by Greg Ross
LoJack for Laptops Security Review
LoJack for Laptops is an easy to use anti-theft security software that promises to aid you and police in recovering your laptop should it get stolen. At $49.99 for a single-year license, and $99.99 for a three-year license, CompuTrace’s LoJack for Laptops is a cheap and effective (but not perfect) way to help protect and recover what you hold dear.
What LoJack for Laptops Is Good For
Laptops get stolen every day. According to the FBI, over two million notebooks are stolen every year. That means that on average one laptop is stolen every 16 seconds! They are very portable, very valuable, and potentially contain much more information about you than you care to give to a common criminal.
As far as security solutions go, there are two types of tools you have available:
- Those that reduce the chances of theft
- Those that increase the chances of you recovering your stolen hardware
While there are plenty of products that help prevent theft, there are very few tools that help to recover information or actual hardware in the event of theft. LoJack for Laptops is one such product that helps you to track your hardware that has been stolen, and with a little help from police recovering your laptop is certainly possible.
Installing the Software
Lojack can be purchased online at www.lojackforlaptops.com and the installation is painless. For this review, a complementary license was provided, but normally the key would either be displayed on your screen or emailed to you once your purchase is made. After creating your account, registering your laptop and serial number, and providing your license key, the software is installed via an ActiveX control in Internet Explorer.
Yes, installation is that easy! (view large image)
The only potential problem is that this software DOES NOT work with several brands of notebooks. Apparently, this is because of a software conflict with an OS Restoration utility found on Averatec, Asus, Twinhead, and Systemax laptops. I do not know if that problem can be circumvented, but I have to say it is likely that this software will not work if you own one of these laptops.
Note that some laptop brands will not work with LoJack (Averatec, Asus, Twinhead, Systemax)
Once the software is installed, and one reboot later, LoJack will be silently running in the background. CompuTrace claims that the software is hidden to the user and can never be found, but that is only partially accurate. You are not going to find any information about LoJack in the Programs Directory, the Control Panel, or even as some part of IE in Windows. But, you can see some evidence of the software if you know where to look. It runs behind the scenes out of an innocently named file under the C:\WINDOWS\System32 directory, and under the Task Manager you can see an extra process running in the background. While both the file and process is innocently named, this just shows if you know where to look you can find evidence of LoJack on the laptop. However, the common criminal is probably not going to know where to look for this evidence (or even know that the evidence indicates the presence of LoJack on the laptop).
There is one extra process that shows up after installing LoJack
The above photo shows the only evidence anyone will probably ever see that LoJack is installed in the system. The list of processes showing is organized in a non-alphanumeric order to avoid revealing too much information, and the process name is blacked out at the request of CompuTrace.
Obviously, I am not going to divulge the name of the file or the process that launches from it, but I do know it is there. Again though, you have to be looking in one or two specific spots and have to know a little more about the software to even find a hint of its working. But what irks me is that I do not know if I have found all the evidence of LoJack on my laptop.
How Does It Work
As discussed, CompuTrace’s LoJack for Laptops discreetly runs in the background without the knowledge or awareness of the user or a thief. It silently “phones-home” to CompuTrace on average of once a day. If/When you report your laptop as stolen to CompuTrace, which you can do by either calling into a toll free number or filing a report online on their website, the next time that the laptop does its daily check-in LoJack will see the laptop’s current status as STOLEN. After that, LoJack will continue to phone-home much more often (sometimes as often as every 30 minutes) to report its location to CompuTrace.
Here is a brief overview of the information CompuTrace records (view large image)
According to the FBI, if a laptop is stolen most of the time that laptop will never be recovered. With LoJack installed, CompuTrace claims about 75% of all laptops are actually recovered. This makes sense, as many thieves are probably not going to be smart enough to wipe the hard drive. They try to recover data from the laptop, or just pawn it off or eBay it. Turn it on the first time, and the laptop will phone its location in…and it gets recovered by the police.
Do not think that a theft can hide behind a home network or corporate network in order to hide its true location. Even though you may have a local IP address (which CompuTrace does collect), LoJack also reports the proxy IP address that is also associated with your laptop. In the best case scenario, the proxy IP would give police enough information to accurately locate your laptop. At worst, police may have to contact a network administrator that is responsible for the proxy to track down the physical location of the local IP address. Just as an additional confirmation that a recovered laptop is yours, CompuTrace will give police the registered serial number for the laptop to do physical verification of ownership.
So What Happens if My Laptop is Stolen
Well, the sooner you report its theft the better. In order to utilize the services that CompuTrace has to offer, you must also file a police report with your local precinct. When reporting the theft to CompuTrace, you have to also give CompuTrace the police report number and other information that will allow them to get a copy of the report.
You can provide that police report information immediately upon filing your theft claim, or wait up to two weeks to give the police report to CompuTrace’s Recovery Team. Additionally, the more information you can give CompuTrace (last known location, last time you had it in your possession, etc) the better off you may be.
LoJack software reporting laptop as being stolen now (view large image)
Once the report is filed, the LoJack theft claim initiated and the LoJack software begins to phone home more often, CompuTrace will continue to track its IP location on the internet. After that, there is nothing else you have to do. CompuTrace’s Recovery Team will take care of the rest. Using the police report that you give to the Recovery Team, CompuTrace will file a subpoena with the courts and get a court order forcing the ISP (Internet Service Provider) companies to reveal the physical address (or addresses) that belong to the IP addresses the laptop’s LoJack software reports.
Once that information has been obtained, CompuTrace will also contact the appropriate police department and notify them of the theft, give them the police report you filed, and also provide the location of the laptop as given by the subpoena-ed ISP information. Finally, you will (hopefully) get a call from either the police or CompuTrace to notify you that your laptop is found and make arrangements for you to get your PC back.
Well, What Happens If I Do Not Get My Laptop Back?
If certain conditions are met and LoJack/CompuTrace fails to get your laptop back in your hands, CompuTrace does offer a money back guarantee on the license of software you purchased. If the laptop is not recovered within 30 days, you are entitled to that refund. However, you have to report the theft to CompuTrace within 30 days of the actual theft, and your laptop had to have checked in at least once in the 30 days prior to the day your laptop was stolen. Obviously, the latter condition is a protective measure as they want some type of assurance that the laptop did have LoJack actually installed on it and was not disabled.
Unfortunately, CompuTrace does not refund the cost of the laptop back to you, so a private insurance policy would be useful!
When the Laptop was Reported Stolen
For the purposes of this review, LoJack was installed on my laptop and a theft was staged. Before anyone cries foul, the simulation did not involve the filing of police reports or any subpoenas being issued. It was simply a test of CompuTrace’s ability to resolve the IP location of my laptop, how often it phoned home, and how accurate the tracking data was.
To give the software a run for its money, LoJack was installed several days before a cross-country vacation to Arizona and the Grand Canyon. Now, it gets confusing…
Currently, I am a student at Purdue University in West Lafayette, Indiana. Shortly before the trip, I traveled to Columbus, Ohio where the software was installed. I flew out of Columbus to Phoenix, Arizona before settling in at a hotel in Sedona, Arizona. Two days later, on May 8th, I filed a theft report “claiming” that the maid had stolen my laptop.
After that, I went silent when I traveled to the rim of the Grand Canyon. For two days straight, my laptop was not plugged into the Internet. Then, I reconnected to the Internet for one night in order to look up directions to travel back to Pheonix, Arizona. The next time my laptop was online was for about 25 minutes before my flight out of Arizona, and I was connected to the airport’s WiFi network. I intentionally stayed online for less than 30 minutes, hoping that the laptop would not phone home (it normally will call every 30 minutes when it is stolen).
I was finally back to Columbus, Ohio…but only for a few days. The test concluded about a day or two after I got back home to West Lafayette, Indiana.
Review of Service Provided When the Laptop was Reported Stolen
For the record, all of the information contained in this section was derived from CompuTraces logs of my system calls that was provided to me upon request. Using those IP logs, I was able to do a little research to get a rough idea of where the IP was located. More accurate information would have had to have been obtained by subpoenaing the Internet Service Providers.
The same day that I installed the software, my laptop phoned home to CompuTrace and the IP address recorded. Data collected included the Local IP, Proxy IP, Computer Time Stamp, OS Detected, and User Name that I was logged on into. The IP address given to CompuTrace also was able to properly pin me down to Columbus.
In the morning on 5/9/07, when I turned on my laptop and it immediately phoned home as it had been more than 24 hours. During the time in which the laptop reported all my location information, CompuTrace also notified LoJack on my PC that the laptop had been flagged in as stolen. Immediately, LoJack began to regularly phone in to report its location. 90 minutes after it phoned home to find the theft report, my laptop checked in again. That clearly indicated that the laptop knew something was wrong. But, according to the CompuTrace I had been flagged as staying in Sedona. The location that I was able to track it down to was slightly off from my true location, but there was no doubt that a subpoena to the ISP would have yielded the correct information; the IP that was recorded matched the IP address that I knew I was connecting to.
After my two day stay away from the internet, as mentioned I did move into a different town and I was hoping to fool CompuTrace’s systems. The joke was on me, as I was properly flagged just outside of the Grand Canyon as well. Even during my brief connection to the airport WiFi network was logged into CompuTrace! That was a connection that was supposed to be short enough to prevent my laptop from calling home, but it got me anyway…
During my stays in Sedona and the Grand Canyon areas, I also turned on my system but did not log on initially. I left the computer idle at the log in screen, hoping that LoJack would not start. Unfortunately for me, LoJack starts up as a SYSTEM process so it is one of the first processes initiated during boot up. Merely not logging in does not prevent this software from working.
Back in Columbus, my laptop had ample time to communicate with CompuTrace to reveal my location. It also had enough time to trace me down to West Lafayette as well. Overall, the information that was recorded accurately tracked me step for step when I was on vacation.
Trying to Break the Software
Throughout the trial run, I attempted to fool LoJack using several different methods that a thief might try.
- Don’t log in – Even if a thief were not able to log into your system, LoJack will still run behind the scenes.
- Connecting for short periods of time – Since the laptop only phones home every 30 minutes or so, you would think if you were on for less than 30 minutes you would not get flagged. Wrong…the laptop will connect to the internet and phone home right away if it had not called in a little while. Even if the laptop is only connected for a few minutes every once and a while, the laptop will still manage to get at least one or two calls in without the thief knowing.
- Moving around constantly – For the same reason that connecting to the Internet for short periods of time did not prevent LoJack from working, this method does not help either. CompuTrace might have a slightly more difficult time tracking you down, but LoJack still phones home often enough to reveal a thief’s location or his/her general direction of travel.
- Re-installing the Operating System – This is the only one of two methods that can potentially defeat LoJack. Fortunately, a theft is usually more concerned with pawning the laptop and does not bother to do wipe the drive. At least one hopes not. At the time of this writing, I cannot confirm that this method works but I expect it will when I test it.
- Shutting down the process associated with LoJack – This is the other method that can successfully defeat the software. Remember how I said I was able to find the process that LoJack ran under? End the process and the thief is good to go…at least until the next time that thief boots the computer. However, this is an easy scenario to avoid…just put a password on all the accounts and the thief will not be able to do this. Of course, this also requires that the thief even bothers to check for LoJack and knows how to defeat it. It is very unlikely that this could happen.
Ultimately, LoJack for Laptops is an effective security solution that gives authorities enough information to track and recover your laptop. It will provide authorities with reports that accurately pin-point your laptop, regardless of how you connect to the Internet. Almost all attempts to defeat the software proved futile. As long as you take the responsibility to put passwords on your operating system user names only the most extreme counter-method can even hope to succeed.
It runs silently in the background and very little evidence can be found that LoJack is installed. In all likelihood a thief would never know…until the police are knocking at the door to recover the laptop.
- Runs silently in the background.
- Cannot be detected unless you know exactly what to look for.
- With a little precaution and responsibility, LoJack can only be defeated with the most extreme of techniques.
- Accurately tracks your laptop and provides police with enough information to recover it.
- CompuTrace Recovery Teams take care of the entire recovery operation, file the required subpoena, and contact law enforcement.
- Runs on Windows and Mac computers.
- Does not provide a mechanism to securely erase the hard drive (but the corporate version does support this).
- Most likely can be defeated by re-installing the OS.