Frequently asked questions and answers about Computrace Data Protection are organized into the following categories:
• Product Overview
• Data Delete Overview
• Computrace Agent
• Connectivity
• Compliance
• Encryption, Cables and Other Protection Methods
• Monitoring Center
• Computrace BIOS-Based Agent
PRODUCT OVERVIEW
Q. What is Computrace® Data Protection?
A. Computrace Data Protection provides two main benefits – Information Technology (IT) asset management and remote data deletion. The product is centrally managed by IT, and meant for customers with large populations of remote and mobile users. For IT asset management, Computrace Data Protection gives IT staff visibility to up to 100% of their connected computer assets, including the 40% of computer assets that the Gartner Group says are unaccounted for at any given time. The remote data deletion function (“Data Delete”) enables customers to remotely delete sensitive data on target computers that have been stolen or lost. It can also be used for lifecycle management to ensure that computers are left clean and free of sensitive data at the end of their life or lease.
Q. How does Computrace Data Protection remotely track and protect computers?
A. Computrace Data Protection tracks the location of your computer using a small and undetectable software agent ( “Computrace Agent”), enabling the computer to report its location to Absolute's confidential and secure Monitoring Center each day you connect to the Internet. As well as collecting location data, the Computrace Agent also collects User, Hardware and Software information to help you track and manage your remote assets. If your computer is stolen, you can set up a Data Delete request so that sensitive data on the computer is deleted the next time the computer calls in to the Monitoring Center.
Q. How do I view information about my computer assets?
A. Users (typically IT departments) are able to view various asset management modules via Absolute’s online Customer Center website (“Customer Center”). These modules (or reports) allow IT to better enable their organization in the area of Secure Asset Tracking™.
Q. How does Computrace Data Protection work?
A. The Computrace technology enables you to track and manage your computer assets regardless of where they are. Here's how it works:
1.
You install the client software on your computer assets using an MSI installer, login scripts, imaging or other deployment methods – it's easy and secure. The client software is small, stealthy and hidden on the computer.
2.
Your computer reports location, user, hardware and software information to our confidential, secure Monitoring Center every day you connect to the Internet.
3. You sign a pre-authorization agreement to activate the Data Delete feature on the Customer Center website, then specify which users (“Data Delete Administrators”) are authorized to perform Data Delete. On receipt, Absolute sends RSA SecurID® keys to the Data Delete Administrators identified in the agreement. The agreement can be downloaded from the Data Delete menu in the Customer Center.
4.
You track and manage your computer assets, including remote/mobile computers, using reports, alerts and administration functions from the secure Customer Center website.
5.
If a computer is stolen or at the end of a computer’s life or lease, you can use the Data Delete function on the stolen computer to keep sensitive data from falling into the wrong hands. Only an authorized Data Delete Administrator, with a SecurID key, can set up a Data Delete.
Q. How does Computrace Data Protection differ from ComputraceComplete?
A. ComputraceComplete provides a guaranteed computer theft recovery service in addition to the IT Asset Management and remote data deletion features of Computrace Data Protection. Computrace Data Protection may be the right choice for you if the recovery of the stolen/lost asset is less important to you than the need to comply with federal regulations and protect sensitive data on your computer assets – by deleting the data before it gets into the wrong hands.
^ back to top
DATA DELETE OVERVIEW
Q. What is Data Delete?
A. The remote data deletion function (“Data Delete”) enables customers to remotely delete sensitive data on target computers that have been stolen or lost. If your computer is stolen, you can set up a Data Delete request so that sensitive data on the computer is deleted the next time the computer calls in to the Monitoring Center. It can also be used for lifecycle management to ensure that computers are left clean and free of sensitive data at the end of their life or lease.
Q. With which products is Data Delete available?
A. Data Delete is available with the ComputraceComplete, ComputracePlus and Computrace Data Protection products.
Q. How do I use Data Delete?
A. Data Delete must first be pre-authorized for your account
Q. How do I pre-authorize Data Delete for my computer assets?
A. Signing officers from your company must first complete and return a pre-authorization agreement to Absolute (speak to your Sales representative or download the agreement from the Customer Center Data Delete or Documentation menu) that identifies the personnel, authorized to perform Data Delete (“Data Delete Administrators”). On receipt, Absolute sends RSA SecurID® keys to the Data Delete Administrators identified in the agreement. Once received, Data Delete can be setup without any further involvement from Absolute.
Q. Once Data Delete is pre-authorized, how do I request Data Delete?
A. When a computer is lost or stolen, or when it’s ready to be disposed of or returned to a leasing company, and you wish to delete data on the remote computer, you can initiate Data Delete as follows:
1. An authorized Data Delete Administrator, with an RSA SecurID key, logs into the Customer Center using their Customer Center login and selects the computer for deletion, validating the selection with their SecurID key.
2. When that computer next connects to the Internet, the Data Delete operation will be launched. When the Data Delete completes, a logfile, containing a list of deleted files and directories, is uploaded to the Customer Center
3. An authorized Data Delete Administrator logs into the Customer Center, notes that the Data Delete is complete and views the logfile to confirm the deletion
Q. Can the data be recovered once it’s been deleted?
A. No. The data is not recoverable as the Data Delete operation uses an algorithm that exceeds the United States Department of Defense (DoD) deletion standard DOD5220.22-M and meets the NATO deletion standard.
DOD5220.22-M is a United States Department of Defense specification for wiping disk storage to guarantee that all data previously contained on that magnetic media is permanently erased. When most computers delete a file, the computer does not actually remove the contents of the file but rather simply unlinks the file from the file directory system, leaving the contents of the file in the disk sectors. This data will remain there until the operating system uses those sectors when writing new data. Until the old data is overwritten (and this may take months or longer) it can be recovered by programs that read disk sectors directly, such as forensic software. In addition, even if a sector is overwritten, the phenomenon of data remanence (the residual physical representation of data that has been in some way erased) can make deleted data forensically recoverable.
In order to be sure that a deleted file really is deleted, it is necessary to overwrite the data sectors of that file. This process is not simply “erasing” or “formatting” the drives; this is not sufficient, as there are numerous tools available to recover “lost” data on disk drives.
This specification requires that every single location on a magnetic media device is written to three individual times, first by writing a fixed value (0x00) once, then its complement value (0xff) once, and finally random values once.
Absolute’s Data Delete algorithm exceeds this standard by overwriting the data 7 times (rather than 3) and by performing additional operations. The algorithm:
• Overwrites the target area 7 times – the first 6 writes with an alternating pattern of 1s and 0s and the final write with a random value
• Writes random data to the file
• Changes the file attributes to “directory”
• Changes file date/time stamp to a fixed value
• Sets the file size to “0”
• Changes the file name to a randomly-generated file name
• Removes the new file name from the directory
Q. How do I know if the Data Delete was successful – Is there an audit log?
A. Yes - The Data Delete process creates an audit log verifying which files have been deleted. This audit log will be uploaded to the Monitoring Server and will be available within the Customer Center.
Q. Do I have to delete the whole drive or can I choose specific files or directories?
A. The Data Delete service is currently offered with 3 levels of Data Delete:
1. File- or Directory-Specific Data Delete (PC Only) – User chooses specific files, file-types and/or directories to be deleted – the computer will remain operational after the Data Delete process, assuming the user does not delete OS directories. For instance, you could choose to delete everything in the “My Documents” directory and all Word, Excel, Powerpoint and PDF documents, regardless of where they are on the drive. To use the File/Directory level option, you must first create a Data Delete policy from the Administration->Data Delete menu.
2. Full Data Delete Excluding the Operating System (OS) – all files excluding the OS removed from the hard drive – the computer will remain operational after the Data Delete process
3. Full Data Delete With Operating System (OS) – all non-OS files and some of the OS files removed from the hard drive. All user files (including programs and data) will be wiped and enough of the OS files to stop the computer from booting but some OS files will remain. The computer will not be operational when the Data Delete process completes.
4.
In the case of a full deletion with OS, the Data Delete is a 2 phase operation – first all files except the OS are deleted, a logfile is uploaded listing all the files deleted and then the OS deletion is launched. As the Computrace Agent will not be able to call once the OS deletion is in progress, the Data Delete is set to Complete after the non-OS deletion is complete.
Q. Which operating systems support Data Delete?
A. The Data Delete service (and the Computrace Agent) is currently offered on Windows XP, 2000 and NT and on Mac OSX10.2, 10.3 and 10.4. It is not supported on Windows ME, 98 or 95. Furthermore, the computer must be running Computrace Agent version 804 or above.
Q. Will Data Delete run on connected USB Drives, network drives or other external drives?
A. No. Data Delete will only run on local hard drives.
Q. What if there are multiple partitions on the hard-drive?
A. Data Delete will delete multiple partitions dependent on which level of Data Delete is selected.
Q. What safeguards are in place to ensure that only authorized users can launch Data Delete?
A. A number of checks and balances have been put in place to ensure only those personnel whom the Corporation authorizes are entitled to request the Data Delete service. Firstly, the signing officers of the company specify, in the Data Delete pre-authorization agreement, the Administrator-level Customer Center users (“Data Delete Administrators”) who are authorized to request a Data Delete. Secondly, these Data Delete Administrators are provided with a physical RSA SecurID token. To initiate the Data Delete from the Customer Center, the Data Delete Administrator logs in, launches the Request Data Delete screen, selects the computer and Data Delete options, enters the value on the RSA SecurID token display (which changes every 60 seconds) and then re-enters their Customer Center password to validate the Data Delete request.
To sum up, the following safeguards are in place to prevent unauthorized Data Delete requests being performed:
1. A Pre-Authorization agreement must have been completed in full and signed, with originals sent to Absolute for the Data Delete request screen to be visible in the Customer Center.
2. The logged in Customer Center user must have been identified as an Authorized Data Delete administrator in the Pre-Authorization agreement.
3. The logged in Customer Center user must have Administrator-level access to the Customer Center.
4. The logged in Customer Center user must have obtained a physical RSA SecurID key-chain token from Absolute. The token is linked to a specific Customer Center user and is not interchangeable between different users in an account or between different accounts.
5. The password entered by the Customer Center user on the Data Delete Request screen must match the password for the current logged in Customer Center user.
6. The RSA SecurID token value (time dependent) entered on the Data Delete Request screen matches that on Absolute’s SecurID server for that specific Customer Center user.
If all the above conditions are satisfied, Data Delete will be set to run for that computer on the next Computrace Agent call. In addition to these safeguards, an email is sent to the signing officers on the Pre-Authorization agreement when a Data Delete is requested, launched and completed.
Q. What is an RSA SecurID key/token and how does it work?
A. The RSA SecurID® solution is the world’s leading two-factor user authentication system, relied on by thousands of organizations worldwide to protect valuable network resources. Used in conjunction with RSA® Authentication Manager and RSA® Authentication Agent software, an RSA SecurID Authenticator functions like an ATM card. Network and desktop users must identify themselves with two unique factors—something they know, and something they have—before they are granted access. RSA SecurID Authenticators are as simple to use as entering a password, but much more secure. Each end user is assigned a token which generates a new, unpredictable code every 60 seconds. The user combines this number with a password/PIN to log into protected resources.
Each RSA SecurID Authenticator has a unique symmetric key that is combined with a powerful algorithm to generate each new time-based code. Only the RSA Authentication Manager knows which number is valid at that precise moment for that specific user/authenticator combination. See http://www.rsasecurity.com for more details.
Q. Can Absolute run Data Delete on my computers without my permission?
A. No. Absolute cannot run Data Delete as it requires both a Data Delete RSA SecurID token, which only the customer possesses, and a login/password.
Q. Could a rogue Absolute employee with direct access to the DB server, launch Data Delete via a backdoor?
A. No. It's not just a matter of manipulating data on the production DB servers. Launching a Data Delete requires a large number of records in multiple tables to be created in the DB as well as the creation of specific executables in specific directories on the production call servers. A rogue employee would thus need an in-depth knowledge of the inner workings of the Data Delete process as well as administrative level access to both the production call servers and the production DB servers. The few developers that have this in-depth knowledge, do not have access to the production servers and the IT Administrators, that have the production access, do not have the domain knowledge.
Q. What if the assigned Data Delete Administrator leaves the company and takes the RSA token?
A. You should ensure that you remove the Customer Center login (from the Admin->Users menu) when any employee who uses Customer Center, leaves your company – and this is especially important if that person is an approved Data Delete Administrator. You should also contact Absolute to update the pre-authorization agreement (see the pre-authorization agreement for more details). Absolute will also unassign the token and assign a new token to a new Data Delete Administrator if required. Note that there’s also a “panic” button in Customer Center Administration menu under Data Delete - called “Disable Pre-Authorization” – this will cancel any outstanding Data Delete request and remove the ability for any new requests to be setup. The same thing can be achieved by calling Tech Support, who can also disable the pre-authorization. To re-enable the authorization, you’ll need to contact Absolute.
Q. How can I evaluate Data Delete without a token?
A. The process is as follows:
• Contact Absolute to get an Evaluation account setup – you will then be provided with an administrator level login to Customer Center and access to the Computrace agent
• Install the agent on the computer being used to evaluate Data Delete
• Have your company’s Signing officers sign the Data Delete pre-authorization agreement (available in Customer Center Documentation section) and send to Absolute specifying the authorized user’s Customer Center login (this will be the Data Delete Administrator)
• The pre-authorization agreement will be entered into our internal system and an evaluation token will be assigned temporarily to your account – Absolute will contact you and set a time for the evaluation
• At the appointed time, Absolute will guide you through the process of logging into Customer Center and setting up a Data Delete request – when you’re prompted for the SecurId token value, Absolute will provide it over the phone (In a real-world non-evaluation situation, you would have the token and NOT Absolute). Note that the Data Delete Administrator must still enter the SecurID token value under their login, although an Absolute employee will read the token value over the phone.
• Agent makes a call and Data Delete is launched – the status can be viewed from Customer Center - when complete a logfile is uploaded to Customer Center and can be viewed
Q. Is my data protected if the thief never logs onto the Internet?
A. Currently no, but the reality is that the vast majority of stolen computers find their way back onto the Internet fairly quickly, so Data Delete can be activated. Additionally, Absolute is currently looking into adding offline protection for data without the need for an Internet connection. If you have specific security functionality you are interested in implementing, please provide your feedback to Absolute’s Sales department.
Q. If a thief reloads the operating system, why do we need Data Delete, since the data will be deleted anyway?
A. Internal theft accounts for up to 80% of all laptop thefts. In such a scenario, the user will know all the passwords and will not need to reinstall the operating system. When an operating system is reinstalled, on the other hand, the sensitive data has not been fully removed and there are many widely available tools that can be used to recover the data. Data Delete will remove the data to Department of Defense specifications, ensuring the data can not be recovered. Also, performing a Data Delete on a stolen computer also provides the customer with an audit of what files have been deleted. This verification is very important in terms of regulatory compliance.
Q. Is the Data Delete feature mainly for internal theft?
A. Not necessarily. To many organizations, protecting the sensitive data on the computer is more important than recovering the actual computer. Data Delete will provide this data level protection even after a common thief reinstalls an operating system.
Q. How long does it take to perform a Data Delete?
A.The time it takes to perform a Data Delete varies according to the amount of data to be deleted and the speed of the computer but it takes longer to delete files than a normal (Operating System level) delete because of the thoroughness of the Data Deletion algorithm. Typically, a Data Delete can take anywhere from 2 minutes to 10 hours.
Q. Can a Data Delete be stopped?
A. Once the Data Delete process has begun, it can’t be stopped. If a computer is rebooted during this time, the Data Delete process will continue where it left off. If Data Delete has been scheduled on a stolen computer, but hasn’t yet been initiated, you can cancel the Data Delete process from the Customer Center.
Q. Can I purchase Data Delete on its own?
A. No – Data Delete is only available as part of the Computrace Data Protection, ComputraceComplete and ComputracePlus products.
Q. There appear to be many Data Delete statuses – Can you explain what they are?
A. A Data Delete goes through a number of statuses during its lifecycle:
• Requested – The request has been submitted and is a transition state while Data Delete is set up – this state is not usually seen as requests will almost immediately show as ”Set Awaiting Call”
• Set Awaiting Call - A Data Delete request has been created and set for launch on its next call to the Monitoring Center. In this state, the request can still be cancelled.
• Launched – The Computrace Agent has called the Monitoring Center and the Data Delete client has been downloaded and launched – the Data Delete is in progress. The request cannot now be cancelled.
• Completed – The Data Delete has completed and a logfile, showing the deleted files, has been uploaded and can be viewed in Customer Center.
The normal Data Delete status lifecycle is: Requested -> Set Awaiting Call -> Launched -> Completed.
Other statuses are:
• Draft – A Data Delete request has been created but left in a draft (holding) status – in this state, it can be deleted or set to Requested
• Cancelled – A Data Delete of status “Draft” or “Set Awaiting Call” was cancelled prior to the launch of Data Delete
• Failed – The Data Delete failed – please contact Tech Support
• Cleared – The computer was recovered before Data Delete was launched and has been cancelled by the Absolute Recovery team
Q. Are any alerts created when Data Delete is setup?
A. Yes – emails containing details of the computer, the deletion options and the requestor are sent to the requestor (Data Delete Administrator), the 2 signing officers specified on the pre-authorization agreement and to Absolute’s Recovery team at 3 different points during the Data Delete lifecycle:
1) When the Data Delete is requested and its status is set to “Set Awaiting Call”
2) When the Computrace Agent calls and the Data Delete status is set to “Launched”
3) When the Data Delete completes, the logfile is uploaded and the Data Delete status is set to “Completed”
Q. What the perpetual Data Delete option and when should I use it?
A. Normally, if Perpetual Data Delete is not chosen (default), Data Delete is cleared when Data Delete completes and the logfile is uploaded. If the Computrace Agent calls again, Data Delete will not run again. In a theft situation, this usually makes sense as sensitive user data is gone after the initial deletion and subsequent deletions would just delete the thief’s data, which may cause the thief to dump the computer and/or delete potential forensic evidence.
If Perpetual Data Delete is set, Data Delete is NOT cleared after the 1st deletion and will be launched again on every subsequent agent call and the end user will not be able to stop it. Even after a Data Delete with O/S, if the O/S is reinstalled, the Computrace Agent will restore itself and call and then launch Data Delete again. It essentially makes the computer inoperable and should thus be used with care.
Note that Perpetual Data Delete is not available for File/Directory level deletions and is available only if the Data Delete reason is “Stolen/Lost”
Q. Can I run (non-perpetual) Data Delete many times on the same computer?
A. Yes. Once Data Delete has been completed, it can be launched again. This could be used if a file/directory level deletion was chosen and some files or directories were left out of the original list – or to do a file/directory level deletion (to delete more sensitive files first) followed by a full-disk file deletion.
Another reason might be to repeatedly use the file/directory level deletion to enforce policy but it should be noted that Data Delete removes files – it doesn’t do a clean uninstall of programs.
Q. Sometimes the “Choose” computer button on the Data Delete Request screen shows all computers (ESNs) and sometimes it just shows computers that have a theft report created. Why?
A. It’s linked to the Data Delete reason and whether the product purchased includes theft recovery.
If you choose a Data Delete reason of “Stolen/Lost” and you have a product that includes Absolute’s theft recovery service (ComputraceComplete, Computrace Professional or ComputracePlus), you must create a theft report before you create a Data Delete request. Thus if the Data Delete reason = Stolen/Lost, then the Choose Computer list just shows ESNs with a theft report created.
If you choose a Data Delete reason of “Stolen/Lost” and you have a product that does not include the recovery service (Computrace Data Protection), there is no “Report A Theft” option and a theft report is not present even if the Data Delete reason = “Stolen/Lost”.
If you choose a Data Delete reason of “End of Lease”, “Retiring” or “Other”, a theft report is not required regardless of the product purchased.
Q. Do I need a police and/or theft report to create a Data Delete?
A. in a theft scenario (DD Reason = Stolen/Lost), where a product with the theft recovery service (CT+, CTC, CTPro) has been purchased, the customer can create an Absolute theft report and then setup a Data Delete before they get a police report - and when they get the police report, they can go back and update the theft report.
And if the Data Delete request is not as a result of a theft (DD Reason = End of Lease, Retiring, Other), neither a theft report nor a police report is needed.
^ back to top
COMPUTRACE AGENT
Q. Can the Computrace Agent be removed?
A. The Computrace Agent is extremely difficult to remove. The Computrace software incorporates a self-healing technology that we call “persistence”, which essentially rebuilds the agent software installation even if the agent service is deleted by conventional means. The self-healing function is not resident within the file system and is more difficult to detect and remove than “normal” software. The persistent and self-healing portion of the software is difficult to remove because it is stealthy. The software can normally only be removed by a request to Absolute’s Technical Support department. The self-healing feature will repair a Computrace installation in newly formatted and installed operating systems as well as freshly imaged systems. This “persistent” design is maximized in laptops with the persistence module in the BIOS (see later section – Computrace BIOS based agent).
Q. What needs to be in place for the agent to be persistent?
A. There are two levels of persistence for the Computrace agent. The highest level of persistence occurs when the persistent module is embedded into the BIOS of the computer. In this solution, there is no additional hardware or software configuration needed for the agent to be persistent. Computers that do not have the Computrace agent embedded into the BIOS will have the software version of the persistence module installed in the partition gap on the hard drive.
Q. Can the Computrace Agent be detected?
A. The Computrace Agent is very difficult to detect. The Computrace software runs as a non-descript service, and is not listed as an application. As well, the product does not show up on the programs menu listing or as a system tray icon.
Q. What is the footprint, or size, of the agent?
A. The Computrace agent has a very small footprint, requiring less than 100Kb of disk space.
Q. Will the agent degrade our network, or clog it up?
A. Computrace agent communications require very little bandwidth and should have a negligible effect on your network traffic. A typical agent call requires less than 200Kb of bandwidth.
Q. Is the agent easy to install?
A. The Computrace agent is very easy to install as the installer is a standard Microsoft MSI install package. The agent can also be easily installed on a corporate image or deployed using standard deployment tools such as Active Directory or logon scripts.
^ back to top
CONNECTIVITY
Q. How often does the Computrace Agent contact the Monitoring Center?
A. The call frequency is typically set to once daily and is automatically reset to call every 15 minutes after a computer has been reported stolen.
Q. Can the Computrace Agent work through firewalls (including personal firewalls) to reach the Internet?
A. Yes. Our paradigm for our customers is, “If you can browse, Computrace will work.” Our goal is as close to zero-configuration as possible. In some configurations, older versions of the Computrace agent require the user to permit Internet access the first time it attempted to contact the Monitoring Server. Newer versions of our agent enhance the zero-configuration paradigm so that this first connection permission is not required.
Q. Will the Computrace Agent work with a DSL or cable Internet service?
A. Yes. Computrace will work over a dial-up connection or with any Internet connection (cable, DSL, wireless).
^ back to top
COMPLIANCE
Q. How does Absolute help with Sarbanes-Oxley compliance?
A. Absolute’s products help organizations comply with Sarbanes-Oxley in 2 distinct ways: Section 1102 of Sarbanes-Oxley mandates stricter controls on financial data. Since Computrace Data Protection provides information on who is accessing information, when and on what machines, Computrace Data Protection can assist companies in placing stricter controls on access to financial data. Secondly, Sarbanes-Oxley mandates that organizations report all company assets. Since IT assets are a significant portion of any organization’s total asset base, Computrace Data Protection is necessary to help assist in locating and reporting on those IT assets – especially those hard to track remote assets. All asset information collected with Computrace Data Protection is stored, forming historical records and an accounting audit trail. Storing historical records of assets and providing an audit trail is also mandated under Sarbanes-Oxley. Since Gartner claims that standard asset tracking tools only account for approximately 60% of IT assets, Computrace Data Protection can help organizations locate and report on the outstanding 40% of IT assets.
Q. How does Absolute help with California Senate Bill 1386 compliance?
A. California Senate Bill 1386 mandates that organizations must report on any security breach that is reasonably thought to expose any California resident’s personal information. Absolute helps organizations comply with California Senate Bill 1386 by deleting data on stolen laptops that potentially contain sensitive information. Additionally, Computrace Data Protection gets to the root of the problem by potentially identifying internal thieves and helping to stop internal theft. Computrace Data Protection can also help identify the 40% of misplaced machines that Gartner claims most organizations cannot locate.
Q. How does Absolute help with compliance for New York State Senate Bills S.5178 & S.3492A?
A. The two recently passed Bills in New York State mandate the proper disposal or destruction of records containing private information in order to help address the growing problem of identity theft. Under the provisions of these Bills, businesses must also notify customers that their private information was stolen, as soon as possible after a breach is discovered. Absolute helps organizations comply with these Bills by recovering stolen laptops that contain sensitive information. Our Data Delete feature can remotely wipe sensitive data and will provide confirmation when the data wipe is complete. This wipe is a Department of Defense standard and is the only way to receive confirmation that your data is secure. Additionally, Computrace gets to the root of the problem by identifying internal thieves and helping to stop internal theft. Computrace Data Protection can also help identify the 40% of misplaced machines that Gartner claims most organizations cannot locate.
Q. How does Absolute help with Gramm-Leach-Bliley (GLB) compliance?
A. Gramm-Leach-Bliley mandates that all companies protect the security and confidentiality of customers’ private information. Absolute’s products add an extra layer of security by establishing who is using a device and where, as well as ensuring that those devices can be located at all times. Under the provisions of Gramm-Leach-Bliley, personal information must be safeguarded at all times. Since businesses store personal information on remote and mobile computers, it is imperative to retrieve any lost or stolen device to ensure that the information contained on them was not used in any malicious manner. Also, theft recovery software helps eradicate any security problems by identifying internal thieves. Recovering stolen machines helps to establish whether any personal information was exposed. Absolute’s Data Delete can help minimize the risk of data being exposed by remotely deleting any sensitive files.
Q. How does Absolute help with HIPAA compliance?
A. HIPAA establishes rules for handling and securing medical records to ensure the privacy and security of patient information. Absolute’s products help organizations comply with HIPAA by deleting data on stolen laptops that contain sensitive healthcare information such as patient records – stopping the information from falling into the wrong hands. Computrace Data Protection can also help identify the 40% of misplaced machines that Gartner claims most organizations cannot locate.
^ back to top
ENCRYPTION, CABLES AND OTHER PROTECTION METHODS
Q. I have encryption – why do I need Computrace Data Protection?
A. Encryption is a good start, but it does not address all aspects of data protection. The Gartner Group has estimated that up to 80% of all laptop theft is internal theft by employees. In this scenario, encryption offers little protection as the employee will have access to the encryption keys and hence the data. Computrace Data Protection, on the other hand, provides the customer with an audit log of exactly which sensitive data has been deleted. This allows customers to verify that the sensitive data has been removed from the stolen laptop which is very important for regulatory compliance.
Q. I have encryption software and Computrace in the BIOS. Will I have to worry about compatibility?
A. Computers that have the Computrace agent embedded into the BIOS should have no compatibility issues with encryption products.
Q. With which encryption vendors is Computrace compatible?
A. Computrace is fully compatible for all file level encryption products and with some full disk encryption products including SafeGuard Easy from Utimaco.
Q. I have locks and cables – why do I need Computrace?
A. Locks and cables are somewhat effective as a visible deterrent to external theft, but in practice, cables can very easily be ripped out of a secured laptop with a good, strong tug – with no tools necessary. Further, cables are not a deterrent in most cases of laptop theft as the theft is committed by internal employees, who possess keys to the cable locks. As well, locks and cables do not offer protection for remote and mobile users as the lock will not be in use when the user is traveling, for example
Q. I have asset tags – why do I need Computrace?
A. Asset tags have proven to be an ineffective theft deterrent: The tag is simply removed by the thief after the computer is stolen.
Q. I am considering RFID – why do I need Computrace?
A. RFID requires that the asset’s RFID tag be within close proximity to an RFID reader. These readers are expensive and require significant resources to implement. Also, once a laptop is removed from close proximity to a reader it can not be tracked.
^ back to top
MONITORING CENTER
Q. What if your server is unavailable when the agent tries to call?
A. If the Computrace agent is unable to connect to the Monitoring Server during its regularly scheduled time, it will attempt to call every 15 minutes until successful.
Q. How do I know that the Monitoring Server and Customer Center is safeguarded against access to unauthorized users?
A. Absolute has implemented numerous safeguards to restrict unauthorized access to the Absolute Monitoring server and the Customer Center. The Absolute Monitoring server can only be accessed via client-initiated Computrace agent communications. Access requires two-way authentication ensuring only valid Computrace agents can access the server. All agent communications are encrypted with RC4 128-bit encryption. All call statistics and asset tracking data are logically partitioned into separate accounts. Access to this data via the Customer Center requires user authentication on a secure login page requiring a username and password. Authorization is handled via user profile setup. Admin users have the ability to restrict power and guest users to groups of Electronic Serial Numbers (ESNs).
Q. Where is my data stored?
A. Absolute Software hosts the Absolute Monitoring Center in a co-location hosting facility owned by Telus Corporation. The Telus facility provides restricted access security, redundant high-speed access to the Internet and redundant power supply to the Absolute Monitoring Center. Absolute has implemented a full backup and restore plan with nightly backups stored on a separate server and weekly offsite backups. Absolute has mandated a maximum down-time of 4 hours for website access and a maximum of 24 hours to restore the agent communications server for a site-contained catastrophic event.
Q. What type of data is being collected by the Computrace agent?
A. The Computrace agent has the ability to gather the following four categories of information, which are primarily data points to allow us to recover lost or stolen computers and to provide asset management of your computers:
1. Location: phone number, local IP address, routable IP address, MAC address, date, time.
2. User: Electronic Serial Number (ESN), user name, computer name, e-mail address.
3. Hardware*:
• Basic system information: processor type, processor speed, hard disk size, hard disk space available, RAM size, computer make/model/serial number, number of CPUs, BIOS version (PC), BIOS date (PC), networking device description (PC).
• Storage information: logical drive summary (drive name, type, file system, total size and available space), storage device (ATA, ATAPI/SCSI – e.g., hard drive, CD/DVD)(PC), floppy/removable drive, tape drive, RAM disk, network drive, other device, hard disk model, serial number, firmware revision (for SMART-enabled hard disks). Also, hard disk attributes for NT/2000/XP: raw read error rate, spin up time, start/stop count, reallocated sector count, seek error rate, power on hours count, spin retry count, calibration retry count, power cycle count.
• Printer information: printer attribute, name, driver name, port, share name, server name.
• Video system and monitor information: video device description and resolution, video display color depth, monitor type & manufacturer, and monitor refresh rate.
•
Modem information: modem model, port (if available), speed rating: maximum baud rate (if available), networking device description.
4. Software: operating system, service packs for operating systems, software application, version, program & publisher; virus protection title & version, virus protection definition title & definition description.
^ back to top
COMPUTRACE BIOS-BASED AGENT
Q. What is the Computrace BIOS-based Agent?
A. The Computrace BIOS-based Agent refers to the portion of the Computrace agent software that is pre-loaded in the BIOS by various PC OEM vendors, and includes the persistence module. It is enabled when a customer purchases and installs Computrace Data Protection. It is the persistence module that determines Computrace’s ability to survive malicious or accidental attempts to remove the product.
Q. How does the Computrace BIOS agent improve persistence, and what is the value to customers?
A. Persistence relates to the Computrace agent’s ability to survive operating re-installations, hard-drive reformats, hard drive replacements and hard drive re-imaging. This persistence is critical in order to survive unauthorized removal attempts in case of theft. The extra level of persistence provided by the Computrace BIOS agent enables the Absolute Recovery Team to track and recover computers that have been stolen even if the hard drive has been removed or tampered with. It provides customers with the highest level of software-based computer theft recovery available on the market.
Q. How is Computrace preloaded on laptops?
A. The self-healing, persistence module of the Computrace agent is built-in, but disabled. A customer administrator must activate Computrace in order for the persistence module to be enabled in the BIOS. To activate Computrace, the customer first purchases the service (preferably at the same time as when they purchase their laptop) and installs the Computrace software. The first call to the monitoring server will detect and enable the persistence module. Once enabled, the BIOS module’s self-healing feature will repair a Computrace agent installation even if the hard drive is completely replaced. The customer may also install the Computrace software through several PC OEM’s factory imaging processes, through the customer’s own imaging process or through a network installation process. Absolute routinely provides tools, assistance and scripts in support of most mass-deployment technologies in use today.
Q. How does having Computrace in the BIOS improve theft recovery?
A. The Computrace BIOS self-healing persistence module is the most persistent solution known to us. It will survive unauthorized attempts to delete it as well as accidental removal during IMAC procedures. With the Computrace BIOS agent, the customer has the very best chance of recovering their stolen or lost computer.
Q. I understand the agent is extremely persistent, but in the real world, what added functionality does this provide?
A. BIOS-based persistence makes the Computrace agent more secure, reliable and easier to track and recover if stolen. Additionally, IT staffs don’t have to alter any of their IMAC procedures to accommodate the addition of Computrace.
Q. How is the Computrace BIOS agent enabled/disabled on my notebook computer(s)?
A. The self-healing persistence module of Computrace is shipped disabled on the notebook and must be enabled through customer activation at the time of notebook purchase. The Computrace persistence module is enabled by installing the Computrace software provided by Absolute Software, or by its inclusion in an image deployment. Please contact Absolute for more information.
Q. What happens if I flash my BIOS? Will I need to reinstall Computrace?
A. No. If the persistence module in the BIOS has been enabled, Computrace’s self-healing feature will repair the agent software and your notebook will still be protected. The enable/disable state of the persistence module is not stored in a part of the BIOS that can be flashed to remove it.
Q. Will Computrace still work if I undergo an IMAC process such as replacing a hard drive?
A. Yes. The BIOS-resident self-healing feature of Computrace will survive IMAC procedures such as imaging, hard drive replacement or operating system changes, and will continue to protect your computer.
Q. What information is the Computrace agent reporting?
A. The Computrace Agent reports the make, model, hardware serial numbers and IP address of the computer.
Q. Is the Computrace agent monitoring my activities on the computer?
A. No. The agent remains inactive until its next scheduled call. Only if the computer is reported stolen by the customer is any further action taken.
Q. How do I remove the product if I no longer want it on my computer?
A. The product can be removed via the server through a request to Absolute’s Technical Support department. The server will deactivate the agent and BIOS module during the next call if a properly authenticated request is posted to the customer’s account for that specific platform.
Q. Does the BIOS-enabled Computrace agent support all of Absolute's products, or just some?
A. All Absolute products can take advantage of Computrace in the BIOS.
Q. Is my computer automatically protected from theft by having the Computrace agent in the BIOS?
A. No. The customer must purchase and activate the Computrace theft recovery service in order to leverage the BIOS-based self-healing and persistence feature of our product.
Q. Must I buy a special version of Computrace to take advantage of the BIOS-based agent on laptops?
A. No. All current versions of Computrace will support the BIOS-based agent.
Q. Which laptops come with Computrace pre-loaded?
A. To date, the following manufacturers have announced support for Computrace in the BIOS on the following models:
• Lenovo (IBM) – Z60t, Z60m, R52, R51e, T43, T43p, T60p, T60, X60, X60s, X41, X41 tablet
• Gateway – M250, M255, M280, M465, M460, M685, M680
• HP - nc6220, nc6230, nx6110, nc6110, nx6120, nc6120, nx6310, nx6320, nc4200, tc4200, nx8220, nc8230, nw8240, nx9420
• Dell - Latitude D410, D510, D620, D610, D820, D810, X1, 110L, 120L, Precision M20, M70, M90, Inspiron 6000, 9300, 9400, XPS M170, Inspiron 1300/130B, XPS M140
^ back to top
