A software agent is a persistent, goaloriented computer program that reacts to its environment and runs without continuous direct supervision to perform some function for an end user or another program. Authorized customers are able to uninstall the computrace software agent and disable persistence at their discretion. Detecting and removing absolute persistence technology. It can add lines on your hosts files to disable communications between your computer and the computrace servers. All you need to do is call the number that pops up when you go into the bios. The absolute persistence module is built to detect when the computrace andor absolute manage software agents have been removed, ensuring they are automatically reinstalled, even if the firmware is flashed, the device is reimaged, the hard drive is replaced, or if a tablet or smartphone is wiped clean to factory settings. Resilient cybersecurity for your devices, data, and security controls. The software agent behaves like a rootkit, reinstalling a small installer agent into the windows os at boot time. Lojack, formally known as computrace, is a legitimate laptop. In addition, the bios security for computrace is enabled, but will not activate. It is the action that agent performs after any given sequence of percepts.
Furthermore, as this series of malicious software used the lojack agent during delivery, we dubbed it lojax. Kaspersky confirms hidden threat in bioses pc and warns that absolute computrace antitheft agent can be remotely hijacked. The persistent security features are built into the firmware of devices themselves. The small agent is a piece of code that is of minimal possible size and maximum extensibility.
Computraceplus is a softwarebased pc tracking and loss control service powered by the computrace technology platform. It adds a browser helper object bho to internet explorer. Executive summary asert recently discovered lojack agents containing. Also on computrace official site there is a list of laptop models where computrace is preinstalled by manufacturers, so if you buy a new laptop that is in the list you have computrace. Any authority or hacker can alter the files and take full control over your machine, including full activity monitoring and deleting files. Background on wednesday, february 12th, kaspersky lab.
T selfmonitoring analysis and reporting technology phone. Computrace is designed to be activated, deactivated, controlled and managed. Attackers can use computrace antitheft tool to remote. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality. To ensure computrace is running on your laptop check the following settings in your laptops. Thoughts on absolute computrace blazes security blog. So yes, computrace seems to be a permanent backdoor, unless you have hardware experience to inspect and follow bios modification, decribed by kaspersky. Well that all depends on if you own a samsung galaxy s5 s. Attackers can use computrace antitheft tool to remote wipe pcs. Absolute computrace antitheft software can be remotely hijacked. Disabling absolute in uefi microsoft surface forums.
Computrace, an antitheft application, is installed and running on the remote host. Some, but not all, software agents have uis user interfaces. Another example is intels antitheft technology which apparently will cease to exist in. Computrace can be installed on 32bit versions of windows xpvista7810. It is the criteria, which determines how successful an agent is. Faq on absolute computrace case security vulnerability. This installer later downloads the full agent from absolutes servers via the internet. This software is used to trace stolen laptops, with features including the abilities to remotely lock, delete files from, and locate the stolen laptop on a map. Note that the computrace components are however still installed in windows and must be manually removed as i.
If your machine is offlease, and hasnt been stolen, it should be easy to get computrace removed. Solution determine if computrace is acceptable software for your. Absolute softwares antitheft computrace software is mysteriously installed on brand new machines, nearly impossible to remove, and exploitable. This means, in the event that the hard drive on the program laptop has been reformated or replaced the computrace software stays intact. Our intention was to evaluate how secure computrace agent. The software agent behaves like a rootkit, reinstalling a small installer agent into the windows os. Once installed, the agent automatically contacts the monitoring center on. How it works through our partnership with leading computer manufacturers, our computrace agent was embedded in the firmware of many computers at the. Absolute softwares press release from 2009 claims that the computrace bios module is activated by the installation of absolute software by our customers, and is never forced upon any user. And the answer to your last question would be yes, but. Please wait a moment while youre redirected to the absolute authentication server. While absolute software is a legitimate company and information about. In 2005, absolute software released lojack for loaptops, also known as computrace. The distribution mechanism for the malicious lojack samples remains unknown.
How recent was the computrace agent variant you found. A software agent is the computer analog of an autonomous robot. Permanently disabled permanently disables the computrace activation. Tell him you bought a used machine with computrace activated and that you want to have it removed. An intelligent agent is basically a piece of software taking decisions and executing some actions. Even if the hard drive is removed or formatted, it reinstalls itself and continues to track the device.
Computrace by absolute software should i remove it. This tool check for any presence of the computrace lojack spyware. We downloaded arbor networks samples and can confirm they are all. In 2005, absolute software released lojack for loaptops, also known as. A issue was opened on the forum asking we have a computer which has never placed a call into dds. I purchased a lenovo t430 off of craigslist i know and a couple of weeks after reinstalling windows i got a call saying that the laptop was stolen from ohio, i work in california. They also informed me based off of the screenshots that were taken and sent to them the could tell i was a. Secret agent computrace software inserts a stealthy agentan 8kb virtual device driveron the hard drive that contacts absolutes monitoring service at set intervals. Computrace agent is a windows application that has two variants. It pro tips for absolute software computrace client 8. Tracking and analysis of the lojackcomputrace incident.
Computrace has been shown to be installed on systems without the owners knowledge and could allow possible attacks that can take control over the machine when it is not properly configured. What to do if computrace is activated in your tp bios. Introduction 12 aboutthisguide 12 audience 12 userroles 12 otheruserroles usingthisguide conventionsusedinthisguide 14 chapter2. The absolute agents are client software that you install on devices you want to manage using. En with this simple utility check if the computrace lojack spyware is on your computer. Computrace is an application that is embedded into the laptops firmware bios. They explained that those computrace agents were never registered in their.
It can be activated by customers when they purchase a subscription with terms ranging from one to four years. Its products have set an industry standard for persistent endpoint security and data risk management for computers, laptops, tablets, and smartphones. Problem due to recent security enhancements made to computrace, and the resulting automatic client component updates that occurred, a small subset of users are receiving warnings from av products that a file belonging to absolute software is being prevented from running, or that the computrace agent is being prevented from calling. A program which autonomously acts on behalf of its human or organizational principal while carrying out complex information and communication tasks which have been delegated to it. Computrace is a software program developed by absolute software. Lojack makes an excellent doubleagent due to appearing as legit software while. After the case raised by kaspersky team on the computrace agent i tried to contact absolute software received the following official reply on the results of the investigation.
With the recent growth of ai, deepreinforcementmachine learning, agents are becoming more and more intelligent with time. Computrace design suite is now available worldwide. The absolute persistence module is built to detect when the computrace andor absolute manage software agents have been removed, ensuring they are. By continuing to use this site andor clicking the accept button you are providing consent quest software and its affiliates do not sell the personal data you provide to us either when. Introduction to lojack with a history of 20 years, absolute software has been a leading provider for device security, management, and tracking. I recently acquired one of these devices and was as one could imagine very pleased with my sparkly new handset. At the black hat briefings conference in 2009, researchers showed that the implementation of the computracelojack agent. Analyst mike vizard has an overview of absolute software in an august 2017 column in it business.
Absolute computrace antitheft software can be remotely. Administrators guide for absolute agent absolute software. This module is embedded into bios pci option rom or uefi firmware. The machine was freshly bought and the user never ordered, installed or even heard of computrace software. The agent is installed, but the unit will not place a test call. The unit has the same bios version and tpm version as many of our other computers. This module is embedded into bios pci option rom or. The computrace agent is a software client that resides on the hard drive of host pcs.
The behavior of the lojax sample seems to be similar to the previous versions and. A software agent has encoded bit strings as its programs and actions. Deploying the persistence agent successfully in bios, for example, makes heavy use. Thermon computrace introduction open computrace step 1. It is agent s perceptual inputs at a given instance. Deploying the persistence agent successfully in bios, for example, makes heavy. And in the event of loss or theft, computrace can help you recover your computer. The focus of the research was the absolute computrace agent that resides in the firmware, or pc rom bios, of modern laptops. Computrace agents aggressive behaviour has even prompted some antivirus firms to label it as malware on occasion, kaspersky notes, adding that. Technically computrace is a permanent irremovable for an averageaboveaverage user backdoor. Absolute software was warned about the issue as early as 2009. This tool was originally designed by absolute software inc. Millions of pcs affected by mysterious computrace backdoor.
The agent is low level, runs silently and automatically, and does not appear on the desktop or file directories. Absolute persistence technology amounts to a persistent rootkit preinstalled by many device manufacturers acer, asus, dell, hp, lenovo, samsung, toshiba, etc to facilitate lojack for laptops, and other backdoor services the absolute persistence module is built to detect when the computrace andor absolute manage software agents have been removed, ensuring they are automatically. In the past, this software was known as computrace. Computraceplus helps organizations track pcs, deter theft, investigate loss, locate and recover stolen pcs, perform forensic data recovery and locate lease returns. For example in a lenovo thinkcenter, the setting is in the security section. The computrace agent communicates with the absolute software monitoring server at. Antivirus application compatibility with computrace. I can tell you first hand computrace works very well. Q how to remove computrace agent samsung galaxy s6. Tracking and analysis of the lojackcomputrace incident nsfocus. Absolute is the industry benchmark in endpoint resilience, factoryembedded by every major pc manufacturer including dell, lenovo, hp and 23 more. Links related to absolute software computrace client. Computraceplus is used by businesses and corporations of all sizes in any industry to keep track of their pc population and put and end to uncontrolled loss and potential security breaches. An antitheft software installed on laptops from prettymuch every major computer manufacturer can be used by attackers to hijack.
The computrace software agent that powers absolute softwares solutions is embedded in the bios of computers from the worlds leading computer manufacturers. Command line arguments minimally interactive install u unattended install s silent install exit codes common exit codes. Starting a new project to continue, click next use a unique project name and project number for each project. Create an unbreakable connection to every endpoint, ensuring they are visible, protected, and compliant at all times. What are some examples of software intelligent agents.
342 127 1186 547 903 1472 12 569 896 1147 1500 885 354 1445 133 1186 596 1229 734 1047 635 767 804 1222 1378 226 732 1116 238 644 1430 1192 277 909 529 456 927 698 1352 974 1230