Microsoft security zaps laptop tracer

As Microsoft takes its first steps into the consumer PC security space, it is discovering that security software can do more than protect systems; it can also cause trouble.

Windows OneCare Live, freely available as a test version since Nov. 29, has been found to disable Absolute Software's Computrace LoJack, an application that functions like a homing device to help recover a laptop after theft.

"The OneCare product detects one of our modules as belonging to another application that it does not like, so it puts in place a defense that it does not need to," Philip Gardner, chief technology officer at Absolute Software in Vancouver, British Columbia, said Tuesday.

Once installed, Windows OneCare's flags multiple vital Computrace LoJack files as "Win32NewMalware.B" and recommends that users quarantine the files, said David Hackett, a Computrace LoJack user and OneCare tester in Edmonds, Wash.

"These files are not identifiable to users as components of Computrace LoJack, but once quarantined, LoJack will be rendered useless," Hackett wrote in an e-mail to CNET News.com. He reported the issue to Absolute Software after discovering his trouble with its product was related to OneCare.

Computrace LoJack works behind the scenes on a PC and is designed to contact Absolute Software. The laptop reports its location using any Internet connection and thus can be recovered with the help of law enforcement when stolen. With OneCare installed, the software can't make that online connection, Gardner said.

Absolute Software is readying a fix for the issue, but has also alerted Microsoft to the problem. "We believe it is their error," Gardner said.

Microsoft is aware of the issue and has, in fact, already fixed it, Samantha McManus, business strategy manager at Microsoft, said in an e-mailed statement Wednesday. "This is a known bug that was identified during the Windows OneCare Live beta process," she said, adding: "A fix was produced on Dec. 2 and all OneCare users should have it."

The problem with Computrace LoJack, known in the industry as a false-positive, is one of the bumps that Microsoft faces as it moves into the security software arena, said Andrew Jaquith, a senior analyst at the Yankee Group.

"Traditional AV (antivirus software) vendors like Symantec and McAfee have been encountering these issues for years and this is something that Microsoft is going to have to figure out," Jaquith said. "It is a bit of a black art trying to get all the security software to work together and that is where all of the big guys spend a lot of their quality and assurance dollars."

Security software is more challenging because it has to burrow deep into the operating system, Jaquith said. But discovering issues such as the clash with Computrace LoJack is exactly what beta tests are for. "I think this is par for the course at this stage in the OneCare lifecycle. I am sure they will iron all these issues out," he said.

Absolute Software's Gardner agrees. "We have to take the position that it is beta software and we consider Microsoft to be responsive to our concerns," he said. "We don't see this as a major error and we can easily deal with the impact to our customers.

OneCare marks Microsoft's long-anticipated entry into the consumer antivirus market, which has been the domain of specialized vendors such as Symantec, McAfee and Trend Micro. Two years ago, Microsoft announced its intent to offer antivirus products when it bought Romanian antivirus software developer GeCad Software.

OneCare is meant for consumers and combines anti-spyware software, which Microsoft is also publicly testing, with antivirus software, firewall software and several tune-up tools for Windows PCs. Microsoft has not announced pricing for OneCare but has said the final package, due for release next year, will be offered as a subscription service.

[aemarques]

That's why...

... this software is in beta. The idea is precisely to detect any problems before version 1.0.

[Mister C]

Any by version 12.1 . . .

They will have the current bugs worked out. Of course by the then they will have a whole new assortment of problems but hey, that's what those monthly updates are for. What is it they say about the soup sandwich? :)

[Phillep]

Great

Now that they know it can be done, how long before laptop thieves start installing something to disable both in every laptop they steal?

Laptops need a ROM in the modem to deal with this. (Idea released to anyone who wants to develop it.)

[deylat2]

Peace is good

It doesn'thappen often in this sue- happy society but thisis an exampleof fair and fruitful cooperation between software companies and that iswhat should always happen unless a predatory software geek decides todestroy a company or program he/she views as annoying byhaving succeeded

[Michael Grogan]

Twothings strike me on this

First, anyone with half a clue who steals a laptop will immediately wipe the hard drive and start fresh. Lojack is junk. Second, I'm soooo glad they finally told us where the security co.s spend all their money. It's obviously not on quality product : )

[Mister C]

Well maybe . .

I don't think people who steal laptops would know how to completely wipe a drive. Format or even Fdisk will not do it. That is, assuming the people who wrote it know what they are doing. Oops! In this case Format will probably do the job. ;)

[Mister C]

Doh!

Did anybody really expect them to get it right?

[technewsjunkie]

Duh, not Doh!

Duh.

[sancat]

such a coincidence - another vendor security software is rendered useless

Microsoft, legendary for taking advantage of their market position, with strategies of dubious legality, is trying to elbow another vendor out of the market.
M$ also wants to offer the notebook tracking service, which will allow them to spill-over many other "benefits" for the user.
Lets not be naive that this "bug" wasnt planned.

[mhex]

Thats funny.

Obviously most of the 'opportunistic' thieves that are most likely to steal aren't that smart. They usually have some kind of criminal record already. The best thing that you can do is to keep a good eye on your laptop. The 2 main places that laptop thieves frequent are airports and hotels. You just have to be aware of your surroundings. Just don't let the thing out of your sight.

I have had many friends complain that they have had their laptops stolen from their car. Well duh don't leave the bag out in the open; put it in the trunk.

While in your hotel room use a kensington cable. Usually I wrap mine around the TV and then try to stuff it in a drawer. That way it is hidden and someone would have to remove the TV to steal it. And most TVs in hotels have alarms on them that will alert the hotel staff to possible theft of their property.

All of this aside a strong encryption program such as PGP is the only read defence against theft of your data. By using commercially available tools I could backup the data using Norton Ghost from the CD-ROM drive. And then I could just load the hard drive image into VMware with networking turned off. And then I could just reformat the laptop hard drive.