Establishing Digital Trust: Don't Sacrifice Security for Convenience
I had my laptop stolen once, about five years ago, from the trunk of a locked car parked at a shopping mall. You never forget that experience of being violated, of being stupid. (And it seems to be getting more common, according to this story in the LA Times where thieves follow customers buying new PCs home from Apple Stores.)
So what can you do to be more proactive, given the number of laptops that go missing every month? One way is to use one of a growing number of recovery software tools that automatically "phone home" (in the Internet sense of the word) and help you and the authorities, should they be interested, in trying to track it down. Think of what LoJack does for locating cars, with the added information that having an Internet connection can bring (indeed, the company is one that offers a laptop tool).
While it sounds like a great idea, there are several issues with using these tools.First, most of them are designed for individuals, not corporations. Absolute Software's Computrace has an enterprise version called Complete in their LoJack for Laptops line, which has tools that offer more asset tracking and remote hard disk destruction that aren't found in an individual product. zTrace Technologies' zTrace Gold, MyLaptopGPS for Windows, and Brigadoon's PC/Mac PhoneHome products all offer quantity pricing for business customers, but not much else in terms of added features over their individual versions.
Turn the tables
A second alternative is to look at central monitoring and image automation tools, such as Symantec's Altiris and Kaseya that can be used in a stolen laptop situation. Greg Hemig, a Sacramento Kaesya VAR, did exactly that and was able to recover two independently stolen laptops by using the remote control features.
"I was able to find out not just an IP address, which is what a typical anti-theft product like LoJack would provide, but an actual physical address, the names of the users girlfriend and family, how to access their bank accounts, and even turn on the microphone on the laptop and listen to what they were saying while they were typing," says Hemig. Scary stuff, but within two weeks of contacting law enforcement, he was able to get back both machines to their original owners.
Third, the versions that are offered differ as to features between Mac and Windows, with the Mac (if it is supported at all) usually being a poor cousin. If you have a mixed network, this could be a determining factor as to which product you end up deploying. Taking Computrace as an example again, the Mac version doesn't include the special embedded BIOS agent that comes with their Windows product. (A list of supported laptops is here.)
Phoenix Technologies offers something similar for its OEM BIOS customers called FailSafe, but not for the general public. And GadgetTrak has software for both Mac and Windows, but prices them differently. [Editors note: Check back later this month for a more in-depth look at GadgetTrak.]
Next, these tools are just part of an overall laptop security solution that should also include disk encryption and password-protecting your boot drive. If these tools live on your hard disk and if you haven't enabled a firmware or disk password, any intelligent thief can just reformat your hard drive and remove this protection, or just remove the hard drive itself. So it makes sense to start by putting password protection on all of your machines as first line of defense. Disk encryption is especially important if you need to protect confidential corporate or business data, not to mention your own personal data, such as bank account passwords, as well.
Which brings me to my last point: Do you really need a vendor-operated central monitoring station, or can you set up your own central place where alerts can be sent? GadgetTrak, Oribicules Undercover for Macs and iPhones, Prey (for Mac, Windows, and Linux), and PC/Mac PhoneHome are all tools that don't make use of any central monitoring station, instead, the software sends info to your e-mail (and for GagetTrak, to Flickr) accounts directly. With some of these products, upon booting they look for the presence or absence of a special URL that indicates the laptop has been stolen. If so, they send information, such as the current IP address, a snapshot from a Webcam, screenshots, and other details to your e-mail address.
One user of Undercover had his laptop stolen about two years ago, also from his car. (Have you realized never to leave a laptop in a vehicle now?) "Within a few days, we had screenshots and camera images of the thief and working with local authorities, we were able to recover the laptop within a week," said Lenny, a friend of mine who has run several major corporations and is a big fan of their software.
While options vary depending on need, OS, and budget, the ideal approach to protecting your laptop is to cover your bases: use password protection and disk encryption, and employ a collection of tools, including a monitoring product with a corresponding tracking piece on each laptopand never leave your laptop in your car!
David Strom is an international authority on network and Internet technologies based in St. Louis, MO. He has written extensively on these topics for more than 20 years for a wide variety of print publications and Websites, including as editor-in-chief at Network Computing, DigitalLanding.com, and Tom's Hardware.com. You can find him online at Strominator.com and e-mail him email@example.com.