Last year I wrote about LoJack for Laptops, software that periodically checks in with a central server to help locate your laptop if it is stolen. One of the LoJack features that caught my attention is that, when installed on compatible computers, a bios agent is activated. The bios agent is supposed to reinstall LoJack if the thief removes it by, for example, reformatting the hard drive and reinstalling the operating system.
Around the time I wrote last year’s article, Vancouver-based Absolute Software sent me a copy to try out. I installed it on a HP Pavilion dv4 laptop, checked that it was working a few times, and promptly forgot about it. A few weeks ago, my laptop required a warantee repair, and prior to sending it in, I used DBAN to thoroughly wipe the hard drive. When I got it back, HP had reinstalled the original operating system. So I deleted both partitions and did a fresh install.
Over the weekend I remembered about LoJack and I was curious. I logged into their web site and was informed that my laptop had checked in earlier the same day! LoJack survived every bit on the hard drive being overwritten and two operating system installs. Had a thief stolen my laptop and reinstalled the operating system, it would be checking in every time it was connected to the Internet. And we’d be tracking it down right now.
Evolving Squid
That’s definitely cool… but I wonder… how difficult would it be to write malware with those properties?