Faq on absolute computrace case security vulnerability. Detecting and removing absolute persistence technology. How it works through our partnership with leading computer manufacturers, our computrace agent was embedded in the firmware of many computers at the. Some, but not all, software agents have uis user interfaces. The software agent behaves like a rootkit, reinstalling a small installer agent into the windows os.
Lojack makes an excellent doubleagent due to appearing as legit software while. The persistent security features are built into the firmware of devices themselves. The software agent behaves like a rootkit, reinstalling a small installer agent into the windows os at boot time. It adds a browser helper object bho to internet explorer. The distribution mechanism for the malicious lojack samples remains unknown. Computrace by absolute software should i remove it. At the black hat briefings conference in 2009, researchers showed that the implementation of the computracelojack agent. It can add lines on your hosts files to disable communications between your computer and the computrace servers.
The absolute persistence module is built to detect when the computrace andor absolute manage software agents have been removed, ensuring they are automatically reinstalled, even if the firmware is flashed, the device is reimaged, the hard drive is replaced, or if a tablet or smartphone is wiped clean to factory settings. Attackers can use computrace antitheft tool to remote. This software is used to trace stolen laptops, with features including the abilities to remotely lock, delete files from, and locate the stolen laptop on a map. Solution determine if computrace is acceptable software for your. Lojack, formally known as computrace, is a legitimate laptop. How recent was the computrace agent variant you found. They explained that those computrace agents were never registered in their. A software agent is a persistent, goaloriented computer program that reacts to its environment and runs without continuous direct supervision to perform some function for an end user or another program. Detection of computrace variants in uefi and preloaded. Computrace is an optional monitoring service from absolute software. T selfmonitoring analysis and reporting technology phone. Absolute softwares press release from 2009 claims that the computrace bios module is activated by the installation of absolute software by our customers, and is never forced upon any user. And the answer to your last question would be yes, but. By continuing to use this site andor clicking the accept button you are providing consent quest software and its affiliates do not sell the personal data you provide to us either when.
The computrace agent communicates with the absolute software monitoring server at. All you need to do is call the number that pops up when you go into the bios. The computrace software agent that powers absolute softwares solutions is embedded in the bios of computers from the worlds leading computer manufacturers. This tool check for any presence of the computrace lojack spyware. Computrace agent is a windows application that has two variants.
I purchased a lenovo t430 off of craigslist i know and a couple of weeks after reinstalling windows i got a call saying that the laptop was stolen from ohio, i work in california. Executive summary asert recently discovered lojack agents containing. Analyst mike vizard has an overview of absolute software in an august 2017 column in it business. Kaspersky confirms hidden threat in bioses pc and warns that absolute computrace antitheft agent can be remotely hijacked. Note that the computrace components are however still installed in windows and must be manually removed as i. The absolute agents are client software that you install on devices you want to manage using. This module is embedded into bios pci option rom or. Computraceplus is a softwarebased pc tracking and loss control service powered by the computrace technology platform. Create an unbreakable connection to every endpoint, ensuring they are visible, protected, and compliant at all times. The agent is low level, runs silently and automatically, and does not appear on the desktop or file directories.
Thoughts on absolute computrace blazes security blog. Any authority or hacker can alter the files and take full control over your machine, including full activity monitoring and deleting files. The focus of the research was the absolute computrace agent that resides in the firmware, or pc rom bios, of modern laptops. A software agent is the computer analog of an autonomous robot. Tracking and analysis of the lojackcomputrace incident nsfocus.
Background on wednesday, february 12th, kaspersky lab. A issue was opened on the forum asking we have a computer which has never placed a call into dds. Starting a new project to continue, click next use a unique project name and project number for each project. Authorized customers are able to uninstall the computrace software agent and disable persistence at their discretion. In addition, the bios security for computrace is enabled, but will not activate. In 2005, absolute software released lojack for loaptops, also known as. Once installed, the agent automatically contacts the monitoring center on. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality. Computraceplus helps organizations track pcs, deter theft, investigate loss, locate and recover stolen pcs, perform forensic data recovery and locate lease returns.
The behavior of the lojax sample seems to be similar to the previous versions and. A program which autonomously acts on behalf of its human or organizational principal while carrying out complex information and communication tasks which have been delegated to it. Another example is intels antitheft technology which apparently will cease to exist in. Problem due to recent security enhancements made to computrace, and the resulting automatic client component updates that occurred, a small subset of users are receiving warnings from av products that a file belonging to absolute software is being prevented from running, or that the computrace agent is being prevented from calling. The computrace agent from absolute software is a service solution designed to help track assets and provide recovery services in the event the notebook is lost or stolen. If your machine is offlease, and hasnt been stolen, it should be easy to get computrace removed. Computrace is a software program developed by absolute software. The computrace agent is a software client that resides on the hard drive of host pcs. Computrace is designed to be activated, deactivated, controlled and managed. Absolute persistence technology amounts to a persistent rootkit preinstalled by many device manufacturers acer, asus, dell, hp, lenovo, samsung, toshiba, etc to facilitate lojack for laptops, and other backdoor services the absolute persistence module is built to detect when the computrace andor absolute manage software agents have been removed, ensuring they are automatically.
The machine was freshly bought and the user never ordered, installed or even heard of computrace software. Well that all depends on if you own a samsung galaxy s5 s. En with this simple utility check if the computrace lojack spyware is on your computer. An intelligent agent is basically a piece of software taking decisions and executing some actions. Software agents, like people, can possess different levels of competence at performing a particular task. This means, in the event that the hard drive on the program laptop has been reformated or replaced the computrace software stays intact. The agent is installed, but the unit will not place a test call. After the case raised by kaspersky team on the computrace agent i tried to contact absolute software received the following official reply on the results of the investigation. I can tell you first hand computrace works very well.
It can be activated by customers when they purchase a subscription with terms ranging from one to four years. An antitheft software installed on laptops from prettymuch every major computer manufacturer can be used by attackers to hijack. Introduction to lojack with a history of 20 years, absolute software has been a leading provider for device security, management, and tracking. It is the criteria, which determines how successful an agent is. A software agent has encoded bit strings as its programs and actions. Furthermore, as this series of malicious software used the lojack agent during delivery, we dubbed it lojax. Links related to absolute software computrace client.
Computrace has been shown to be installed on systems without the owners knowledge and could allow possible attacks that can take control over the machine when it is not properly configured. And in the event of loss or theft, computrace can help you recover your computer. Deploying the persistence agent successfully in bios, for example, makes heavy use. Our intention was to evaluate how secure computrace agent. Computrace design suite is now available worldwide. Thermon computrace introduction open computrace step 1. I recently acquired one of these devices and was as one could imagine very pleased with my sparkly new handset. Resilient cybersecurity for your devices, data, and security controls. With the recent growth of ai, deepreinforcementmachine learning, agents are becoming more and more intelligent with time. Its products have set an industry standard for persistent endpoint security and data risk management for computers, laptops, tablets, and smartphones. Computrace can be installed on 32bit versions of windows xpvista7810. So yes, computrace seems to be a permanent backdoor, unless you have hardware experience to inspect and follow bios modification, decribed by kaspersky. Computraceplus is used by businesses and corporations of all sizes in any industry to keep track of their pc population and put and end to uncontrolled loss and potential security breaches. Absolute computrace antitheft software can be remotely hijacked.
Also on computrace official site there is a list of laptop models where computrace is preinstalled by manufacturers, so if you buy a new laptop that is in the list you have computrace. In the past, this software was known as computrace. Even if the hard drive is removed or formatted, it reinstalls itself and continues to track the device. What are some examples of software intelligent agents. What to do if computrace is activated in your tp bios. Command line arguments minimally interactive install u unattended install s silent install exit codes common exit codes. The unit has the same bios version and tpm version as many of our other computers. Permanently disabled permanently disables the computrace activation. Computrace, an antitheft application, is installed and running on the remote host. Administrators guide for absolute agent absolute software. The small agent is a piece of code that is of minimal possible size and maximum extensibility. Absolute softwares antitheft computrace software is mysteriously installed on brand new machines, nearly impossible to remove, and exploitable.
Antivirus application compatibility with computrace. To ensure computrace is running on your laptop check the following settings in your laptops. Q how to remove computrace agent samsung galaxy s6. While absolute software is a legitimate company and information about. Absolute computrace antitheft software can be remotely. For example in a lenovo thinkcenter, the setting is in the security section. In 2005, absolute software released lojack for loaptops, also known as computrace. This module is embedded into bios pci option rom or uefi firmware. They also informed me based off of the screenshots that were taken and sent to them the could tell i was a. Tell him you bought a used machine with computrace activated and that you want to have it removed. This installer later downloads the full agent from absolutes servers via the internet. Computrace is an application that is embedded into the laptops firmware bios. It is the action that agent performs after any given sequence of percepts. Millions of pcs affected by mysterious computrace backdoor.
Introduction 12 aboutthisguide 12 audience 12 userroles 12 otheruserroles usingthisguide conventionsusedinthisguide 14 chapter2. Attackers can use computrace antitheft tool to remote wipe pcs. Computrace agents aggressive behaviour has even prompted some antivirus firms to label it as malware on occasion, kaspersky notes, adding that. This tool was originally designed by absolute software inc. Secret agent computrace software inserts a stealthy agentan 8kb virtual device driveron the hard drive that contacts absolutes monitoring service at set intervals.
The absolute persistence module is built to detect when the computrace andor absolute manage software agents have been removed, ensuring they are. It pro tips for absolute software computrace client 8. Absolute is the industry benchmark in endpoint resilience, factoryembedded by every major pc manufacturer including dell, lenovo, hp and 23 more. Technically computrace is a permanent irremovable for an averageaboveaverage user backdoor. We downloaded arbor networks samples and can confirm they are all. Deploying the persistence agent successfully in bios, for example, makes heavy. Please wait a moment while youre redirected to the absolute authentication server. Tracking and analysis of the lojackcomputrace incident.
243 432 69 973 663 412 109 86 1039 779 401 372 30 1262 504 1056 932 450 1341 316 1490 297 428 1249 302 209 385 33 657 1185 815 226 333 45 928 701 38