T410s Computrace question

Hello,

I purchased a T410s on eBay not long ago (building my burger collection) and everything is to my likely except one thing.

Every time I go into the BIOS I get this big white message box about Computrace. Computrace is enabled and active in the BIOS. However, I can't turn it off.

I called Computrace and explained the situation. The first thing I asked them to do was check and see if the machine was stolen. They were evasive about that. I then asked if the machine really had a Computrace account. I was told the machine did not have an account and had never been activated.

How do I make the nag box go away? It isn't that big of a deal but I would like to disable the feature if possible.

 

This is when you go back to the eBay seller and, if they didn't include this fact in the description, return it.

At least to me, active Computrace and a seller that didn't mention it is a giant red flag. At best it's a sloppy seller, at worst it's a hot machine.

 

I'm pretty in this case it's a sloppy seller. His reputation history is pretty good. Not perfect but most of the neg feedback is about slow shipping.

I'm really trying to understand the process more than anything. If a person goes into the BIOS and enables this feature, but never actually establishes an account with Computrace, why can't I disable it? Surely this happens all the time as users futz around in the system.

 

On some older ThinkPads I've been able to get rid of it by just re-flashing the BIOS, but your mileage may vary...

 

The problem is once you choose to either activate/deactivate Computrace in the BIOS it becomes permanent and you can't change it in the future. What they should've done is when the user wish to toggle the Computrace feature at least allow them to set a password lock to prevent unauthorised users (i.e. Thieves) from disabling it and allow legitimate users to disable it in the future if they want by re-entering the correct password back in.

I don't know why that seller decided to even fiddle with the settings if they're not sure what it does, if they weren't upfront about it on the listing then I would complain.

 

I've been doing a bit more reading this weekend. I understand if I call Absolute Software with the motherboard serial number, and the machine serial number, they can check their records to see if the machine is hot. If it hasn't been reported stolen, then they can remove entries on their end that will make this message go away, and I assume give me the ability to either activate it again down the road, or permanently disable it.

Is this accurate?

I'm a little concerned about the rootkit article on CNET about the Computrace module.

 

How would Absolute Software know that a particular caller following that procedure had not stolen the computer and simply contacted them before the rightful owner had a chance to report the theft?

Is the BIOS actually installing the Windows service, or is it just making it possible for a user to do so?

 

Well, I can prove I bought it for one thing. My PayPal and CC transactions will bare that out. So unless the "original" owner was real lazy in reporting this, that simply isn't going to happen in this scenario.

As for the service, no, a service is not being installed that I can tell. There is a rpc file being copied from the BIOS to c:\windows\system32 but I have that stopped in it's tracks.

 

From my understanding once it is activated on the BIOS, there is no way to undo the option.

 

If that's true, this is a terrible Lenovo decision. I am going to make yet another call to Absolute later today.

 

Neither Absolute nor Lenovo will really help in the matter. The IBM support center in Atlanta said I could send it in for a motherboard replacement but there was no guarantee the repair center would actually do the repair.

Screw it.

I filed a case in the eBay resolution center for full refund and will return the machine when I get my money back.

I see no reason for Lenovo/IBM to be involved other than the design is really suspect. The potential for a rootkit vuln is also bad though Absolute software says that is resolved. Of course they'd say that.

 

AFAIK that's common to all Computrace-equipped laptops, not just ThinkPads (at least the ones I've seen.)

One of the many reasons I hate Computrace. (The fact that it's basically useless if the thief doesn't use Windows is another reason...)

 

It may mean the machine was from ex-corporate or government environment. But given the fact that the ebay seller was not upfront about it, i would just return it.

 

Thor,
I have computrace on all of my Lenovo's and it resulted in recovery of my earlier T61. I wouldn't gripe about a sign appearing in the bios.
Renee

 

If the password in the BIOS is changed can the laptop still be monitored? I got my laptop a few months ago & I just found out about this thing called "lojack". I don't think I approve of this possible invasion of privacy either. I'm very responsible when it comes to keeping an eye on it so I don't think I need their services. I did change the password but just not sure if that helps.

 

i don't think password will stop lojack reporting back the exact location of where your laptop is. You need to deactivate it to prevent IP tracing.

 

When last I investigated it, Computrace rather expected to be able to infect a Windows installation to do most of its work. The BIOS stuff was just an on/off feature, some identification info sniffing, and a couple of injection methods designed to drop a payload into a running copy of Windows. Past that, the rest was done through Windows software.

I'm not sure if that's still the case, but c. 2008 if you weren't running Windows or Mac OS, Computrace couldn't infect your OS -- so even if it was active it was harmless.

I'd still be uneasy about it though.

 

Thanks guys...someone told me I would have to change or hide my ip address. Of course I don't know anything about either...

 

If they run it using the Intel vPro technology it is independent of the OS. All the phoning home is done at the hardware level and can be accomplished with no OS running.

 

When last I checked, they didn't. The BIOS portion did exactly what I said: it did some identification, etc. and injected a rootkit-ish payload into the OS. The rest was handled by the rootkit.

That may have changed in the last three years, but I doubt it; I certainly haven't seen anything indicating that it has.