Stealth software hunts for lost or stolen computers
Cables and locks, file encryption, passwords and biometrics — they all help physically secure notebook computers and protect their data. But once the horse is gone, is there anything you can do but close the barn door?
Fortunately, stealth tracking products can trace lost or stolen notebooks. I tested three of the leading products: Brigadoon Software's PC PhoneHome, Stealth Signal's XTool Computer Tracker and SyNet Electronics' nTracker.
According to stealth tracking software vendors, FBI statistics indicate that only 2 percent to 3 percent of stolen or misplaced computers are ever recovered. The products we reviewed look to improve that rate of recovery and provide some enterprise tracking benefits.
All three products work by sending configuration and tracking information — usually in the form of an e-mail — to the software manufacturer's servers or to servers and individuals specified by the systems administrator when the computer containing the stealth tracking software connects to the Internet.
The stealth message contains information useful to law enforcement agencies in attempting to recover a lost computer, such as ownership information, the machine's current IP address and hardware serial numbers. Two of the products, PC PhoneHome and XTool Tracker, also provide support staff to help you recover lost or stolen computers.
The software we tested is compatible with Microsoft Windows 98, Me, NT 4.0, 2000 and XP. PC PhoneHome and XTool Tracker also work with most versions of the Apple Computer Macintosh operating system. The software can be used with desktop and laptop computers.
I evaluated the products based on their ease of installation and use, invisibility to users, enterprise-tracking and management benefits, and price.
For a test bed, I employed a Hewlett-Packard desktop PC running Windows 2000 Pro, an HP desktop PC running XP Home Edition and a Winbook laptop configured with Windows 2000 Pro.
Overall, installation of the products went smoothly, with only minor glitches. Most of my time was spent collecting the PC hardware and serial number information, not a difficult task for my three-PC test center, but a job that systems administrators in charge of a whole laptop fleet may find daunting. I also had to enter user registration information, including name, organization address, phone numbers and unique IDs or code words that would assist the administration of deployed computers.
XTool Tracker had the most understandable and intuitive graphical user interface (GUI) during installation. It also had the best installation options, enabling administrators to install a single client, push XTool Tracker out to multiple licensed clients, configure a package for mass deployment via third-party imaging software, such as Symantec's Ghost, or simply uninstall a pre-existing version of the application.
On the other hand, when we installed nTracker, its cryptically worded GUI and on-screen prompts forced us to repeatedly refer to the installation documents to make sense of what we were seeing on-screen.
On the positive side, nTracker's abundant documentation was easy to read. PC PhoneHome's installation was the most simple and straightforward of all three products, requiring us to fill out one brief screen, click Register and reboot.
After installation but before fully testing the software, I verified that the registration data was properly validated. An important caveat for users of stealth tracking software: Always abide by the purchased license agreements. Violation of the license agreements — for example, by deploying the same software on more PCs than your license is valid for — could prevent you from recovering a stolen laptop in court. A case can be thrown out if defense attorneys prove you violated the license agreement.
All of the vendors we tested help protect users from this problem by providing a unique license ID for each version of the software that is deployed. For enterprise deployments, software company officials typically work with your organization to ensure that license agreements are not breached.
After installing the software, I rebooted and immediately noticed an important feature of all stealth tracking software: its invisibility to the user. We did not notice PC PhoneHome, XTool Tracker or nTracker in the disk directory, Task Manager or Control Panel. All three were invisible to our scan of the Windows registry, so someone absconding with a computer would not
realize the software is armed.
The only indication I had that stealth tracking software was working was when my finely tuned software firewall detected PC PhoneHome and XTool Tracker's attempts to connect to the Internet — nTracker evaded detection completely. The firewall alert was not exactly a deal-breaker because a good systems administrator would configure the firewall to allow stealth traffic to pass through unhampered before deploying the software fleetwide.
All three applications we tested have possible drawbacks. If a laptop gets snatched by technically savvy thieves who have additional firewalls in place, they could detect and block the tracking messages. We noticed it took between 30 seconds and a minute of connection time for the applications to send their stealth
e-mail messages, so even the shortest Internet sessions are long enough to track a machine.
Although the covert nature of these applications is a plus, we also liked an overt feature that nTracker allows. Administrators can choose from three display messages that will appear on screen to a thief, ranging from "courteous persuasive" (message text: "This computer is now used by an unauthorized user. Please stop and call this number.") to "warning" (message text: "This computer has been stolen or lost. Call the owner or you may be involved in a legal problem."). It's an effective way to deter a would-be buyer of a stolen computer or to alert someone who simply found a lost laptop and wants to return it to the owner.
Unfortunately, my testing of PC PhoneHome hit a snag when I did not receive the automatic configuration e-mail in my inbox as promised. PC PhoneHome has problems with e-mail relaying, which is e-mailing yourself from your own PC, because some Internet service providers block e-mail sent through PC PhoneHome's Simple Mail Transfer Protocol (SMTP) settings.
Therefore, we did not receive the stealth e-mail containing tracking data until we switched to another connection using America Online dial-up service. Brigadoon Software officials say their next release will address this problem. I was also told that the stealth e-mail generally reaches the Brigadoon Software archive servers even if it does not reach you, so tracking a lost asset is still possible with their help.
A definite plus, nTracker avoided the mail relay problem with a built-in SMTP engine. However, because its brief activity alerted our firewall, we realized that motivated thieves could figure out a way to block nTracker's stealth signal if they suspect the software is installed.
Also to its credit, Stealth Signal's XTool Tracker automatically sends tracking information to its control center servers. Advanced users can add their own SMTP server, but similar e-mail relaying problems could occur, depending on the ISP.
Administrators of the computer fleet can then view the tracking information from anywhere online via a secure, customer-specific control panel available on the Stealth Signal Web site.
XTool Tracker takes the LoJack theft-tracking and recovery approach of these applications a step further by offering tremendous enterprise tracking and management options for administrators via the secure Web site.
XTool Tracker's level of detail is almost chilling. With just a few clicks inside the control console, I saw a world map with my location perfectly marked. With a couple of clicks, I saw detailed IP address information, including my IP address, my Ethernet card's Media Access Control address, my ISP and contact information for the ISP.
For an added cost, more enterprise tracking and management options can be enabled on the XTool Web page, such as software inventory management and detailed reporting.
XTool Tracker's $49.95 per-license, per-year price tag gave me a bout of sticker shock at first. But I ultimately had to agree the product was worth it, especially for agencies looking for a comprehensive stealth tracking and enterprise-management solution.
Two other products, the XTool Asset Manager and XTool Data Protector — individually priced at $25 and $35, respectively — work hand-in-hand with XTool Tracker to provide comprehensive enterprise features such as software inventory management and remote data encryption.
When purchased in conjunction with the other products in Stealth Signal's suite, the company offers significant savings of 5 percent to 20 percent, depending on the number of licenses and products purchased.
By contrast, the considerably less expensive nTracker and PC PhoneHome leave the enterprise tracking largely up to you. With no fancy Web interface, you must sort through the stealth e-mails sent from your deployed fleet. I did find that some configuration options can be controlled by nTracker Viewer, a separate application that comes with nTracker.
PC PhoneHome Enterprise and nTracker Enterprise are designed primarily for efficient multiple-copy installations. Although the regular versions require an administrator to enter system and ownership information on each machine, the enterprise versions have that data hard-wired into the package before delivery. That way, administrators can use push technology or imaging to install the software on many machines at once.
Lack of a Web interface was disappointing, but nTracker and PC PhoneHome cost significantly less and work well. PC PhoneHome Lite is a free application that sends stealth e-mails. But unlike purchased versions, it can be removed from the hard drive by running simple format, low-level format or fdisk procedures. These programs prepare disk drives to hold data or dictate where data is stored on the disk.
PC PhoneHome Pro, which we tested, is appropriate for individuals or small- to medium-scale installations. Unlike the Lite version, it can withstand disk-formatting procedures by blocking common disk-formatting commands, such as "fdisk" or "format." PC PhoneHome Pro has a one-time price of $29.95 with no annual fees for use. Special bundle pricing is available for the PC PhoneHome Enterprise edition.
SyNet's nTracker and nTracker Enterprise range from a one-time cost of $29.99 for a single version of nTracker to $49.99 and more for multiple computers licensed with nTracker Enterprise.
Aside from the differences in pricing, an important warning about PC PhoneHome and XTool Tracker is that they do not protect the data on a computer. A thief still has access to all unprotected data. To its credit, nTracker adds the critical ability to encrypt file directories of your choosing. Stealth Signal offers a remote data deletion service and the XTool Data Protector product to help secure data, but both of these services cost extra if utilized or purchased.
Stealth software caveats
Also, some general caveats about all stealth-tracking software: As vendors recommend, systems administrators should reset the boot sequence so a machine only boots from the hard drive and protect this setting with a supervisory password. Otherwise, someone could boot from the floppy or CD-ROM drive and possibly delete the stealth tracking software by installing another operating system.
What's more, motivated thieves could find ways to disable stealth tracking software. What's to stop a thief from simply discarding a pilfered laptop's hard drive and buying an inexpensive replacement? These alerts simply underscore that none of these software solutions are completely foolproof. All work best when used in conjunction with file encryption, password and biometric protection, and physical security measures.
As physical recovery devices, PC PhoneHome Pro and nTracker are inexpensive, effective ways to track the location of a missing computer. The programs are simple to install and manage for smaller deployments, and nTracker earns special accolades for its folder encryption and warning messages.
XTool is a more expensive answer to an agency's stealth tracking needs, but it's well worth a look for larger deployments. Its Web-based interface provides enterprise tracking options that are second to none, while the Enterprise versions of PC PhoneHome and nTracker merely remove some of the overhead associated with configuring a large mobile fleet.
Gray is a freelance writer based in Falls Church, Va.