On 03/23/2014 10:09 PM, plug.mailing-list wrote: > The marketing videos on that site boast they can retrieve data, wipe > the devices, and perform patch management (install whatever they feel > like). Additional research shows there is *some* support for Linux, > so unfortunately, you might still be vulnerable: > > http://www.absolute.com/en/products/absolute-computrace/requirements > > I don't think I'll be purchasing a used laptop without checking the > BIOS/UEFI first. > > If I were you, I would pursue getting Computrace disabled. If the > company can't (or won't) disable it, I'd resell the laptop and buy > another.
That's the user-installable agent part they are talking about. With linux you have to install the agent manually, and it won't survive a re-install, though I'm sure the agent activates the BIOS part, which will infect subsequent windows installs. The BIOS portion includes agent injection for Windows only, at present (limited space in the BIOS/UEFI). This whole mechanism could be hijacked to infect Linux of course. It's only a matter of time before malware infects CompuTrace. How often do people update their firmware to close security holes? And I could see the NSA doing something like this as well. What's scary is this software is on almost all new laptops nowadays. Even if you permanently disable it, there's nothing preventing software from re-enabling it, though of course BIOS-infections are nothing new. Scary stuff, though, since it's so widespread. Clearly if you really wanted to keep a laptop from being stolen, you kind of want these features that CompuTrace has. But they are open to misuse. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
