I was reading this article about Oakley Networks' plan to offer software that can locate stolen laptops and wipe laptop data by remote if needed. An interesting idea.
http://www.eweek.com/article2/0,1895,2061970,00.asp

Ummm...doesn't that thing remind anyone else of, let's see...maybe BackOrifice?

Well Black Orifice was free malware, and this is paid software?

Sounds almost like Oakley's starting their own botnet. :-)

One limitation to the SureFind technology is that a laptop has to be connected to the Internet to be found. If a thief decides to download data onto an external device, and never ends up attaching it to a Web-enabled connection, SureFind will not be able to locate it or to erase any data.

...Yeah, that's a problem! The article doesn't tell you too much on how it "calls in" to Oakley to activate the beacon, exactly what information is transferred, or if the information transferred is secured in any way, either. There are a lot of unknown variables and assumptions. One big assumption is that you trust Oakley with your sensitive data and your system, for that matter.

If a stolen computer is connected to a home router--where all ports are typically open outbound--then yeah, this might work. But most corporate networks rely on a firewall to block such outbound traffic and/or utilize authenticated proxy servers.

Without knowing anything about how this really works, another concern would be someone figuring out how to activate the "self destruct" through a spoof and blowing up the "protected" data on the computers running the software. Or Oakley accidentally activating the "self destruct" on the wrong computer. Imagine explaining that one to the customer!... "We're very sorry, but you do maintain backups, right?"

One reader's comment...

what if there was a way to trigger data destruction on a lost/stolen machine WITHOUT mandating an internet connection? Would that interest companies?

I'd love to know what this guy is proposing! The only way I can think of to accomplish something like this is, if communication with Oakley is lost for more than X amount of time, initiate the "self destruct". That sounds like risky business, too.

In closing, it's a neat idea but I think whole disk encryption would be safer. Anyone else have an opinion?

There are a few apps around like this, and they are all based on rootkits.
Most AV, configurable firewalls and rootkit scanners know of their existence as they are on a white-list, and therefore don't show up normally.

Most of these systems receive some info from the rootkit client every time the system is connected to the net - if a system is reported stolen then the ID of the client machine (which have a unique ID number) is flagged, and the next time the machine connects to the net, then the appropriate action is taken.

Most of the time this involves locking the data and retrieving the IP address of the offending machine, and then passing that info to the police.
Locking the data shouldn't be a problem - if a system needs to be secure, then it should be encrypted, and a key generated at startup could be removed if a 'stolen' flag is raised on a particular machine.

With the type of encryption available today, it's a safe bet that the data can no longer be retrieved.
Of course anyone knowing what they're doing who is actually after the data, will remove the hdd and clone it first, and scan it from another machine.....

With the type of encryption available today, it's a safe bet that the data can no longer be retrieved.
I would not be so certain, there may be a problem if the attacker knows the CPU of the target:

http://eprint.iacr.org/2006/351

Ouch!!:eek:
If they're getting round RSA, what else is coming soon?

Thiefs are not as stupid as people think, I am sure that if someone steals a laptop to get the company data he/she will not even connect to the net.

Personaly if I was about to steal a laptop to get some info (which I would never do) I would hook-up the HD to a second machine get the data, run a low-level format and reinstal the OS on the PC.

So it seems that this softwere is kind of useless.

This is aimed more at dealing with thefts of laptops that are stolen by opportunists or those who break in somewhere just to grab the IT gear because they can sell it.
Most of these then sell it on or are looking for financial details etc.
Data theft is not the usual reason for IT theft. Some of the people I deal with work with ex-offenders, who wouldn't bat an eyelid at stealing a computer, but would scratch their head when it came to turning it on.

There are no perfect solutions, but as long as it can be made sure (i.e. no exploits to trigger wiping without the intention of the owner) I think it's a good thing.

It would be interesting to see how the newer AVs react to this.
I just received an email from ESET regarding the latest release of NOD32, which is compatible with Vista, and also now includes root kit scanning and other 'stealth' technology.