I’ve published some articles on protecting deleted files. In one of them I assert the following:

Eraser has a free hard drive reformatting utility that can remove asset tracking programs like Absolute Software’s CompuTrace. I always have a laugh at the way school districts seek to use software to protect against theft…with this software, a Linux Boot CD, this protection is nullified. It is protection only for those computers that aren’t stolen. This is important to know, especially for organizations who might choose to use this expensive software in lieu of other security methods (e.g. cables to secure computer equipment).

Today, I received an email from the Chief Executive Officer for Absolute Software, John Livingston. It reads as follows (I have his permission to share):

—– Original Message —-
From: John Livingston
To: mguhlin@yahoo.com
Sent: Monday, January 22, 2007
Subject: April 10th, 2006 article “Protecting Deleted Files” – reference to Computrace

Miguel,
I know you are an important voice for the Education computing market and wanted to write you personally concerning your April 10th, 2006 article “Protecting Deleted Files” and associated pod cast. It was recently forwarded to me by a customer who was slightly confused by its content. The customer also mentioned that this article was sent to possibly hundreds of other independent school districts.

Here is the excerpt that concerns me:

“Eraser has a free hard drive reformatting utility that can remove asset tracking programs like Absolute Software’s Computrace. I always have a laugh at the way school districts seek to use software to protect against theft…with this software, a Linux Boot CD, this protection is nullified. It is protection only for those computers that aren’t stolen. This is important to know, especially for organizations who might choose to use this expensive software in lieu of other security methods (e.g. cables to secure computer equipment). “

The above excerpt is out of date with respect to the Computrace technology and inaccurately mentions that Computrace is easily erased by programs such as “Eraser” and therefore has little or no value in protecting computers from theft. Here’s why…

Computrace is no longer just “software”. Absolute Software has been working closely for many years with the computer manufacturers to have Computrace support embedded in the firmware or BIOS of the computer so that it will survive unauthorized attempts to delete it. Computrace “Anti-Theft” now has embedded support from the following notebook manufacturers: Lenovo; Dell; HP (commercial series); Fujitsu; Gateway (commercial series) and Panasonic and will fully survive any Microsoft operating system re-installation regardless of any disk reformatting utility such as Eraser.

Here is a partial list of exactly which notebooks are Computrace BIOS enabled http://www.absolute.com/public/resellers/default.asp . In terms of our theft recovery successes, we recovered over one thousand stolen computers last year (2006) for our customers, many of which are educational organizations. And in certain circumstances where the stolen computer does not call us, we have a $1000.00 computer recovery guarantee, which helps the educator replace the stolen unit. Also, for some of our larger school customers, we have broken up internal theft rings that have been plaguing the schools for years (cables— while complementary—can’t stop the root cause of theft). To view specific educational success stories, please visit: http://www.absolute.com/public/successstories/educationsuccessstories.asp

Finally, in terms of disk deletion, you may be interested in a new product that we released to commercial customers last year–Computrace Data Protection. If a computer is stolen that has sensitive information on it, we enable the customer to do a remote data wipe on that missing computer. More information on this product can be found at: http://www.absolute.com/Public/data-protection/data-protection.asp .

I wanted to personally reach out to you and would really appreciate the opportunity to discuss this with you further, and provide you with additional information on how Absolute’s persistent tracking technology is currently being utilized with great success in schools today. Could we work together to get an new update out to your audience as to Absolute’s proven value in recovering stolen computers and its persistent technology which is now built into most of the PC manufacturers?

Very Best Regards

John

John Livingston
Chief Executive Officer
Absolute Software Corp.
Keep IT Simple. Keep IT Safe.
http://www.absolute.com
Direct: 604-730-9851 ext 104
Cell: 604-763-1008
Email: jliving@absolute.com

In response to the email above, which I thought was exceedingly gracious, I wrote (his comments are in italics with emphasis in bold [mine]):

From: Miguel Guhlin [mailto:mguhlin@yahoo.com]
Sent: Monday, January 22, 2007
To: John Livingston
Subject: Re: April 10th, 2006 article “Protecting Deleted Files” – reference to Computrace

John:
Thanks for bringing the updates in Absolute Software’s product, CompuTrace, to my attention! If you like, I can post an update on the article itself (which one are you referring to since it’s published in several places?), as well as share it in my blog (which gets lots of visitors). That should ensure the correct information gets out…will that help clear up any misconceptions?

That said, I would also like the opportunity to ask some follow-up questions to your email. Two questions come to mind that I would love to have you share your unique insights on; those questions include the following:

1) What if the hard drive is repartitioned, and users employ dual-boot scenario, one side running Linux and the other Windows? If running Linux, would CompuTrace still work? After repartitioning Computrace will work when running in Windows.

2) You mention Eraser wouldn’t cause removal of CompuTrace. If CompuTrace is part of the bios, I imagine that it would not. However, if the machine is reformatted using a utility like Darik’s Boot-n-Nuke, loaded with a new Operating System (e.g. Linux), then pressed into service, would Absolute Software be able to find the equipment? In other words, would it still work as advertised? Well we support Windows and MAC OS 10+ so yes; we would work if rebooted into a Windows world, but not if the user boots into Linux.

With appreciation for your contact,

Miguel Guhlin

His response was as follows:

—– Original Message —-
From: John Livingston
To: Miguel Guhlin
Sent: Monday, January 22, 2007
Subject: RE: April 10th, 2006 article “Protecting Deleted Files” – reference to Computrace

Miguel,

Most of our customers run Windows or a Mac OS. These are the OS’s we support today. Linux, while a great OS, only has one percent of the install base, and we don’t support it at this time. Also please keep in mind than the people who steal these computers from schools are not as computer capable as you, i.e. they are probably not running Linux. Computer thieves are often fencing the stolen equipment for $100 to get their next fix. They will typically sell the PC – as is – to a local pawn shop or re-install Windows and use the PC themselves or sell the PC on eBay. In these scenarios’, windows typically gets loaded, we locate the computer and break the theft ring that’s been plaguing the school. And at the end of the day – that’s what we care about.

Hope that helps…

John

Now, based on John’s responses to my questions, I suppose I might be safe in asserting that the answer to my questions is, “No, CompuTrace will not work if the computer is formatted with Darik’s Boot-n-Nuke and loaded with a Linux operating system.” I would then clarify my original assertion in the article–which I’ll do later tonight after dinner–to read as follows:

Eraser has a free hard drive reformatting utility that can temporarily remove asset tracking programs like Absolute Software’s CompuTrace. The removal is temporary because newer versions of CompuTrace–installed to the BIOS–can reinstall themselves ONLY IF a thief installs the Windows Operating System. Note that loading Linux onto the hard drive–and wiping out the Windows OS installation–will nullify the protection offered by CompuTrace. This is important to know, especially for organizations who might choose to use this expensive software in lieu of other security methods (e.g. cables to secure computer equipment). CompuTrace will NOT work if the computer is formatted with a utility like Darik’s Boot-n-Nuke, and loaded with another operating system besides Windows. While CompuTrace will protect against the casual thief, as computer criminals become more technology proficient and learn to load Linux on stolen machines, this sytem of protection will be even less effective. Absolute Software’s Chief Executive Officer, John Livingston, shares,

“Most of our customers run Windows or a Mac OS. These are the OS’s we support today. Linux, while a great OS, only has one percent of the install base, and we don’t support it at this time. Also please keep in mind than the people who steal these computers from schools are not as computer capable…they are probably not running Linux. Computer thieves are often fencing the stolen equipment for $100 to get their next fix. They will typically sell the PC – as is – to a local pawn shop or re-install Windows and use the PC themselves or sell the PC on eBay. In these scenarios’, Windows typically gets loaded, we locate the computer and break the theft ring that’s been plaguing the school.”

I’ll have to work that paragraph over a bit more. It is nice to know beyond a shadow of a doubt, though. My appreciation to John for clarifying this issue! In the meantime, I encourage you to visit Absolute Software’s web site to find out more about the product, CompuTrace!

Follow Up:

After my initial post on CompuTrace–what, day before yesterday?–Steve E. and a stockholder in Absolute Software have emailed or left comments on the original post. While Steve acknowledges the technical accuracy of the post, he shares it doesn’t reflect his experience. As Steve points out, my comment remains technically accurate.

I am writing because what Miguel has written, while technically accurate, does not reflect our experience with Computrace.

And, that’s true. CompuTrace has been successful in reducing computer theft, both as a preventative and in recovery. This makes it a unique product and a viable alternative–for now–to computer cables, etc. And yet, my purpose is to highlight that CompuTrace is not foolproof. A determined, knowledgeable thief can bypass CompuTrace if they reformat the machine using a program like Darik’s Boot-n-Nuke, and then, in lieu of Windows, install a GNU/Linux operating system (e.g. UbuntuLinux). Is that more work than getting around a cable? You decide…and that’s the point of sharing this information. One stockholder actually didn’t know/understand that loading an alternate operating system instead of Windows would effectively nullify CompuTrace’s effect. You need the information to make the decision and ask questions. Kudos to Absolute Software for being unafraid to share their thoughts in the blogosphere.

As schools are moving towards open source software deployment–consider the State of Indiana’s initiative–I suggested to the CEO that he consider including Linux as one of the operating systems supported by CompuTrace. He has responded that they will do more research.

One of the follow-up questions I had from readers via email was, “Thieves could just ‘flash the BIOS.'” I have never “flashed” a BIOS so I’m not technologically savvy in that regard. When I shared the question with John (CEO, Absolute Software), he responded in this way:

On the BIOS flash – the OEM’s have created flash updates that include Computrace support so our module is still present and the anti-theft setting and original ownership record is persevered. We have created the Computrace persistent software/firmware module to ensure that when a school or individual activates our computer theft recovery service – that upon a theft, the stolen notebook can be tracked, recovered and returned to its rightful owner.

From what I have read about flashing the BIOS, it is a deliberate action that can ruin your computer if done incorrectly. Again, sophisticated thieves would have to be involved a computer theft ring, and if one can imagine a chop shop for cars, why not for computers? Is this response valid to the flashing the BIOS? In this case, I must depend on you.

Finally, to round out the conversation, I invited John Livingston, CEO of Absolute Software, to participate in a Skypecast, as well as setup a blog for his business. Here’s the invite for the SkypeCast:

Is there any interest on your part in doing a Skype interview to share your product, and then share that as a podcast? We could then invite in–via Skype–educators to share their experiences. The Skypecast would go for an hour, then be released as a podcast. Let me know and we’ll set up a convenient time.

John’s response was as follows:

I would look forward to the Skype interview and have cc Courtney C.[last name omitted] to help arrange it.

So, what kind of questions would you like to see about CompuTrace and computer security in general?

A few short months ago, I challenged the idea that Absolute Software’s CompuTrace product was a laptop theft-deterrant. Since I had access to a computer loaded with CompuTrace, I found that if I reformatted the computer, loaded GNU/Linux on it, the computer would not check in. This effectively bypassed the protection CompuTrace provided.

When I shared my findings with others via my blog, I immediately received emails testifying to how wonderful CompuTrace was. However, the criticisms didn’t nullify the fact that if a thief steals a laptop with CompuTrace on it, loads Linux instead of Windows or Macintosh, that laptop will not check in.

As I was reviewing the emails and resulting conversations on my blog, I received an email from John Livingston, CEO of Absolute Software. He was kind enough to agree to an interview for podcasting purposes.

This podcast would have been completed earlier, but I was a bit busy getting ready to go to New Zealand and a few million other projects. We finally had a chance to have a chat over the phone on Monday, April 9th. It was a fun conversation, mainly because John gave us his perspective on CompuTrace. He also invites feedback via the Absolute Software Blog.

Listen to Podcast Interview with John Livingston

(Full Disclosure: No, I’m not getting paid or compensated in any way to link to them or mention them here!)

---

Subscribe to Around the Corner-MGuhlin.net