Thread: Absolute Computrace
View Single Post
  #2  
Old August 14th 14, 07:24 AM posted to alt.comp.periphs.mainboard.asus
Paul
external usenet poster
  
Posts: 13,364
Default Absolute Computrace
B00ze wrote:
Good day.

Anyone know if ASUS BIOS'es contain "Absolute Computrace" module?


I found an article here.

"Absolute Computrace revisited"

http://securelist.com/analysis/publi...ace-revisited/

That should give you some good starting materials.

*******

And a site search, as in...

site:asus.com computrace

does find examples in their forums. It seems to show up
in the laptop forum. vip.asus.com includes retail motherboards by
model number, as well as some forums for laptops. The rog.asus.com
is the Republic Of Gamers forum, which is for computing products
designed for gaming.

http://vip.asus.com/forum/view.aspx?...Language=en-us

"This model comes with Computrace in Bios. Difficult to
eradicate, but tries to access internet at least daily
regardless of what you are doing to trace your location
(Big brother is watching). Can not eliminate since BIOS
rewrites to disk if delete files. Best trick I have seen
is to READ protect computrace files against all users in
Vista security. Therefore, present, but can not access to run."

http://rog.asus.com/forum/archive/in...p/t-35469.html

"So I just received back my g750jw after over a month of repeated RMA orders.

They replaced the motherboard and as of now it is able to turn on and runs ok.

But here's the weird part: the first thing that pops up is
AVG telling me that rpcnet.exe in system32 and syswow64 if a
trojan trying to **** with my system. This is bizarre ..."

That last example is particularly interesting. It seems to suggest
the mere replacement of the motherboard, likely running a different
BIOS version, was enough to activate Computrace (Lojack).

The above Securelist article shows it being in the PCI rom add-in space.
But with UEFI, who knows where it is hiding, as UEFI is
an order of magnitude more intrusive. Companies are just
beginning to use/abuse UEFI, which means a steep
learning curve for us out here.

While I'd like to think Computrace is only on laptop motherboards,
there really isn't any way to be sure. If we were still in
legacy BIOS days, I'd recommend using mmtool or similar, and
picking apart the BIOS modules and identifying what they do.
I've never seen anything like that in the few motherboards
I've dissected the BIOS on. But with a UEFI BIOS, I wouldn't
even know where to begin, what tool to use.

I was always curious about LoJack as a product, as the
notion of adding code to a BIOS (while LoJack is being
installed) seemed dangerous. But if the bootstrap module
is always there, that makes the whole thing
seamless... and scary.

Paul