4

I wanted to protect my Laptop from common theft. What I did was that I installed an anti-theft software on my Ubuntu 14.04. The guest account is enabled so that the thief can use my laptop while I track him down. Then as a honey-pot, I installed Windows 8, set up a standard user account with no password and installed the anti-theft software on it too. Now I wan't to make sure that the thief won't reformat the drive. I set the boot order to boot from the internal SSD first, and locked the BIOS. But this is ineffective as my sony VAIO has a Assist button which can be pressed when powered off to boot to a menu from which I can boot from a USB. On other laptops too, you can choose to boot another external device by pressing the Escape key or the function keys. How can I remove this big loop hole?

I don't want to encrypt the laptop because it does not have any sensitive information, and I want the thief to use my stolen laptop. Also can I configure my laptop to not boot if the SSD is changed, preferably only with a password?

If it could be locked down, then it would be a big leap in physical security, especially for organisations. A disgruntled employee could boot with a thumb drive, get root privilege to modify any configuration or binary files.

daltonfury42
  • 183
  • 1
  • 7

2 Answers2

3

One measure to seriously take into consideration with laptop theft protection is physical security. Your thief may not be tech savvy enough to avoid the traps you set, but he's got the unit in his hands already, and depending on what he wants to do with it he can always make a quick buck on the hardware alone.

In previous companies I've worked for they did have these anti-theft software mechanisms, but they almost never got our hardware retrieved when the unit was stolen from a vehicle or lifted at an airport. You should consider desk or bag locks for units like this, or simply keeping the unit with you at all times and training users to do the same thing. I've found in the past that having the unit on you in a sling bag was one of the best deterrents against laptop theft. Data backups before traveling with the unit are always a good idea too. It's a great idea to have anti-theft software in case something terrible happens, but I'd make plans for physical security a priority.

Stealth_kong
  • 314
  • 1
  • 6
2

Have you considered the possibility that a thief opens a laptop, resets the BIOS (by removing the CMOS battery)? Or that the SSD can be removed and wiped/ replaced by a different disk?

If you disregard those situations, then you can try to find an option in your BIOS Setup to disable booting from USB and configure a BIOS Setup password.

Also note that the "anti-theft" software is likely ineffective in preventing actual theft unless it starts screaming when it is taken away from a public place. In addition, unless the thief connects it to the Internet, it is also unlikely that you will get notified of this event.

Lekensteyn
  • 5,898
  • 5
  • 37
  • 62
  • I agree with your first point, but what if he was not so tech saavy? I have not seen such an option in the BIOS, but I will confirm it. Lastly, the [anti-theft](https://preyproject.com) is configure in such a way that when I flag the laptop as missing, it will request for information including location, screen shots, web-cam photos as soon as the laptop comes online, if ever it does. Something is better than nothing. – daltonfury42 Jul 05 '15 at 14:33
  • 2
    If the thief is not tech savvy, then do not expect him to press that button or boot from USB. What about preventive measures such as a Kensington lock? That is more "anti-" theft than notification software. – Lekensteyn Jul 05 '15 at 14:41