Vancouver, BC: July 31, 2009 - A paper presented at the Black Hat security conference in Las Vegas (July 2009) by Alfredo Ortega and Anibal Sacco alleged certain vulnerabilities in Absolute® Software Corporation’s Computrace® system that purportedly could be exploited to allow control of a device by unauthorized persons. Absolute maintains that these allegations of vulnerability are unfounded and systems with Computrace are secure.
Computrace is not a rootkit and is not rootkit-like in behavior. Contrary to the authors’ statements, Computrace by design does not attempt to hide in the operating system or to evade control or modification of its settings by the system administrator. The system administrator always maintains management and control over the Computrace Agent. Our strength as a security solution relies on our ability to persist into clean installs of the operating system .
Our BIOS module allows no special undetected path into the operating system. Uncontrolled access to a computer system may allow some BIOS images to be tampered with by an expert. Attempting to alter the Computrace BIOS module for malicious purposes will not defeat conventional detection as claimed by the authors. Any alteration to the BIOS module will cause any popular antivirus software to alert the customer. More importantly, if the BIOS of a computer has been compromised by an attacker, that machine is exposed to innumerable other vulnerabilities far beyond the scope of the Computrace BIOS module. The presence of the Computrace module in the BIOS in no way weakens the security of the BIOS.
To clarify how Computrace operates:
Absolute Refutes Claims of BIOS Vulnerability
- Computrace-equipped computers are shipped from the manufacturer with the BIOS module turned off. The Computrace BIOS module is activated by the installation of Absolute software by our customers, and is never forced upon any user. Computrace is designed to be activated, deactivated, controlled and managed by the customer using encrypted channels.
- If a valid Computrace installation is removed or damaged the persistent BIOS module will self-heal and restore the software and administrator's settings.
The one example of BIOS stub code, version 785, given in the report is not active in any BIOS to our knowledge. Our earliest released version of the Computrace BIOS module was version 802 over five years ago. Even if the BIOS vendor inadvertently included inactive dead code in the build of the BIOS examined, Absolute has no method to activate this version and it cannot be exploited by a malicious attacker.
On behalf of our customers, Absolute is committed to combating computer crime and data theft in concert with our major PC OEM partners. Absolute offers a unique solution to the increasing need to track, manage and protect mobile computers. The Computrace family of solutions has been responsible for the safe recovery of thousands of lost or stolen data-bearing devices. Customers authorize remote data delete operations daily on missing devices to protect their privacy.
On behalf of our customers, Absolute is committed to combating computer crime and data theft in concert with our major PC OEM partners. Absolute offers a unique solution to the increasing need to track, manage and protect mobile computers. The Computrace family of solutions has been responsible for the safe recovery of thousands of lost or stolen data-bearing devices. Customers authorize remote data delete operations daily on missing devices to protect their privacy.
About Absolute Software
Absolute Software Corporation (TSX: ABT) is the leader in computer theft recovery, data protection and Secure Asset Tracking® solutions. Absolute Software provides organizations and consumers with solutions in the areas of regulatory compliance, data protection and theft recovery. The Company's Computrace software is embedded in the firmware of computers by global leaders, including ASUS, Dell, Fujitsu, General Dynamics Itronix, HP, Lenovo, Motion, Panasonic and Toshiba, and the Company has reselling partnerships with these OEMs and others, including Apple. For more information about Absolute Software and Computrace, visit www.absolute.com and http://blog.absolute.com.
Forward-Looking Statements
This press release contains forward-looking statements that involve risks and uncertainties. These forward-looking statements relate to, among other things, the expected performance, functionality and availability of our services and products, and other expectations, intentions and plans contained in this press release that are not historical fact. When used in this press release, the words "plan," "expect," "believe," and similar expressions generally identify forward-looking statements. These statements reflect our current expectations. They are subject to a number of risks and uncertainties, including, but not limited to, changes in technology and general market conditions. In light of the many risks and uncertainties you should understand that we cannot assure you that the forward-looking statements contained in this press release will be realized.
©2009 Absolute Software Corporation. All rights reserved. Computrace, Absolute and Secure Asset Tracking are registered trademarks of Absolute Software Corporation. Computrace U.S. patents No. 5,715,174, No. 5,764,892, No. 5,802,280, No. 5,896,497, No. 6,244,758, No. 6,269,392, No. 6,300,863, and No. 6,507,914. Canadian patents No. 2,284,806 and No. 2,205,370. U.K. patents No. EP793823 and No. GB2338101. German patent No. 695 125 34.6-08. Australian patent No. 699045. Japanese patent No. JP4067035. The Toronto Stock Exchange has neither approved nor disapproved of the information contained in this news release.
This press release contains forward-looking statements that involve risks and uncertainties. These forward-looking statements relate to, among other things, the expected performance, functionality and availability of our services and products, and other expectations, intentions and plans contained in this press release that are not historical fact. When used in this press release, the words "plan," "expect," "believe," and similar expressions generally identify forward-looking statements. These statements reflect our current expectations. They are subject to a number of risks and uncertainties, including, but not limited to, changes in technology and general market conditions. In light of the many risks and uncertainties you should understand that we cannot assure you that the forward-looking statements contained in this press release will be realized.
©2009 Absolute Software Corporation. All rights reserved. Computrace, Absolute and Secure Asset Tracking are registered trademarks of Absolute Software Corporation. Computrace U.S. patents No. 5,715,174, No. 5,764,892, No. 5,802,280, No. 5,896,497, No. 6,244,758, No. 6,269,392, No. 6,300,863, and No. 6,507,914. Canadian patents No. 2,284,806 and No. 2,205,370. U.K. patents No. EP793823 and No. GB2338101. German patent No. 695 125 34.6-08. Australian patent No. 699045. Japanese patent No. JP4067035. The Toronto Stock Exchange has neither approved nor disapproved of the information contained in this news release.
For more information, please contact:
Public Relations:
Leslie Campisi, Affect Strategies
leslie@affectstrategies.com or 212.398.9680 x144
Investor Relations:
Dave Mason, CFA, The Equicom Group
dmason@equicomgroup.com or 416.815.0700 x237
Leslie Campisi, Affect Strategies
leslie@affectstrategies.com or 212.398.9680 x144
Investor Relations:
Dave Mason, CFA, The Equicom Group
dmason@equicomgroup.com or 416.815.0700 x237