Phoenix Unveils Anti-Theft BIOS 458
linuxwrangler writes "According to articles at PC World, c|net, Internet Week and elsewhere, Phoenix Technology is introducing a new BIOS-based anti-theft system. Every time a TheftGuard equipped machine connects to the internet it pings a server at Phoenix which can instruct the machine to wipe its hard drive, report its location or disable itself. Given that most people don't want to have their every movement tracked and don't want someone else to have the power to wipe their drives, Phoenix figures that corporate clients are the prime customer. I just wonder who is liable when a company sells a surplus laptop on eBay but gets their inventory control screwed up and reports it as stolen..."
Shortly after the BIOS was unveiled (Score:5, Funny)
Re:Shortly after the BIOS was unveiled (Score:5, Insightful)
I can't wait for the round of virii (outlook attachments) that trick this BIOS into thinking it's stolen.
Or, better yet, someone hacks Phoenix's server to tell all the BIOS's they are stolen.
This will be fun to watch.
Re:Shortly after the BIOS was unveiled (Score:5, Funny)
Re:Shortly after the BIOS was unveiled (Score:5, Funny)
actually you are both right, but... (Score:3, Informative)
However, while english accepts the plural "viruses", the technically correct plural form of "Virus" is "Viri". We are of course going with the Nominative plural form of the the latin noun Virus (meaning Poison). But you probably already new this fact and the fact that many english words are derived from latin (focus, foci would be another example of the same situation).
singular
-us
-i
-o
-um
-o
plural
-i
-orum
-is
-os
-is
You
Re:actually you are both right, but... (Score:5, Funny)
2 viruses = virii
3 viruses = viriii
and so on. now doesn't that make one feel educated?
i guess an unknown quantity of viruses would be vir(i*)... as in, "well, there are many vir(i*) that could be the end of humanity." *shakes head in wonderment*
When in Rome.. (Score:5, Funny)
No, no, no.. It's inelegant to extend a latin root by just adding extra "i"s.. To be true to the spirit of the language, surely it would be more appropriate to proceed thusly:
4 viruses = viriv
9 viruses = virix
1001 viruses = virmi
etc..
Re:Shortly after the BIOS was unveiled (Score:3, Funny)
routing? winmodems? (Score:2, Interesting)
Then again, thieves are more likely to steal a dedicated T1 line on a BIOS-supported ethernet card than the rest of us
Anti-Theft BIOS? (Score:5, Funny)
Re:Anti-Theft BIOS? (Score:3, Funny)
Replaceable Bios (Score:4, Insightful)
Last I checked, the BIOS was in a socket. What stops someone from swaping out the bios chip before turning on the box?
Re:Replaceable Bios (Score:2, Insightful)
Re:Replaceable Bios (Score:5, Insightful)
Re:Replaceable Bios (Score:4, Insightful)
Re:Replaceable Bios (Score:3, Interesting)
Any 'smart' laptop thieve is the exception and not who this tool is designed to 'bust.'
It's designed to nail the lowlife at the airport who wouldn't know what to do with the laptop if he did actually open it up and turn it on. He turns it in at the hock shop (you've seen 'em- the ones with the big sign on front 'we buy laptops for CASH' whose windows geeks should just bust out regularly) and uses the $16 he gets to buy crack.
Re:Replaceable Bios (Score:4, Insightful)
Screw the BIOS sell me the sticker! (Score:4, Funny)
Personally, I'd go with the "This Laptop is GPS enabled and filled with C4 explosives set to go off when reported stolen. Enjoy life with your three out of ten fingers."
Re:Screw the BIOS sell me the sticker! (Score:3, Funny)
Good luck getting your laptop past airport security and aboard an airplane.
Oooooh nooooo! Not the anal probe!!!!
Re:Replaceable Bios (Score:5, Funny)
Wiping the drive after it is removed from the machine is a pretty neat trick.
Re:Replaceable Bios (Score:3, Funny)
Now THAT's a cooked sausage!
Re:Replaceable Bios (Score:4, Insightful)
What stops someone from swaping out the bios chip (Score:5, Funny)
ouch (Score:4, Funny)
Re:ouch (Score:4, Funny)
Women?
Nahhh....
Re:ouch (Score:3, Funny)
Re:What stops someone from swaping out the bios ch (Score:3, Funny)
Re:Replaceable Bios (Score:5, Insightful)
That said, the interesting part would be to find out what the BIOS uses to identify the PC to the TheftGuard server. My guess is the (yawn) MAC address since it needs to be connected to the 'net to be effective. So change the MAC if it's programmable on the NIC in question, or (if it's not a laptop) just toss the NIC in the trash and spend $10 on a new one.
They'll probably sell a lot of these to CIOs who think they can outwit industrial spies. Yeah, it's better than nothing but the level of security they're making it out to be is way beyond it's piss poor practical value.
Most Criminals ARE Stupid (Score:5, Insightful)
Re:Replaceable Bios (Score:4, Interesting)
The Club [winner-intl.com] is a device that locks onto your car or truck's steering wheel and prevents the wheel from being turned and thus the vehicle from being driven. There are several very effective ways of removing the Club without using a key, some of which can be done in less than a minute. Despite this, the Club is an effective anti-theft deterrent. Why? It's a huge improvement if you stop just the dumb crooks. Sure, a smart crook can get past it -- but there's a whole lot more dumb crooks than smart ones, so if it doesn't cost too much, the benefits far outweigh the costs.
In the hands of the government (Score:3, Insightful)
spoofing (Score:5, Interesting)
No so outlandish (Score:3, Interesting)
This attack, however, relies only on a single instance of minor social incompetence by a call-desk employee. Attacks like this have already been shown to work on large corporations who are supposedly in the business of
Re:No so outlandish (Score:3, Funny)
-
Linux support? (Score:3, Insightful)
Re:Linux support? (Score:5, Informative)
If the BIOS pings a server using the onboard nic before it tries to bootstrap to a drive, it would be very difficult to disable this...
Re:Linux support? (Score:4, Insightful)
And god forbid if you don't actually *have* always-on internet dangling of the end of your network cable. What about people with cable modems with PPPoE? Authenticated proxy servers? Dial-up users?
So yes, you could probably do something like this at boot if you cobble enough bits'n'pieces of software into your boot ROM - Phoenix has , it seems. But it'd probably only work in a fixed, known , stable environment. As mentioned before, possibly useful for corporations, not useful for the average home user.
Just sounds like something else to go wrong to me. And go wrong catastrophically too.
Re:Linux support? (Score:3, Informative)
Re:Linux support? (Score:2)
You would need tcp/ip in rom as well as have the bios automatically configure itself over a network.
Re:Linux support? (Score:4, Informative)
You can get a trivial ethernet driver + DHCP + TCP/IP stack + simple TCP client into 32K fairly easily. Let's not forget that Suns made since before 1991 have supported DHCP (well, bootp) + UDP/IP + TFTP to netboot.
Putting this in the BIOS now is insurmountable why?
Re:Linux support? (Score:3, Insightful)
This might not just be used for stolen PCs, but for overall inventory control. When companies are growing quickly often PCs get lost. If they can't be found at audit-time, companies have to write off a proportionate share of their capital equipment.
Not to mention there's a huge grey market in laptops, serv
Re:Linux support? (Score:3, Interesting)
Re:Linux support? (Score:3, Informative)
Nope, d00d. The BIOS has full control until it loads the boot sector off of the hard drive. Everything from then on has nothing to do with the BIOS, except if a program chooses to call BIOS code. E.g. DOS relied on BIOS routines for hard disk access, so if your BIOS didn't support drives > 512MB, and you had a 20GB drive, you couldn't use it in DOS. Linux (and other 32-bit OSs, heck
I'm confused... (Score:5, Funny)
Damn Mozilla!
Re:I'm confused... (Score:2)
Re:I'm confused... (Score:2, Funny)
Murphy's Law (Score:5, Insightful)
I logged more hours going back to corporate offices and disabling these "features" and assisting their admins mine out old data then I did installing them. I had to stand there and be told how "God damned stupid all of these features are, and how stupid Dell is for using them, and how stupid you are for working with Dell!!!!". This is when I was 19 and had no more business/customer support experience/skills then a guy serving fries at McDonald's. The shit sucked.
Murphy's Law dictates that the benefits of this idiotic and restrictive measure will be over shadowed by it's rare glitch and/or user incompetence which results in the loss of data.
What happens when your battery dies on the SQl server, and the default settings enact this horrid "feature" and your hard drive is slicked? How bad will it suck when it happens to the CEO's assistant's laptop and she comes storming into your pitiful excuse for a NOC right before you were supposed to go on lunch?
Re:Murphy's Law (Score:5, Funny)
I'll wait for the first virus that activates this feature while spoofing the HW address.
"Help, Phoenix, I've been STOLEN!!! Nevermind that guy I've got in chains and a gag, BLOW THIS PLACE UP!! NOW!!!"
*BLAM*.
One less Windows XP install in the world. Then again, this might be very useful as a LART...
"What was you machine's name again? *Clickety-click*
Soko
whaaaaa (Score:5, Funny)
From my experience, CEOs usually have very very fine assistants.
Hey, maybe she is actually very technically capable, and consciously activated the erase-all-data feature just so have an excuse to talk to you, give you a chance to ask for her extension etc. =)
Aww shutup and let me daydream.
Nice for cyber-assholes (Score:5, Insightful)
Great.. (Score:4, Funny)
Aww! How do we expect to get an "early release" of Doom 4 now?
Federal use (Score:3, Insightful)
Better Idea (Score:4, Interesting)
Besides, in either case, if the thief were an enterprising individual they could recover the data. Empty hard drive? Just do a low level scan. Encrypted hard drive? Spend lots of time and resources trying to crack the key.
With that, why not go for the least destructive measure? Unless, of course, Phoenix is going for the Mission Impossible market -- this laptop will erase itself in 20 secs...
And keep the keys on a USB keychain! (Score:5, Interesting)
Only keep your keys on a something like a USB keychain rather than proprietary hardware. Then attach it to said employee's security pass so they don't leave it plugged into the laptop (or keep a log that emails you every time the laptop is shut down with the USB key left plugged in).
But alas, I can see the PHBs of the world will demand the Mission Impossible version because it sounds cooler.
Xix.
corporate clients (Score:5, Insightful)
pings server... (Score:5, Insightful)
and what if i completely disconnect it from the internet?
I am a user of this new technology.. (Score:5, Funny)
<CARRIER DISCONNECTED>
Re:I am a user of this new technology.. (Score:5, Funny)
Dude, if you're gonna act all I-was-hip-way-back-in-the-BBS-days, at least get it righ&' 8Ré
NO CARRIER
oh dear oh dear (Score:2)
How long do you think it will take before someone figures out how to fake those 'wipe harddrive' commands? Looks like a smiple case of packet-sniffin' to me.
"Hey d00d, watch what happens when I run THIS phoenix-nupe script...u r s0 0wn3d l0s3r"
All together now:
"I will place my trust and the fate of my harddrive in the hands of script kiddies"
Reports my location as well??!?
Huh?
Why? Do they have guided missiles lined up for nasty computer thiefssess?
Re:oh dear oh dear (Score:3, Insightful)
All we need now is some script kiddie to figure out the address of the "ZAP" routine in the Phoenix BIOS to jmp to, then the next outlook virus will cause hell. Change one instruction anywhere in your system's software (I guess boot sector is as good as any, before protected mode) to jump to that point, and all is lost.
Why bother with your own devious erase code, when Phoenix thoughtfully provides one for
This is very sad (Score:3, Insightful)
-----
I wonder if we're going to just kind of accidentally grow into some kind of wierd, reverse "newspeak", like in 1984, except instead of the government purposefully banning negative words, dodgy politicians, media outlets, and corporate officials will simply misuse all of the negative words there are until they've all lost their meaning in the public mind.
[Sometime in the indeterminate future, New Palestinian Liberation Army breaks into Joe Archetype's house and robs him of all his belongings to sell on the black market to finance their bombing raids, and spraypaints PALESTINE FOREVER on the inside wall. Joe goes next door:]
"Help me! My home has been breached by terrorists!"
"Hm? What's the problem? If you have anti-war protestors in your home, can't you just ask them to leave?"
"This is serious! They've stolen all my furniture!"
"So.. they've made copies of all your furniture? Not very nice of them, i guess, but what's the big deal?"
"ARGH!"
"Maybe you can file a DMCA complaint, i guess."
Company needs better PR guy. (Score:3, Funny)
Something like TheftGuard? It's like saying "TheftGuard is OK. But check out things that are like it, and you'll really be impressed."
hrm.. (Score:2)
I wonder how hard it would be to 'whipe' the system clean, though? A simple cmos clear? is it 'always on' and pheonix simply ignores the problem unless you call up and complain? Of course, one could easily strip out all the goodies and leave the motherboard, which isn't even worth all that much these days anyway. Kind of like how a stolen car,
BIOS Hacking? (Score:3, Interesting)
Once this BIOS is hacked (assuming it can be), how long before copies of BIOS start going out over Kazaa?
only computers? (Score:2, Funny)
(ducks for cover)
Inventory Control (Score:3, Interesting)
Exactly the same thing that would happen if someone checked the serial number and found it was reported stolen. Police investigate, the owner provides a transaction history, the original owner discovers the mistake, charges get dropped, original owner gets sued for negligence.
And should the HD get erased the FIRST TIME someone connects to the internet, it's not likely to create any serious data loss issues. The owner would probably think there's just something wrong with the computer. They'll complain, the problem will be discovered, etc etc.
Of course, this theftguard assumes a number of things. Certainly the BIOS won't have any interaction with the internet unless the OS permits it. Any intellegent thief would wipe the drive and resinstall without ever booting it, let alone connecting it to the internet. There are many other ways to trace a stolen computer once it gets online, assuming the OS wasn't reloaded first. Having a machine "check in" isn't a bad idea in theory, but there's no particular advantage to using a hardware solution over a software one.
-Restil
no, nope, no way, not ever! (Score:3, Interesting)
Corporations *might* but only if they can set it to poll THIER servers, and have it under their control.
Personally though.. it scares me that MS and their "Trusted Computing" scheme Might force this onto the users..
There is only three people/organizations that should have the ability to remove/restrict "owned" things... Me (the owner), The LAW (only after following the judicial system) or Judge Dredd.
Problems With This Idea (Score:5, Insightful)
When a TheftGuard-equipped system is stolen, the owner provides instructions through the TheftGuard web site. The next time the lost computer connects to the Internet, TheftGuard is activated and either disables the machine, wipes its hard drive, or transmits information on the physical location where the signal originates.
The problem with this seems to be that TheftGuard only performs actions after the stolen computer is connected to the Internet. And by the time that happens (if that happens) it's too late. My understanding is that when computers are stolen, the data on them is what's sought, as it is what's most valuable. And once the data is in the wrong hands, it's too late. The data on it can be copied to another place, and perhaps individual hardware components can be removed and sold. Am I wrong about anything here?
Re:Problems With This Idea (Score:5, Funny)
Chapter 11 (Score:4, Insightful)
Laura
Evil empire (Score:2)
We have been using a similar product for years (Score:5, Informative)
Computrace reports having retrieved a number of stolen computers based on the data reported by the software. It's definitely useful for any corporate IT department!
So what? (Score:2)
What's new?
Phoenix, meet dd (Score:5, Interesting)
Any hard disk forensics person will tell you the wonders of dd and netcat [rajeevnet.com] working together. Adjust the dd parameters a tad, and the HBA is no longer a problem. If they think the bad guys don't have access to this knowledge, they're as FDISKed as they seem.
This is seriously stupid, so it must have come from marketing, not the techies.
Soko
Re:Phoenix, meet dd (Score:3, Insightful)
Sorry, this isn't a deterent to people who have more than a trivial interst in the contents of a stolen hard disk.
Soko
Ahhh well... (Score:2, Insightful)
I remember reading an interesting article somewhere about a guy who got his mac back by using some remote software on there. It reported its IP address every time the theif connected to the net and as I recall, the guy was uploading scripts to it and so forth to get it to do various things to help recover the box.
I remember thinking at the time that this was a neat idea, but having a third-party with the powe
Monopoly seldom talked about (Score:3, Interesting)
I'm i'm not mistaken, award, ami, and pheonix are owned by the same company. Atleast Award and Pheonix seem to be at anyrate. I could be wrong about this, but this would be due to the lack of attention on this little piece of software you are required to buy.
Unlike the Microsoft software where you at least (all though arguably) have a choice to buy a system without it... the same can't be said about the BIOS. Now they have a good product... worth paying for, though I wish they would have added some more *nix like features quite frankly, and it's a pain when one motherboard has for example the Symbios boot for cheep scsi cards feature, where another motherboard with the same make bios is missing that feature, dispite the fact that it's been shown this could be added with ease, and heaven forbid any end user requests for these features present in one and not the other.
So, when Pheonix decides to be most irrating and implement systems like this, who are you going to turn to? I honestly don't know the actual cost of the bios licensing and it's cost per PC motherboard, but I'd wager to guess it's pretty cheep... based on what i've seen in old computer shopers, some companies were charging like $20 a chip. I assume it's a sub $20 per chip fee. I personaly am happy to pay it, as these companies pretty much became comercialy viable because they undersold Compaq and IBM, and dispite their flaws they are the lesser of the big blue and wannabe blue.
This is one of those products that you pretty much either *assume* you have legit license for, based on faith that the motherboard maker. For your average geek, it's pretty much a simple task to establish wether or not you have license for the product.
It's also one of those products that the end user doesn't typicaly pirate. Pirated, or rather, bootleged bios are typical found on the cheepest motherboards available. I do not feel that this is the solution as it's not typicaly the end user pirating their product, it's little no name companies that buy their product bulk from the likes of PC Chips and resell them without a licensed bios.
*SOLUTION* why not ask for cash? You may say what you will about these companies, but unless the freebios projects mature enough there isn't really much of an alternative, and it is a product worth paying for as it does make the system work, and i'm all for supporting them as they pretty much are, in part, responcible for the whole clone market, until something better comes out. If their product is indeed typicaly sub $20.00 for that little holographic sticker, this is a VERY small price to pay for updates. During y2k, they would have made a KILLING on all those cheep ass funky motherboards if they were able to provide on their website the correct bios based on it's ID number, explain that you need to pay $20.00 to download it, rather then the more foolish end users who bought copies of that Symantic product to compensate for only level 2 complience.
The alternative is getting bad press about some little old lady who bought a system on good faith, who in good faith bought a system, getting her hard drive wiped because of someone else bootleging a product she doesn't understand exists.
For the paranoid (Score:4, Insightful)
29 Comments and not one.. (Score:2)
1) Onboard ethernet
a) Plugged in at boot, during PXE/BOOTP/etc.
b) On a network with DHCP, or at least forgiving gateway routers.
2) A modem that attempts to dial an 1-800 number or some such during boot.
Modern OS (i.e. not Win9x/ME) don't invoke the bios for anything major after the initial bootup; by the time they get the network settings enabled, the bios is left behind. (PPPoE, VPN, static IP, whatever).
Does
I shouldn't tell this secret, but... (Score:5, Informative)
Uhmmm problem. (Score:5, Insightful)
Now, just how upset would you be if someone came to your door and said that the laptop you bought on eBay last week was stolen? Granted, you'd try to contact the seller to get your money back, but if he's been even the slightest bit clever about things, you might never find out who it was. Further, even if you *DO* find out who the guy is, you still won't get your money back because he'll probably be doing jailtime in the very near future, if he isn't already. Of course, you can legally sue him, but just how do you think you're going to collect?
Not that I'm saying that theft should be ignored... it shouldn't. But doesn't anyone think that efforts might be better spent on technologies that might enable them to catch the criminals *BEFORE* they exploit someone else?
What happens... (Score:4, Interesting)
Hmmm.... (Score:5, Interesting)
I do think that an awful lot of people on here are getting the point: What happens when I, mister malicious black
hat decides to spend a little money on research material and aquires, by one menas or another, a few of these units for destructive testing and reverse engineering? Now I can spoof the Pheonix server on any given LAN and - proof - Merry Christmas, Bob's your uncle!
I can see the military and paramilitary organizations liking something like this. I'd also be surprised if they don't have something similar under lock and key right now. If I recall, most of the concern over the laptops wasn't over the data on them, but more over how the security procedures when awry. There were one or two that went missing from internal areas that wouldn't have been equipped for travel, but they likely wouldn't have been protected by this system either.
Personally, I think people fall into one of two categories:
1) The stupid/ignorant. These people wouldn't buy this BIOS anyway. They're gonna be hooped when their data gets lost/stolen.
2) The paranoid. These people are probably already using strong encryption, finger print scanners, etc. They're gonna be hooped as well... unless they were paranoid enough to do regular backups! Admittedly, the thief won't have access to the data, but I suspect most of the stolen laptops get wiped shortly after the thief copies the porn off for his own amusement anyway.
I see IT managers loving this because it covers their arses. I see the users either not needing it or not liking it.
-Rob
Re: (Score:3, Insightful)
What authentication is used (Score:3, Insightful)
Not bad but kinda cheep. (Score:5, Interesting)
If you buy a used PC with that system in it you should have the ability to contact the maintainer of the system to work out ownership transfer. There should be no fee for this.
Prediction by MrPredicter:
One week after deployment a copy of the BIOS will be posted to usenet, Seventy Six Milliseconds after that it's cracked, patched and offered on WareZ sites with instructions on how to burn, unplug or desolder and install the new chip.
Fixing the above, off the top of my head:
Hardwired into the motherboard is a distributed encryption device that holds all of the motherboard chips, drives, ram and compatible installed cards in an inactive state until a USB or other device is insterted. The unlocking device needs to have been activated with a PIN prior to insertion so that the secret key inside can encrypt a challenge response with the devices in the computer. The device in the computer should also do realtime transparent encryption of the drives and offer network encryption as it would be trivial to add. Internal keys in the device would be the provence of the local IT security staff, they could not be changed by the user.
One nice feature of this method is that, with a well setup OS each users network presence (data, settings, drives ect) could be transparently encrypted, each PC would be generic with no user or company data stored on the PC just on the network. Other networkable protocols could be implemented. I think Linux is close to part of this done in software.
The device would need to be distributed, that way an attacker would have to compromise every device in the computer to make any use of the computer. Even the ram would not be of use.
It would be possible to do this in a compatible way to protect the addons use extenders/risers that contain the encryption receivers which would be epoxied to circuit cards, drives and ram would slightly reduce cost and void warranties but allow easier upgrades by just adding a riser. The other method is to order specially modified hardware and only the Motherboard needs this. Yes, there are all sorts of drawbacks mostly stability issues and the CPU is stil not protected from theft.
Isn't there some sort of specification for all this, this didn't just come to me a vacuum, well I vacuumed it up, most probably from the cypherpunks mailing list but can't remember.
Total added cost to the PC, too much:
Just hire a damned good degreed security specialist and a retain a good physical security consultantcy and let them work with a team of people to implement a reasonable security system and stick with it. Add to that good training for the security people and rigorous *reoccuring* background checks. Also a mid/upper level management that actually listens to the experts in this is needed, eviserate the dead weight as needed.
nice scenarios in comments so far (Score:5, Funny)
disgruntled fired admin, on his last day, instructs firewall servers to redirect pings to phoenixbios.net: boom! every computer in the company gets an empty harddrive
Introducing a single point of failure (Score:5, Insightful)
That means they're introducing a risc to get their business fscked (or rather formatted) if they depend on those laptops and need to connect them to the internet. I think that's a high price to pay to protect against the theft of a few laptops.
Also it doesn't even work: maybe it's hard to change the BIOS chip (given a replacement BIOS and the right equipment it should be doable), but if the thief is really interested in just the data he simply reads it without conecting the laptop to the internet, or he even removes the harddisk altogether and analyses its contents.
If they really want to protect their data they should go for encrypted filesystems or at least encrypt the sensible data so only authorized persons can access it, problem solved.
Wow, to be THAT hacker (Score:4, Funny)
Stop big business from playing cops (Score:5, Insightful)
Assuming they could get past all the potential technical hurdles regarding security and authentication, we still are basically saying that a private company can alter/damage the contents of a computer legally without any coordination with law enforcement. That scares me.
Basically, this is sort of a computer version of low-jack. Which is cool. But in this version, it would be as if you could call up the low-jack people, have the car disabled, get a report of where the car is and take care of the matter yourself. Of course, as far as I can tell, low-jack doesn't work that way. My roommate can't find my documentation for the low-jack, make a phone call and leave me stranded just to play a joke.
I'd like to see this system in place. I for one sure would be happier to know that if somebody stole one of my laptops there was some method out there to recover it. But that's a job for the police, not some big business. Sure, Phoenix can build tools that I might buy that would assist the police, but I'd want to be dang sure that they can't do anything to one of my machines until the cops tell them it's all right. And the cops can't tell them that until I've filed a police report and asked them to do it.
Yes, I know that law enforcement has a long way to go to really get a handle on computer based crimes, and at the moment are pretty impotent in catching the bad guys. But what I don't like seeing is big faceless corporations coming in and picking up the slack.
Lot's of noise but .... (Score:4, Insightful)
Wipe it's drive?! Oh come on... (Score:5, Insightful)
Oh gee, like thats gonna be REAL popular with people.. How long will it take an enterprising young 14-year-old to write a little hack that sits on a network, opens promiscuous mode on a NIC, watches for calls to Phoenix's verification IP, and answers back with a smurfed "AAGH! DANGER WILL ROBINSON!" reply before Phoenix, Inc. has a chance to?
And I, for one, don't want the operation of my machine to be wholly dependent upon whether or not it's connected to a public network.
Stupid idea, if you ask me.
You want PC security? A note on the wall that says "If you screw with this machine, I'll know, and i'm quite capable of kicking your ass, having you fired, or both." will do the trick nicely.
Seriously..When I was in HS, the guy who ran the computer room was massively anti-piracy. If he even *suspected* you were using pirated shit in the lab, he'd confiscate your disk and literally staple it to the wall. Got the point across.
Security measures (Score:3, Interesting)
I think the main problem with computer theft is not the loss of some more or less cheap piece of hardware. That can be replaced easily. The major damage is that you'll lose your data. But security measurs like the harddisk security features that are stored in a hard disks firmware make it very hard to get access to the data. Especially considering that a normal thief is not an IT expert.
If industrial espionage is concerned then your enemy has enough knowledge to do bad things when he has real phyical access to the machine. So a BIOS won't help much to keep an expert away from my data if I don't do additional measures.
What would be really helpful against data loss is a BIOS that goes on strike if I don't do backups of my data frequently... but that leads us to the problem that there is no easy way of backing up 80 Gigabytes on a 3.5 inch floppy...
As effective as the coded car radio. (Score:4, Interesting)
By the time the buyer realises, the thief is long gone - it just moves the problem, doesn't eliminate it. Just like the car immobiliser law brought in here in Western Australia - all cars have to have them. So now we get people being attacked near their cars or in the house so the thief can get the keys.
Meanwhile, in the secret Cavern... (Score:3, Funny)
It seems obvious to me they want to extract more money out of customers by crippling the bios rather then by really improving it.
Re:Location? (Score:4, Informative)
In other words, it will traceroute the ip and find out where it is geographically located, and then contact the ISP to find out who was on at that time. If it is reported stolen it shouldn't be that difficult for the police to get a court order to get the ISP to reveal that information.
Re:Location? (Score:2, Funny)
Quick -- where's 106.223.16.98 right now.
Re:Location? (Score:2)
Re:Location? (Score:4, Funny)
Re:It does what with the who now? (Score:5, Informative)