Intel anti-theft releasedLenovo and Absolute can brick your boxBy Charlie Demerjian: Tuesday, 02 December 2008, 11:53 AMINTEL, LENOVO AND ABSOLUTE just came out with the first purchasable version of the Intel Anti-theft technology. After a brief chat with guys from all three companies, it looks like they did things right.Anti-theft (AT) builds upon what Intel started in Vpro, basically a small amount of compute power and storage in the chipset. With Vpro, you can store sensitive information like encryption keys in the chipset itself, making things very hard to snoop/discover. The small amount of compute power allows it to tweak the machine without OS intervention. You can see how both of these things are useful for anti-theft.Lets assume you already have a fleet of the brand new Lenovo T400s, successors to the T61 line that you know and love. You flash the BIOS, and install the Computrace software, and then set up your parameters for messing with the bad guys. Absolute will either host the database for you as a service, or in Q2/09, will sell you software to host your own should you want to go that route.The combination of hardware and software allows you to do a bunch of interesting things, both proactive and reactive. Most of them do not require any specific OS because they are hosted on the chipset, but some features may need a live OS.The proactive features tend to be aimed at regulatory compliance and the like. You can set timers to disable logins if the computer has not checked in to a central server within a set time period. Users simply hate this, but the non-technical side of management sees it as the best thing since golf. Until they get hit by it.In any case, you can manually call in and get a one-time boot key, allowing you to get back online and check in. They will then do whatever they needed to do when you check in, back up, push patches, or simply feel good that they checked another box on the big sheet of SarbOx compliance.The reactive bit is a little more interesting. You can set it to brick the machine on password failures, a signal from a remote server, or a number of other triggers. Once again, this is chipset based, so you can't block it with the usual tricks, setting kablooey.absolute.com to 127.0.0.1 in your hosts file will not block this, but an external firewall might depending on how crafty they are. In any case, a timer plus a remote server would be a pain to get around even if you are aware of it.When bricking the machine, you can make it not pass the BIOS screen. If you are good little corporate drones and have hardware-based full-disk encryption (FDE), it can wipe the keys, and the thief has a bunch of mostly random bits on a magnetic drink coaster. If you are not using the hardware FDE, or simply not encrypting the disk, then you have potential problems.Computrace can help there, it can wipe selective files, folders, keys, or the entire disk. This is OS dependent, so they would have to boot the computer in order to wipe it, but most thieves tend to turn the thing on to see what they have, don't they?Once you report the PC stolen, it can be disabled or tracked. The tracking bit is kind of humorous, you got this great deal off Ebay, and after using it for a week, the cops show up at your door. Whoops.This also addresses the problem of large scale theft. If Lenovo puts Computrace in at the factory, and the truck full of notebooks goes *poof* somewhere in eastern Europe, when they are plugged in, they get bricked instantly. This may very well make Lenovo laptops about as sought after as month old beets in that part of the world once word gets out. If they were smart, they could ship the laptops disabled, forcing a check-in at first turn-on. If they are stolen, they never get unbricked.Given not only what this software and hardware combo does, but where it resides, and how it functions, we think it has a very good chance of being effective. It can't be bypassed with a BIOS reset, and if you set things right, it has to check in periodically or it bricks. This could be a very powerful tool for companies looking to lock things down.There are no obvious flaws to the system this time, and that is a good starting point.
