logo


Absolute Refutes Claims of BIOS Vulnerability
Friday, July 31, 2009 7:49 PM


VANCOUVER, July 31 /CNW/ - A paper presented at the Black Hat security conference in Las Vegas (July 2009) by Alfredo Ortega and Anibal Sacco alleged certain vulnerabilities in Absolute(R) Software Corporation's Computrace(R) system that purportedly could be exploited to allow control of a device by unauthorized persons. Absolute maintains that these allegations of vulnerability are unfounded and systems with Computrace are secure.

Computrace is not a rootkit and is not rootkit-like in behavior. Contrary to the authors' statements, Computrace by design does not attempt to hide in the operating system or to evade control or modification of its settings by the system administrator. The system administrator always maintains management and control over the Computrace Agent. Our strength as a security solution relies on our ability to persist into clean installs of the operating system.

Our BIOS module allows no special undetected path into the operating system. Uncontrolled access to a computer system may allow some BIOS images to be tampered with by an expert. Attempting to alter the Computrace BIOS module for malicious purposes will not defeat conventional detection as claimed by the authors. Any alteration to the BIOS module will cause any popular antivirus software to alert the customer. More importantly, if the BIOS of a computer has been compromised by an attacker, that machine is exposed to innumerable other vulnerabilities far beyond the scope of the Computrace BIOS module. The presence of the Computrace module in the BIOS in no way weakens the security of the BIOS. 

To clarify how Computrace operates:
-   Computrace-equipped computers are shipped from the manufacturer with
    the BIOS module turned off. The Computrace BIOS module is activated
    by the installation of Absolute software by our customers, and is
    never forced upon any user. Computrace is designed to be activated,
    deactivated, controlled and managed by the customer using encrypted
    channels.
-   If a valid Computrace installation is removed or damaged the
    persistent BIOS module will self-heal and restore the software and
    administrator's settings.

The one example of BIOS stub code, version 785, given in the report is not active in any BIOS to our knowledge. Our earliest released version of the Computrace BIOS module was version 802 over five years ago. Even if the BIOS vendor inadvertently included inactive dead code in the build of the BIOS examined, Absolute has no method to activate this version and it cannot be exploited by a malicious attacker.

On behalf of our customers, Absolute is committed to combating computer crime and data theft in concert with our major PC OEM partners. Absolute offers a unique solution to the increasing need to track, manage and protect mobile computers.



Related Stories





Subscribe to Email Alerts

 
(0)
No Comments
Post Comment
Name:  
Alert for new comments:
Your email:
Your Website:
Title:
Comments:
   
 
 
 
 
   
 

  
Related Press Releases
Advertisement
Popular Articles
Advertisement
Partner Center
Home | Login |Research | Earnings | Scans | Chat Rooms | Charts | Submit Article | Join Blog Network | Advertise | Subscribe to RSS

copryright 2009 all rights reserved
Fundamental data is provided by Zacks Investment Research, market data is provided by AlphaTrade. , and Commentary and Press Releases provided by Quotemedia