Absolute Computrace Data Protection - FAQ

Remote Data Deletion
Absolute Computrace Data Protection

Freqently Asked Questions

Freqently asked Questions and answers about Computrace Data Protection are organized into the following categories:

Product Overview
Data Delete Overview
Computrace Agent
Connectivity
Compliance
Encryption, Cables and Other Protection Methods
Monitoring Center
Computrace BIOS-Based Agent

Product Overview

Q. What is Computrace® Data Protection?
A. Computrace Data Protection provides two main benefits – Information Technology (IT) asset management and remote data deletion. The product is centrally managed by IT, and meant for customers with large populations of remote and mobile users. For IT asset management, Computrace Data Protection gives IT staff visibility to up to 100% of their connected computer assets, including the 40% of computer assets that the Gartner Group says are unaccounted for at any given time. The remote data deletion function ("Data Delete") enables customers to remotely delete sensitive data on target computers that have been stolen or lost. It can also be used for lifecycle management to ensure that computers are left clean and free of sensitive data at the end of their life or lease.

Q. How does Computrace Data Protection remotely track and protect computers?
A. Computrace Data Protection tracks the location of your computer using a small and undetectable software agent ( "Computrace Agent"), enabling the computer to report its location to Absolute's confidential and secure Monitoring Center each day you connect to the Internet. As well as collecting location data, the Computrace Agent also collects User, Hardware and Software information to help you track and manage your remote assets. If your computer is stolen, you can set up a Data Delete request so that sensitive data on the computer is deleted the next time the computer calls in to the Monitoring Center.

Q. How do I view information about my computer assets?
A. Users (typically IT departments) are able to view various asset management modules via Absolute's online Customer Center website ("Customer Center"). These modules (or reports) allow IT to better enable their organization in the area of Secure Asset Tracking™.

Q. How does Computrace Data Protection work?
A. The Computrace technology enables you to track and manage your computer assets regardless of where they are. Here's how it works:

  1. You install the client software on your computer assets using an MSI installer, login scripts, imaging or other deployment methods – it's easy and secure. The client software is small, stealthy and hidden on the computer.
  2. Your computer reports location, user, hardware and software information to our confidential, secure Monitoring Center every day you connect to the Internet.
  3. You sign a pre-authorization agreement to activate the Data Delete feature on the Customer Center website, then specify which users ("Data Delete Administrators") are authorized to perform Data Delete. On receipt, Absolute sends RSA SecurID® keys to the Data Delete Administrators identified in the agreement. The agreement can be downloaded from the Data Delete menu in the Customer Center.
  4. You track and manage your computer assets, including remote/mobile computers, using reports, alerts and administration functions from the secure Customer Center website.
  5. If a computer is stolen or at the end of a computer's life or lease, you can use the Data Delete function on the stolen computer to keep sensitive data from falling into the wrong hands. Only an authorized Data Delete Administrator, with a SecurID key, can set up a Data Delete.

Q. How does Computrace Data Protection differ from ComputraceComplete?
A. ComputraceComplete provides a guaranteed computer theft recovery service in addition to the IT Asset Management and remote data deletion features of Computrace Data Protection. Computrace Data Protection may be the right choice for you if the recovery of the stolen/lost asset is less important to you than the need to comply with federal regulations and protect sensitive data on your computer assets – by deleting the data before it gets into the wrong hands.

Data Delete Overview

Q. What is Data Delete?
A. The remote data deletion function ("Data Delete") enables customers to remotely delete sensitive data on target computers that have been stolen or lost. If your computer is stolen, you can set up a Data Delete request so that sensitive data on the computer is deleted the next time the computer calls in to the Monitoring Center. It can also be used for lifecycle management to ensure that computers are left clean and free of sensitive data at the end of their life or lease.

Q. With which products is Data Delete available?
A. Data Delete is available with the ComputraceComplete, ComputracePlus and Computrace Data Protection products.

Q. How do I use Data Delete?
A. Data Delete must first be pre-authorized for your account

Q. How do I pre-authorize Data Delete for my computer assets?
A. Signing officers from your company must first complete and return a pre-authorization agreement to Absolute (speak to your Sales representative or download the agreement from the Customer Center Data Delete or Documentation menu) that identifies the personnel, authorized to perform Data Delete ("Data Delete Administrators"). On receipt, Absolute sends RSA SecurID® keys to the Data Delete Administrators identified in the agreement. Once received, Data Delete can be setup without any further involvement from Absolute.

Q. Once Data Delete is pre-authorized, how do I request Data Delete?
A. When a computer is lost or stolen, or when it's ready to be disposed of or returned to a leasing company, and you wish to delete data on the remote computer, you can initiate Data Delete as follows:

  1. An authorized Data Delete Administrator, with an RSA SecurID key, logs into the Customer Center using their Customer Center login and selects the computer for deletion, validating the selection with their SecurID key.
  2. When that computer next connects to the Internet, the Data Delete operation will be launched. When the Data Delete completes, a logfile, containing a list of deleted files and directories, is uploaded to the Customer Center
  3. An authorized Data Delete Administrator logs into the Customer Center, notes that the Data Delete is complete and views the logfile to confirm the deletion

Q. Can the data be recovered once it's been deleted?
A. No. The data is not recoverable as the Data Delete operation uses an algorithm that exceeds the United States Department of Defense (DoD) deletion standard DOD5220.22-M and meets the NATO deletion standard.

DOD5220.22-M is a United States Department of Defense specification for wiping disk storage to guarantee that all data previously contained on that magnetic media is permanently erased. When most computers delete a file, the computer does not actually remove the contents of the file but rather simply unlinks the file from the file directory system, leaving the contents of the file in the disk sectors. This data will remain there until the operating system uses those sectors when writing new data. Until the old data is overwritten (and this may take months or longer) it can be recovered by programs that read disk sectors directly, such as forensic software. In addition, even if a sector is overwritten, the phenomenon of data remanence (the residual physical representation of data that has been in some way erased) can make deleted data forensically recoverable.

In order to be sure that a deleted file really is deleted, it is necessary to overwrite the data sectors of that file. This process is not simply "erasing" or "formatting" the drives; this is not sufficient, as there are numerous tools available to recover "lost" data on disk drives.

This specification requires that every single location on a magnetic media device is written to three individual times, first by writing a fixed value (0x00) once, then its complement value (0xff) once, and finally random values once.

Absolute's Data Delete algorithm exceeds this standard by overwriting the data 7 times (rather than 3) and by performing additional operations. The algorithm:

  • Overwrites the target area 7 times – the first 6 writes with an alternating pattern of 1s and 0s and the final write with a random value
  • Writes random data to the file
  • Changes the file attributes to "directory"
  • Changes file date/time stamp to a fixed value
  • Sets the file size to "0"
  • Changes the file name to a randomly-generated file name
  • Removes the new file name from the directory

Q. How do I know if the Data Delete was successful – Is there an audit log?
A. Yes - The Data Delete process creates an audit log verifying which files have been deleted. This audit log will be uploaded to the Monitoring Server and will be available within the Customer Center.

Q. Do I have to delete the whole drive or can I choose specific files or directories?
A. The Data Delete service is currently offered with 3 levels of Data Delete:

  1. File- or Directory-Specific Data Delete (PC Only) – User chooses specific files, file-types and/or directories to be deleted – the computer will remain operational after the Data Delete process, assuming the user does not delete OS directories. For instance, you could choose to delete everything in the "My Documents" directory and all Word, Excel, Powerpoint and PDF documents, regardless of where they are on the drive. To use the File/Directory level option, you must first create a Data Delete policy from the Administration->Data Delete menu.
  2. Full Data Delete Excluding the Operating System (OS) – all files excluding the OS removed from the hard drive – the computer will remain operational after the Data Delete process
  3. Full Data Delete With Operating System (OS)– all non-OS files and some of the OS files removed from the hard drive. All user files (including programs and data) will be wiped and enough of the OS files to stop the computer from booting but some OS files will remain. The computer will not be operational when the Data Delete process completes.

In the case of a full deletion with OS, the Data Delete is a 2 phase operation – first all files except the OS are deleted, a logfile is uploaded listing all the files deleted and then the OS deletion is launched. As the Computrace Agent will not be able to call once the OS deletion is in progress, the Data Delete is set to Complete after the non-OS deletion is complete.

Q. Which operating systems support Data Delete?
A. The Data Delete service (and the Computrace Agent) is currently offered on the 32-bit versions of Windows 2000, XP, Windows Server 2003 and all 32 and 64 bit editions of Windows Vista, and on Mac OSX10.2, 10.3 and 10.4. It is not supported on Windows ME, 98 or 95. Furthermore, the computer must be running Computrace Agent version 804 or above.

Q. Will Data Delete run on connected USB Drives, network drives or other external drives?
A. No. Data Delete will only run on local hard drives.

Q. What if there are multiple partitions on the hard-drive?
A. Data Delete will delete multiple partitions dependent on which level of Data Delete is selected.

Q. What safeguards are in place to ensure that only authorized users can launch Data Delete?
A. A number of checks and balances have been put in place to ensure only those personnel whom the Corporation authorizes are entitled to request the Data Delete service. Firstly, the signing officers of the company specify, in the Data Delete pre-authorization agreement, the Administrator-level Customer Center users ("Data Delete Administrators") who are authorized to request a Data Delete. Secondly, these Data Delete Administrators are provided with a physical RSA SecurID token. To initiate the Data Delete from the Customer Center, the Data Delete Administrator logs in, launches the Request Data Delete screen, selects the computer and Data Delete options, enters the value on the RSA SecurID token display (which changes every 60 seconds) and then re-enters their Customer Center password to validate the Data Delete request.

To sum up, the following safeguards are in place to prevent unauthorized Data Delete requests being performed:

  1. A Pre-Authorization agreement must have been completed in full and signed, with originals sent to Absolute for the Data Delete request screen to be visible in the Customer Center.
  2. The logged in Customer Center user must have been identified as an Authorized Data Delete administrator in the Pre-Authorization agreement.
  3. The logged in Customer Center user must have Administrator-level access to the Customer Center.
  4. The logged in Customer Center user must have obtained a physical RSA SecurID key-chain token from Absolute. The token is linked to a specific Customer Center user and is not interchangeable between different users in an account or between different accounts.
  5. The password entered by the Customer Center user on the Data Delete request screen must match the password for the current logged in Customer Center user.
  6. The RSA SecurID token value (time dependent) entered on the Data Delete request screen matches that on Absolute's SecurID server for that specific Customer Center user.

If all the above conditions are satisfied, Data Delete will be set to run for that computer on the next Computrace Agent call. In addition to these safeguards, an email is sent to the signing officers on the Pre-Authorization agreement when a Data Delete is requested, launched and completed.

Q. What is an RSA SecurID key/token and how does it work?
A. The RSA SecurID® solution is the world's leading two-factor user authentication system, relied on by thousands of organizations worldwide to protect valuable network resources. Used in conjunction with RSA® Authentication Manager and RSA® Authentication Agent software, an RSA SecurID Authenticator functions like an ATM card. Network and desktop users must identify themselves with two unique factors—something they know, and something they have—before they are granted access. RSA SecurID Authenticators are as simple to use as entering a password, but much more secure. Each end user is assigned a token which generates a new, unpredictable code every 60 seconds. The user combines this number with a password/PIN to log into protected resources.

Each RSA SecurID Authenticator has a unique symmetric key that is combined with a powerful algorithm to generate each new time-based code. Only the RSA Authentication Manager knows which number is valid at that precise moment for that specific user/authenticator combination. See http://www.rsasecurity.com for more details.

Q. Can Absolute run Data Delete on my computers without my permission?
A. No. Absolute cannot run Data Delete as it requires both a Data Delete RSA SecurID token, which only the customer possesses, and a login/password.

Q. Could a rogue Absolute employee with direct access to the DB server, launch Data Delete via a backdoor?
A. No. To invoke a Data Delete command, the customer needs the login, their password and the unique password generated from their RSA SecureID token. The token produces a randomly generated password that changes frequently and is synchronized with the server. Only the owner of the RSA SecureID token is able to login to the account and invoke a Data Delete command.

Q. What if the assigned Data Delete Administrator leaves the company and takes the RSA token?
A. You should ensure that you remove the Customer Center login (from the Admin->Users menu) when any employee who uses Customer Center, leaves your company – and this is especially important if that person is an approved Data Delete Administrator. You should also contact Absolute to update the pre-authorization agreement (see the pre-authorization agreement for more details). Absolute will also unassign the token and assign a new token to a new Data Delete Administrator if required. Note that there's also a "panic" button in Customer Center Administration menu under Data Delete - called "Disable Pre-Authorization" – this will cancel any outstanding Data Delete request and remove the ability for any new requests to be setup. The same thing can be achieved by calling Tech Support, who can also disable the pre-authorization. To re-enable the authorization, you'll need to contact Absolute.

Q. How can I evaluate Data Delete without a token?
A. The process is as follows:

  • Contact Absolute to get an Evaluation account setup – you will then be provided with an administrator level login to Customer Center and access to the Computrace agent
  • Install the agent on the computer being used to evaluate Data Delete
  • Have your company's Signing officers sign the Data Delete pre-authorization agreement (available in Customer Center Documentation section) and send to Absolute specifying the authorized user's Customer Center login (this will be the Data Delete Administrator)
  • The pre-authorization agreement will be entered into our internal system and an evaluation token will be assigned temporarily to your account – Absolute will contact you and set a time for the evaluation
  • At the appointed time, Absolute will guide you through the process of logging into Customer Center and setting up a Data Delete request – when you're prompted for the SecurId token value, Absolute will provide it over the phone (In a real-world non-evaluation situation, you would have the token and NOT Absolute). Note that the Data Delete Administrator must still enter the SecurID token value under their login, although an Absolute employee will read the token value over the phone.
  • Agent makes a call and Data Delete is launched – the status can be viewed from Customer Center - when complete a logfile is uploaded to Customer Center and can be viewed

Q. Is my data protected if the thief never logs onto the Internet?
A. Currently no, but the reality is that the vast majority of stolen computers find their way back onto the Internet fairly Quickly, so Data Delete can be activated. Additionally, Absolute is currently looking into adding offline protection for data without the need for an Internet connection. If you have specific security functionality you are interested in implementing, please provide your feedback to Absolute's Sales department.

Q. If a thief reloads the operating system, why do we need Data Delete, since the data will be deleted anyway?
A. Internal theft accounts for up to 80% of all laptop thefts. In such a scenario, the user will know all the passwords and will not need to reinstall the operating system. When an operating system is reinstalled, on the other hand, the sensitive data has not been fully removed and there are many widely available tools that can be used to recover the data. Data Delete will remove the data to Department of Defense specifications, ensuring the data can not be recovered. Also, performing a Data Delete on a stolen computer also provides the customer with an audit of what files have been deleted. This verification is very important in terms of regulatory compliance.

Q. Is the Data Delete feature mainly for internal theft?
A. Not necessarily. To many organizations, protecting the sensitive data on the computer is more important than recovering the actual computer. Data Delete will provide this data level protection even after a common thief reinstalls an operating system.

Q. How long does it take to perform a Data Delete?
A.The time it takes to perform a Data Delete varies according to the amount of data to be deleted and the speed of the computer but it takes longer to delete files than a normal (Operating System level) delete because of the thoroughness of the Data Deletion algorithm. Typically, a Data Delete can take anywhere from 2 minutes to 10 hours.

Q. Can a Data Delete be stopped?
A. Once the Data Delete process has begun, it can't be stopped. If a computer is rebooted during this time, the Data Delete process will continue where it left off. If Data Delete has been scheduled on a stolen computer, but hasn't yet been initiated, you can cancel the Data Delete process from the Customer Center.

Q. Can I purchase Data Delete on its own?
A. No – Data Delete is only available as part of the Computrace Data Protection, ComputraceComplete and ComputracePlus products.

Q. There appear to be many Data Delete statuses – Can you explain what they are?
A. A Data Delete goes through a number of statuses during its lifecycle:

  • requested – The request has been submitted and is a transition state while Data Delete is set up – this state is not usually seen as requests will almost immediately show as "Set Awaiting Call"
  • Set Awaiting Call - A Data Delete request has been created and set for launch on its next call to the Monitoring Center. In this state, the request can still be cancelled.
  • Launched – The Computrace Agent has called the Monitoring Center and the Data Delete client has been downloaded and launched – the Data Delete is in progress. The request cannot now be cancelled.
  • Completed – The Data Delete has completed and a logfile, showing the deleted files, has been uploaded and can be viewed in Customer Center.
The normal Data Delete status lifecycle is: requested-> Set Awaiting Call -> Launched -> Completed.
Other statuses are:
  • Draft – A Data Delete request has been created but left in a draft (holding) status – in this state, it can be deleted or set to requested
  • Cancelled – A Data Delete of status "Draft" or "Set Awaiting Call" was cancelled prior to the launch of Data Delete
  • Failed – The Data Delete failed – please contact Tech Support
  • Cleared – The computer was recovered before Data Delete was launched and has been cancelled by the Absolute Recovery team

Q. Are any alerts created when Data Delete is setup?
A. Yes – emails containing details of the computer, the deletion options and the requestor are sent to the requestor (Data Delete Administrator), the 2 signing officers specified on the pre-authorization agreement and to Absolute's Recovery team at 3 different points during the Data Delete lifecycle:
1) When the Data Delete is requested and its status is set to "Set Awaiting Call"
2) When the Computrace Agent calls and the Data Delete status is set to "Launched"
3) When the Data Delete completes, the logfile is uploaded and the Data Delete status is set to "Completed"

Q. What the perpetual Data Delete option and when should I use it?
A. Normally, if Perpetual Data Delete is not chosen (default), Data Delete is cleared when Data Delete completes and the logfile is uploaded. If the Computrace Agent calls again, Data Delete will not run again. In a theft situation, this usually makes sense as sensitive user data is gone after the initial deletion and subsequent deletions would just delete the thief's data, which may cause the thief to dump the computer and/or delete potential forensic evidence.

If Perpetual Data Delete is set, Data Delete is NOT cleared after the 1st deletion and will be launched again on every subsequent agent call and the end user will not be able to stop it. Even after a Data Delete with O/S, if the O/S is reinstalled, the Computrace Agent will restore itself and call and then launch Data Delete again. It essentially makes the computer inoperable and should thus be used with care.

Note that Perpetual Data Delete is not available for File/Directory level deletions and is available only if the Data Delete reason is "Stolen/Lost"

Q. Can I run (non-perpetual) Data Delete many times on the same computer?
A. Yes. Once Data Delete has been completed, it can be launched again. This could be used if a file/directory level deletion was chosen and some files or directories were left out of the original list – or to do a file/directory level deletion (to delete more sensitive files first) followed by a full-disk file deletion.

Another reason might be to repeatedly use the file/directory level deletion to enforce policy but it should be noted that Data Delete removes files – it doesn't do a clean uninstall of programs.

Q. Sometimes the "Choose" computer button on the Data Delete request screen shows all computers (ESNs) and sometimes it just shows computers that have a theft report created. Why?
A. It's linked to the Data Delete reason and whether the product purchased includes theft recovery.

If you choose a Data Delete reason of "Stolen/Lost" and you have a product that includes Absolute's theft recovery service (ComputraceComplete, Computrace Professional or ComputracePlus), you must create a theft report before you create a Data Delete request. Thus if the Data Delete reason = Stolen/Lost, then the Choose Computer list just shows ESNs with a theft report created.

If you choose a Data Delete reason of "Stolen/Lost" and you have a product that does not include the recovery service (Computrace Data Protection), there is no "Report A Theft" option and a theft report is not present even if the Data Delete reason = "Stolen/Lost".

If you choose a Data Delete reason of "End of Lease", "Retiring" or "Other", a theft report is not required regardless of the product purchased.

Q. Do I need a police and/or theft report to create a Data Delete?
A. in a theft scenario (DD Reason = Stolen/Lost), where a product with the theft recovery service (CT+, CTC, CTPro) has been purchased, the customer can create an Absolute theft report and then setup a Data Delete before they get a police report - and when they get the police report, they can go back and update the theft report.

And if the Data Delete request is not as a result of a theft (DD Reason = End of Lease, Retiring, Other), neither a theft report nor a police report is needed.

Computrace Agent

Q. Can the Computrace Agent be removed?
A. The Computrace Agent is extremely difficult to remove. The Computrace software incorporates a self-healing technology that we call "persistence", which essentially rebuilds the agent software installation even if the agent service is deleted by conventional means. The self-healing function is not resident within the file system and is more difficult to detect and remove than "normal" software. The persistent and self-healing portion of the software is difficult to remove because it is stealthy. The software can normally only be removed by a request to Absolute's Technical Support department. The self-healing feature will repair a Computrace installation in newly formatted and installed operating systems as well as freshly imaged systems. This "persistent" design is maximized in laptops with the persistence module in the BIOS (see later section – Computrace BIOS based agent).

Q. What needs to be in place for the agent to be persistent?
A. There are two levels of persistence for the Computrace agent. The highest level of persistence occurs when the persistent module is embedded into the BIOS of the computer. In this solution, there is no additional hardware or software configuration needed for the agent to be persistent. Computers that do not have the Computrace agent embedded into the BIOS will have the software version of the persistence module installed in the partition gap on the hard drive.

Q. Can the Computrace Agent be detected?
A. The Computrace Agent is very difficult to detect. The Computrace software runs as a non-descript service, and is not listed as an application. As well, the product does not show up on the programs menu listing or as a system tray icon.

Q. What is the footprint, or size, of the agent?
A. The Computrace agent has a very small footprint, requiring less than 100Kb of disk space.

Q. Will the agent degrade our network, or clog it up?
A. Computrace agent communications require very little bandwidth and should have a negligible effect on your network traffic. A typical agent call requires less than 200Kb of bandwidth.

Q. Is the agent easy to install?
A. The Computrace agent is very easy to install as the installer is a standard Microsoft MSI install package. The agent can also be easily installed on a corporate image or deployed using standard deployment tools such as Active Directory or logon scripts.

Connectivity

Q. How often does the Computrace Agent contact the Monitoring Center?
A. The call frequency is typically set to once daily and is automatically reset to call every 15 minutes after a computer has been reported stolen.

Q. Can the Computrace Agent work through firewalls (including personal firewalls) to reach the Internet?
A. Yes. Our paradigm for our customers is, "If you can browse, Computrace will work." Our goal is as close to zero-configuration as possible. In some configurations, older versions of the Computrace agent require the user to permit Internet access the first time it attempted to contact the Monitori