To LoJack or not to LoJack?

[MacBookGal]

How many people on here use LoJack? I have been thinking about getting it to install on my MacBook. There are a couple of things that concern me about it though.

1............I am wondering if it really works.......Wouldn't most thieves know how to get around it? The company says that it is really hard to disable, but I have heard that it can be done by re-installing the OS.


2...........How much of my personal info can those guys at the LoJack command center get from my computer? If they have the administrative capability to clean the hard drive, then I would think that they would also be able to see a lot of my files. They advertise it as being big brother on your side, but I am wondering if it could also be big brother into your business.....lol.


Maybe I am just being a little paranoid about security....or not being paranoid enough by not getting lojack yet, but I would love to know of other people's thoughts and experiences with using it.

[Mikey-San]

I don't know anything about that service or product, but if you want to protect your data from prying eyes, you should store it on an encrypted disk image with a strong password that you do not store in the Keychain.

[wdympcf]

I'm not a thief, but if I were one, I think I would be smart enough to take the laptop offline. Regardless of whether I was after your information, or whether I was just after the hardware, I wouldn't connect online and risk detection until I had clean installed the system. So, I'm not too sure how valuable this service is. I guess it would protect against dumb thieves who don't know much about computers. But then, those thieves aren't likely going to be the ones after your data. They're just going to be after the hardware.

As far as the value of being able to remotely delete the data, file encryption would provide your data with far more security. No need to worry about remotely deleting your data. The thief would die long before they cracked a well implemented AES file encryption.

For most businesses, the big cost is theft or loss of data, not the loss of hardware. So provided that you backup your data regularly to an offsite location, and you encrypt your files, you should be well protected from data theft/loss.

[J Christopher]

Quote: Originally Posted by wdympcf The thief sun[*] would die long before they cracked a well implemented AES file encryption.

There, I fixed it for ya!








*Sun courtesy of Mikey-San

[Mikey-San]

Oh come on, no imagination?

http://forums.macosxhints.com/showpo...63&postcount=8

[Las_Vegas]

Fortunately, most thieves aren't very smart. I use a service called UnderCover that starts sending me info about the thief as soon as they connect to the net including their IP address, screen shots and iSight photos. If they are smart enough not to connect to the net, after a little while the software fakes a hardware failure by gradually fading the screen until it's unreadable. The theory is that when this happens they will take the computer to a repair center or sell it. As soon as the computer sees a new IP address after this process, it will display a "Stolen" message offering a reward for the computer's return.

Using this along with a secure password for the Admin account, a fairly free Guest account (can't change settings) to help catch the thief and firmware password preventing drive erasure/replacement, I have a fair chance of getting may Mac back.

[J Christopher]

Quote: Originally Posted by Mikey-San Oh come on, no imagination?

Nope. Sorry. It's a major failing, I know. I'll make I made corrections in the post.

[wdympcf]

Quote: The sun would die long before they cracked a well implemented AES file encryption.

That of course assumes that humans never develop quantum cryptography in the next billion or so years. That might be a bit of a stretch! In fact, the thief dying might even be a bit of a stretch if there is a break-through in quantum computing any time in the next couple decades!

[tw]

I find myself wondering why Apple never implemented a deep solution (e.g., an online database that would keep the MAC addresses of stolen computers, and a routine built into the System that would periodically check the database and notify Apple it it found itself on the list). that would make stolen computers usable only offline, and couldn't be stopped by a simple erase and install, no?

[iampete]

Quote: Originally Posted by tw . . . a routine built into the System that would periodically check the database and notify Apple it it found itself on the list . . .

Sounds positively Microsoftian !!!

While the concept might have some merit, the PR effects of Apple computers always phoning home would likely be horrendous - it'd be like Apple changing sides (re: the 1984 ad).

Workarounds, e.g., LittleSnitch type programs, could probably be developed to defeat it. Also, given the absolute number of stolen computers when compared to the total, it's probably more of a headache than it'd be a valid selling point (unless it's your computer that got stolen).

[styrafome]

Quote: Originally Posted by tw I find myself wondering why Apple never implemented a deep solution (e.g., an online database that would keep the MAC addresses of stolen computers, and a routine built into the System that would periodically check the database and notify Apple it it found itself on the list). that would make stolen computers usable only offline, and couldn't be stopped by a simple erase and install, no?

Probably one reason Apple doesn't do this yet is, well, imagine you make millions of computers AND you provide such a service. That's a hell of a lot of support/liability to take on. Every time a Mac gets stolen, your company gets a desperate phone call. Your company now stands at the center of an angry customer, law enforcement, and some criminal. Not a real great addition to one's lean, efficient, high-tech business model. Now, I'd love it if Apple did, but I can totally see why they would choose not to. Plus as said above, users generally lynch a company that phones home, even for the most innocuous of reasons.

[Mikey-San]

Quote: Originally Posted by wdympcf That of course assumes that humans never develop quantum cryptography in the next billion or so years. That might be a bit of a stretch! In fact, the thief dying might even be a bit of a stretch if there is a break-through in quantum computing any time in the next couple decades!

Some researchers believe that 256-bit keys will never be brute-forceable by humanity. The size of this number is way, way larger than most people are capable of comprehending.

[wdympcf]

Quote: Some researchers believe that 256-bit keys will never be brute-forceable by humanity. The size of this number is way, way larger than most people are capable of comprehending.

Mikey-San, you'll need to do some reading up on quantum computing to see why the size of the number is not nearly as much of a deterrent to a quantum computer. Quantum computers superpose all states simultaneously, so they do not operate in the quasi-linear fashion that conventional computers do. Quantum algorithms can reduce the cryptographic problem to polynomial time - conventional algorithms, no matter how well crafted, cannot do that.

That being said, I'm not a cryptography expert, so I can't say how powerful a quantum computer would have to be in order to crack a 256-bit key. There are also many skeptics who believe that quantum computing is a pipe dream. I guess we'll just have to wait and see.

[schwartze]

I would personally skip any lojacking of my computer and just get renters/home owners insurance. This covers the cost of a new computer and any programs on it and as long as you have backups you have all of your data.

Let the police worry about who took your laptop and wiped it to try and sell it. Unless targeted for the data on your laptop I am guessing the theif doesn't care too much about it since they can't sell it with all that info on it.

[wdympcf]

I think schwartze is right. One way or another, you're paying for insurance - lojack is just another type of insurance. Encrypting your data, backing it up securely and having a good home/business insurance policy will give you more protection than lojack.

[Mikey-San]

Well like I said, "some". Not "all". I make no definitive statements as to the future power of quantum computing being able to perform any task, because we're barely in the infancy stages of quantum computing today. There are some who don't even think large-scale quantum computing is possible, but without deeper knowledge, I hesitate to voice my opinion on that. Last I heard, researchers had successfully stored and retrieved 1 qubit. That's a good sign.

Perhaps in the future, this will go from the experimental stages to "holy crap crypto as we know it is completely broken". From what I have read, just about everyone agrees that to attack these incomprehensibly large key spaces, we will probably need a solution along the lines of a quantum computing breakthrough.

[wdympcf]

I believe that D-Wave has demonstrated a 28-qubit system

Quote: I make no definitive statements as to the future power of quantum computing being able to perform any task, because we're barely in the infancy stages of quantum computing today. There are some who don't even think large-scale quantum computing is possible, but without deeper knowledge, I hesitate to voice my opinion on that.

I have several friends who work for D-Wave, and despite their apparent success above, I am quite skeptical about the scalability of their methods. You are right that scaling presents a large problem for quantum computers. It is not quite as simple as just adding more digital logic gates in a conventional IC. You have to deal with coupling and coherence issues as well.

To put it into context, I was only trying tongue and cheek above when I brought up quantum computers. I was not trying to inject this into the dialog. Edit > Undo hijack...

[MacBookGal]

You guys are so funny. Now every time I encrypt a file on my computer, I am going to envision a dead, mummiefied thief...........sitting there in the dark because the sun has died...........with his mummy hands propped up on the keyboard............still trying his best to get into my computer files a million years from now.

Seriously, thanks for the input, everyone. I didn't know about the UnderCover service. I like the idea of it taking screenshots of the thief every 6 minutes. Their website says that it is not an expensive piece of spyware so I guess that people just have to take their word that it and LoJack isn't. My computer is covered by insurance. I guess the main reason LoJack interests me is that the very idea of a thief getting away with stealing my computer makes me mad. I hope that it never happens, but I live outside of a very high crime city that I often have to attend meetings in. Last year someone stole a SLR camera out of my vehicle when I left it for just a few minutes to go into a store. This made me so mad that I wanted to see if there was a to install a tracking device on my laptop, so that if it was ever stolen, I could get my shotgun and go after the person who did it.....LOL....not really!

If they do come out with a quantum computer that is capable of doing something that amazing, hopefully anyone who is dumb enough to be a thief would not be smart enough to use it. ....Would he?