Blaze’s Security Blog

Not too long ago my buddy and colleague from Sweden, Jimmy, contacted me with reference to a word problem. A fast Google search revealed this was really a part of Absolute’s Computrace tool – an Absolute Persistence. Doesn’t ring a bell? Why would this be a problem? To begin with, there has been some glorious research by Anibal Sacco and Alfredo Ortega right here: Deactivate the Rootkit, through which they describe assaults on BIOS anti-theft applied sciences, which Absolute also presents.

This activity can be in keeping with rootkit habits, the only difference being that rootkits are usually malicious, while anti-theft technologies act as a form of safety against thieves. I counsel you to learn their publish, as it supplies glorious information as properly. I’m not going to repeat their analysis here, as it’s fairly prolonged.

Back, to our post. This was the preliminary state of Computrace within the BIOS. The setting was Enabled and the state indicated Not Activated. Enables or disables the UEFI interface to activate Computrace module. Computrace is a non-obligatory monitoring service from Absolute Software. Enables the Computrace activation. Disables the Computrace activation. Permanently disables the Computrace activation. The machine was freshly purchased and the person by no means ordered, put in and even heard of Computrace software. On this case, the reseller didn’t install it both.

I determined to contact Absolute Software to be able to get an answer as to why this behavior was occurring. Since neither of us are prospects, I used the form right here to contact them. After two days I got a reply from their customer support. It’s also value noting that many used or refurbished devices could have motherboards with a Computrace BIOS module that was activated by the previous proprietor.

  • The ability to do a zig zag stitch and drop the feed canines of your sewing machine
  • Pages – A listing of your site’s pages
  • Sweet, sweet oxygen
  • Engaging imagery
  • Have the flexibility to add textual content
  • Install full: (Image 3.10)

IMEI drivers from the producer. Once these drivers are in place, any potential Absolute software installed on the computer will correctly communicate with the BIOS and it ought to routinely deactivate itself over the course of a few days. 2. Contact the producer and request a motherboard replacement. Activated motherboards should not be re-sold by manufacturers or retailers if the necessary de-activation steps are not taken first.

Reason for seeing quite a few outgoing connections to their server might be because of their module wanting to receive directions from the server that the original license ought to now not be active, or to obtain new binaries. There’s already a superb checklist obtainable by Kaspersky, which I’m not going to repeat right here.

You could find that checklist on this hyperlink. Machines can have an altered Master Boot Record (MBR); it’s because Computrace parses the MBR and partition table – it writes some information into the sectors before the primary partition. In another embodiment, the CLM is stored in a substitute Master Boot Record (MBR), or a mixture of the foregoing. CLM or Computrace Loader Module is one among Computrace’s important modules. BIOS with one of the Function keys on your keyboard.

Typically, that is F2, however could differ. Secondly, see if any of the files talked about in Kasperky’s blog put up are operating or exist on the file system. For the complete checklist see right here, however keep in thoughts the two new further hashes added above. Note that new hashes may pop-up as well. Thirdly, community activity as mentioned in the above blog put up. With Computrace Mobile you’ll be able to decide the location of the gadget and whether or not it’s on the move. You too can freeze it to prevent unauthorized entry and ship a message to the person to validate the status of the gadget.