|
LoJack for Laptops (originally known as ''CompuTrace'') is a proprietary laptop theft recovery software (laptop tracking software) with features including the abilities to remotely lock, delete files from, and locate the stolen laptop on a map. The persistent security features are built into the firmware of devices themselves. Additionally, LoJack for Laptops provides additional services of an Investigations and Recovery Team who partners with law enforcement agencies around the world to return protected laptops to their owners.〔( Theft Report White Papers ). by Absolute Software〕〔(LoJack foils laptop theft ), ''Techworld.com''〕〔(【引用サイトリンク】title=LoJack for Laptops Software Review by PCMag.com )〕 Absolute Software licenses the name LoJack from the vehicle recovery service LoJack in 2005. Activated Computrace/LoJack for Laptops periodically phones home to Absolute Software's server to both announce its location and to check to see if the machine has been reported stolen.〔 〕 Absolute's Computrace persistence module is preinstalled into many BIOS images by most laptop vendors.〔 Analysis of Computrace by Kaspersky Lab shows that in rare cases, the software was preactivated without user authorization. The software agent behaves like rootkit (bootkit), reinstalling a small installer agent into the Windows OS at boot time. This installer later downloads the full agent from Absolute's servers via the internet. This installer (small agent) is vulnerable to certain local attacks〔(Absolute Computrace Revisited ) / SecureList, Vitaly Kamluk, February 12, 2014.〕 and attacks from hackers who can control network communications of the victim. ==How it Works== Once installed, the Computrace agent activates Absolute Persistence by making an initial call to the Monitoring Center (for example, search.namequery.com, bh.namequery.com, etc.〔). Agent may be updated by modules, downloaded from command server (in small agent there is no authentification of server).〔 Subsequent contact occurs daily, checking to ensure this agent remains installed and provides detailed data such as location, user, software, and hardware. If the device is stolen the owner first contacts the police to file a report, then contacts Absolute. The next time the protected device connects to the internet it silently switches to theft mode and accelerates Monitoring Center communication. The Investigations and Recovery team forensically mines the computer using a variety of procedures including key captures, registry and file scanning, geolocation, and other investigative techniques. The team works closely with local law enforcement to recover the protected device, and provides police with evidence to pursue criminal charges. In the event of theft, a user can log into their online account to remotely lock the computer or delete sensitive files to avoid identity theft.〔( How to keep your laptop from being stolen ). by Andrew Nusca for The ToyBox, February 26, 2009〕 ''LoJack'' comes preinstalled in the BIOSes of, at least, Lenovo, HP, Dell, Fujitsu, Panasonic, Toshiba, and Asus machines.〔(Absolute Software, Partner: BIOS Compatibility ), ''absolute.com''〕 Apple, unlike the PC computer manufacturers, does not allow the software to be installed in the BIOS.〔(【引用サイトリンク】title=How can loJack be effective, if i have a password.... someone steals my laptop, they can't login to connect to the internet )〕 LoJack can be installed on Apple computers, but will be stored only on the hard drive. If the hard drive is replaced or reformatted, the LoJack will be lost. BIOS service should be disabled by default and can be enabled by purchasing a license for ''Computrace''; upon being enabled, the BIOS will copy a downloader (small agent) named rpcnetp.exe from the BIOS flash ROM to %WINDIR%\System32 (which usually resolves to C:\WINDOWS\System32). On some Toshiba laptops rpcnetp.exe is preinstalled by Toshiba on the unit's hard drive prior to shipment from the factory. Rpcnetp.exe will in turn download the actual agent (full agent) rpcnet.exe from Absolute and install it as a windows service.From then on, rpcnet.exe will phone home to ''Absolute Software'' servers once a day, querying for a possible theft report, and, in any case, transmitting the results of a comprehensive system scan, IP address, user- and machine names and location data, which it obtains either by tapping the GPS data stream on machines equipped with GPS hardware, or by triangulating available WLAN access points in the vicinity, by providing WLAN IDs and signal strengths so ''Absolute Software'' servers can geolocate the device using the Mexens Technology data base.If ''Absolute'' receives a theft report, the service can be remotely commanded to phone home every 15 minutes, install additional 3rd vendor software, such as a key logger or a forensic package, make screenshots, etc. ''Computrace'' also supports Intel's ''AT-p'' anti theft protection scheme: If it is unable to phone home within a configurable time interval it will require a special BIOS password upon the next reboot. It can be configured to shut down the machine's power supply immediately in this case, to force a reboot. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「LoJack for Laptops」の詳細全文を読む スポンサード リンク
|