Adeona: For simple users and dumb thieves

Posted on August 25, 2008
Filed Under Software |

Not to pick on any one of the catch a thief in the act and Lojack style stolen laptop tracking software solutions out there (too much), but really, these solutions are designed for people who take no pains to secure their machines in the most basic sense to begin with!

If you haven’t heard the fanfare yet, there’s a new Open Source stolen laptop tracker out, called Adeona:

Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go — there’s no need to rely on a single third party.

There’s apparently no need to you know, sort of secure your user account with a password, either… If you’re running in the default security mode of automatically log me in as Joe Oftenhacked, on your operating system of choice, then yes, perhaps you’re the sort of uninformed appliance jockey that this kind of solution is designed for, and with that said, good luck getting those iSight shots of the thug who stole your precious Macbook.

If on the other hand, you actually give two shits and a Buffalo Nickel about any kind of security, you probably have a nice little password protecting your user account, and the thief is likely shit outta luck, right?

If so, then yes- these tracking solutions are likewise not going to be doing a damned thing if Mr. Thief cannot gain access to the OS and immediately hop on the WiFi at the nearest Charbucks, where he’ll pose while this cyber-sleuthy magical software snaps pictures of his filthy mug…

adeona-isight10 Adeona: For simple users and dumb thieves

To quote Adeona’s own FAQ:

What if a thief removes the software, reinstalls the OS or doesn’t connect to the Internet?

A motivated and sufficiently equipped or knowledgeable thief can always prevent Internet device tracking: he or she can erase software on the device, deny Internet access, or even destroy the device. For example, Adeona currently has no mechanisms for attempting to survive a disk wipe.

We point out that we do not believe this renders Adeona (and other location-tracking systems) useless. The Adeona system was designed to protect against the common thief — for example, a thief that opportunistically decides to swipe your laptop from a coffee shop or your dorm room, and then wants to use it or perhaps sell it on online. Such thieves will often not be technologically savvy and will not know to remove Adeona from your system. While device tracking will not always work, systems like Adeona can work, and it is against the common-case thief that we feel tracking systems can add significant value.

I think their reasoning is flawed, and the tables turned incorrectly in the statement above- the software is not designed to protect against any kind of specific thief type per se, but rather is actually designed to protect the laptops of average consumer appliance users, who don’t know how to make their machines secure in the most basic sense.

I would further argue that education in the simplest of measures:

  1. Set a password for your user account
  2. Disable automatic login into said user account
  3. Require password on screensaver and wake from sleep mode

does indeed render this software solution completely useless- nay, unnecessary even. The funny thing is that the above three steps can be performed with just a handful of mouse clicks and wee bit of typing by even the mythical Granny user who just figured out that the mouse is not a Wiimote.

Of course, this is in reference to Mac OS X and Windows based systems. Most of the Linux distributions out there do not assume the easy but grossly insecure behavior of auto-login-as, or allow a user to install or setup the OS without a password on the user account in the first place, but these solutions seldom appear for Linux systems anyway because they’re not considered by the types who use Linux.

I’d discussed this kind of stuff a couple months back with my cousin, and we had a chuckle about the various photos and videos out there of thieves caught in the act, which have been used to market this kind of solution, but what it really boils down to is this:

Do you value the data more, or the hardware?

If you’re more concerned about getting back your rhinestone-encrusted and Hello Kitty sticker bedecked Macbook Pro than the personally identifiable information of the 3000 research survey participants in the study you’re doing that lives on the machine’s disk behind no sort of security at all, then you might want to rethink your priorities altogether. Put down the laptop and back away slowly…

Your data value should always win out over the hardware value, and you should take the minimum steps to prevent compromise of your data, hardware be damned! The minimum steps are enumerated above- you start by securing your user account. The majority of thieves will have then successfully stolen a new piece of hardware (after the disk is formatted and an OS reinstalled), or the dumb thieves that Adeona caters to, will have stolen a brick, since they won’t be able to easily log in and use it.

That is, unless you’re the type of completely misinformed know it all, like Alphaman63, who commented with some half-assed Mac guru bravado on the CNet News piece on Adeona by Daniel Terdiman. Witness this sage bit of criticism to the previous commenters:

Amazing how most of the above comments are based on ignorance. I’ve been running Adeona on my Macbook for over a month now, and it’s unobtrusive, secure, and continuously on the watch. It does not only record info after the unit’s stolen. It encrypts everything it saves on the Internet. It takes photos at random intervals up to an hour apart (not 30 seconds, Dan). It does not “broadcast” the IP of the laptop, but stores it on the encrypted file store in a log file, along with ping and trace info that should help indicate where the laptop is. Only YOU can get that info off the encrypted store.

And any Mac owner who knows anything can easily set up their Mac to prevent the disk from being overwritten through a “reformat … and install”. RTFM, or even easier, boot from your installation DVD.

In that second section of the quote above, the mighty Mac maven is referring to using Open Firmware configuration settings to enable a boot password and disable booting from certain devices and to “prevent the disk from being overwritten”, but they left out the little bit of knowledge that just as easily, a thief can remove some memory and replace it in a mac, and the Open Firmware password will be reset which in turn, allows rendering all of that so-called prevention useless.

If I am missing anything here relating to why simply using the OS’s own built in security mechanisms should be all one needs to adequately secure their data against a thief too stupid to see a little green light going off every time this piece of needlessware is popping off shots with isightcapture, I can’t wait for someone who really knows a thing or two about security to weigh in with a wake up call.

Until then, I don’t think I’ll be running anything like Adeona simply because any thief without some means to easily break my encrypted data stores and strong user account password will not be compromising my sensitive data when they steal my laptop, and they’ll likely not be logging into it to get their picture snapped while chillin’ at a freaking cyber cafe, either.

But hey, this application will provide a nice, cushy, and bogus sense of security to a certain subset of computer users out in the world who largely think things like this are magic- plus, you just have to love those images and videos of the dumb thieves, right? I smell a reality show in the making! Bust the dumbass laptop thief!

Comments

2 Responses to “Adeona: For simple users and dumb thieves”

  1. Alphaman63 on September 10th, 2008 12:05 am

    Hi,

    Thanks for quoting me! ;) For the record, as noted above, I use Adeona. I also use TrueCrypt for my private/confidential stuff, as well as TimeMachine and ChronoSync to backup my system and replicate critical data.

    If I were to lose my laptop (something I\’ve never done since I got my first laptop over 20 years ago, due to fastidious care of them), I know that I\’d have little hope of recovering it, even with Adeona. Adeona would only marginally improve the odds, but it would improve them.

    The majority of laptop thefts are by opportunity thieves, and your machine will wind up in a pawn shop or sold on the street or ebay. Those are the cases where I truly doubt that someone would even know WHAT the Open Firmware password is, never mind how to bypass it. And it only takes turning on the laptop once and have it connect to the net to get a hit with Adeona. And to encourage that behavior, I\’ve got a \”guest\” account enabled, just to get them to take the easy road and connect to that coffee shop wifi to \”test drive\” their ill-gotten goods.

    And in those cases where the unit\’s stolen by someone who strips it for parts and never turns it on, I\’ve got another fallback position: homeowner\’s insurance.

    I\’m really impressed with how much you can tell about me and my computers and the care I show for them by the 34 words in my second paragraph. I was designing computer circuits, writing voice recognition programs, and testing airliners while you were literally starting your potty training.

    Your complete dismissal of a program like Adeona shows your myopic view of security. This is not an \”all or nothing\” solution — there is no such thing as a complete theft protection system. But, by doing best practices, and including different layers of security software, you can improve the odds that your private info is not compromised, and maybe, just maybe, you\’ll not only get your laptop back, but you just might get the bad guy put in jail.

    You provide lots of criticism, but no solution. Your alternative is what, to let the thief get off scott-free?

  2. brian on September 10th, 2008 9:07 am

    Hey Alphaman63,

    I really don’t know how you could possibly read my post, and then blather at length about your computing and avionics history, your homeowners insurance, and everything else unrelated, while completely missing the point, but you’ve done a bang up job!

    What’s more, you say I that I criticize the software while I not providing a solution? Kindly go back an re-read the post, sir-

    HINT: THE SOLUTION I PROVIDED IS TO DISABLE AUTOLOGIN AND SET A PASSWORD FOR THE USER ACCOUNT.

    Did you even get the point that if the thief never logs into to the machine, then something like Adeona is pretty much worthless? How then pray tell, can the thief login if one has set a password on their account and disabled the autologin feature?

    Oh- add a “guest” account to the machine?

    Congratulations and thanks! You’ve probably provided me with the best example of computing while stupid that I’ll likely read all day!

Leave a Reply