is persistent and as long as it is enabled in the BIOS, the self-healing technology it uses will just make it reinstall again.

I'm confused about the 2nd attachment. You mean it's disabled in the BIOS, yet the agent was still running on your system?

 

It is all very questionable to me.

 

Maybe overbet can tell me. My trace has never been activated. It was set to deactivated in bios. It let me set it to disabled and saved it. So am I ok?

Thanks, StevenX

 

overbet, your current Computrace state is "deactivated" correct? Was it in an active state when the agent was running? Perhaps Absolute sent a command to deactivate it on your machine, that's why it says deactivated in the pic. Is that a possibility? Can you ask your contact at Absolute.

Otherwise, if the agent is running and reporting to Absolute even when it is disabled in the BIOS, then something seriously wrong is happening here.

EDIT: I just re-read my post, and I just realized how wrong it is for a 3rd party to even have the ability to turn stuff on or off on your system in the first place. If Absolute sent a command to deactivate Computrace, that means they had control of your system.

 

So why even have it on your system. If you found that work around certainly a thief can find the same info and use it. So any benefit goes right out the window.

Look I dont mind how much bloatware a laptop manufacturer puts on my machine when I buy. They can try to sell me as much junk as they want but allow me to remove it if I dont want it on there especially if its dangerous.

It was deactivated and I do not know how it became reactivated to allow the agent to run but it did. Perhaps a hacker, someone at Dell, a rouge Absolute employee? Your guess is as good as mine but obviously the point is nobody should have the ability to reactivate it but me.

@ Steven, You're right it does make me sick to my stomach when I think about it. I took a piece of a bandaid and stuck it over my wife's and my own webcams. Regarding your comment about the status of Computrace if it had never been activated, I do not know the answer and would only be guessing. If I come across some evidence that supports or refutes your assumption I will post it or pm it to you.


I am going to continue to work on putting together all of this info in a tidy post and plaster it around sites like this so people can understand what they are trading off when they buy these Lo Jack trojan infected machines.