WebTrack Computer Tracking Software

Hi all,

I was hoping I would be able to get some opinions on this. The company I work for is considering purchasing a large quantity of licenses for a software package known as WebTrack, manufactured by a company called BossUK (www.bossuk.com). WebTrack is a PC and laptop tracking package which, for example, in the event of a theft, will record the location of a machine every time it is connected to the Internet.

The software is delivered via a floppy disk or CD-ROM and the company claim that by simply inserting the disk and executing the program it covertly installs format resistant code which will report back the location of the machine to our server.

I have been involved in the security scene for a few years now and I can't work out how this is possible. Format resistant code? Also, how would it survive a reboot if, for example, you changed operating system, booted from a Live-CD distro or formatted the operating system? I suppose its a possibility to store the software in sectors on the hard disk then mark them as bad, or perhaps they have worked out how to store the software in the BIOS or video card memory somewhere? Still though, how would it be executed from within the operating system?

It does say on the site that the machine is identified at a component level, leading me to believe that it could possibly be traced based on the machines MAC address. However, in the age of routers and home networks I don't see how you would be able to locate a stolen machine hidden behind a router/host device or if you changed network card.

The specification sheet for the software is here:
http://www.bossuk.com/Images/BRWEBTRACK.gif

I have contacted the company several times but they have yet to return my calls. What I'm asking is if any of you think that what this company is offering is genuine non-removable laptop tracking software or simply a 'rootkit trojan-style' remote monitoring application which can be deactivated simply by formatting the machine, deleting the program itself or removing the programs service/autostart locations.

Thanks for any advice or opinions you can offer.

DCN

 

Hmm, I'd guess it uses some rootkit style technology, I know of another laptop tracking program called LoJack which performs a similar job, the FAQ is located here:

http://www.lojackforlaptops.com/support.asp?section=faq&g=mb

Still no explaination on how the software survives a reboot once the operating system has been formatted though... :S

 

Yeah I think I may have been right, looks like this application drops a file called RPCNet.exe and uses it to communicate with the server. They claim this application can survive a format, an fdisk and partition rewrite. If you find out how I'd be interested in knowing

 

Hi MysticJohn,

Thanks for your replies, I have been looking into the program you mentioned and it seems that they all work in a similar way. After some searching I came up with this quote from Absolute software's John Livingston:

Quote taken from: http://news.zdnet.com/2100-9584_22-954931.html

Still I have no idea as to how the software would re-initialise itself after the file system and partition table were wiped out, regardless of operating system.

 

The zTrace software looks quite interesting:

http://www.ztrace.com/FAQ.asp

Seems it bypasses all anti-virus applications and 'the majority' of firewalls. I wonder if it can beat the likes of ZoneAlarm and Tiny or even ProcessGuard...

 

<RPCNet exe>


Remote Precedure Call Net

R P C Network = hook = trojan type

 

laptop retrival program

There was a time back in the dark ages with such programs actually worked but in todays world these programs can usually be removed without much fuss (please do not ask how to remove as that would improper to discuss removal in a public forum where hackers could learn from such info)

Let it be enough said just to know that any newbees could removed such a program in under one minute by using a easily obtainable tool.

these programs are widely used by college bookstores that loan out laptops...........larger companies may employ such programs as well......but to purchase one of these laptop retrival program imo is a complete waste of money. Do they work.....yes, just a a trojan or virus will work.....an can be removed just as a trojan or virus can be removed....

 

Another thing I am quite concerned about here is that if companies such as these can create software which can survive an fdisk, format and partition table rewrite then fully reinitialise afterwards, whats stopping trojan and malware authors from doing the same thing with a virus?

 

### Last Post Before Reformat ###




DCN

Your concern is highly valid an should be the concern of every computer User.
However, alot of what you read may amount to nothing more than "smoke and mirrors" to sell a product.
A person's experience would definitely come into play in a situation such as this. Many software vendors rely on the in-experience of computer Users....
For a moment consider how many computers get infected by trojans and viruses... by also consider how many computers DO NOT GET INFECTED......now ask yourself: WHY IS THIS? In many cases its nothing more than a computer user's experience.....or perhaps just the luck of having installed the right PROGRAM for protection.
Experience is a must have Tool. Experience may not actually be related to KNOWLEDGE. There are many highly experience computer users that can do things with computers that would shock you an yet would not have the KNOWLEDGE to network two side by side computers. That statement may confuse some people but it takes a moment to digest....an will leave to others to better explain. (notice at the top of this message that I am getting ready to reformat.........there is nothing wrong with this computer but "I feel there is something wrong" an experience person will take that "feeling" and begin searching....which is what I just did a few moments ago......an discovered several important files corrupted...... a person of knowledge would say "run it..its working" or "offer their knowledge in fixing the issues"
The same applies to stealth trojans such as the one herein being discussed.........rpcnet would be ignorred by virus and trojan programs but its sure as hell is just a call-home trojan......a nicer guy would call rpcnet a software program......but I am not that polite........its a trojan thats been exploited by a software vendor to make a profit from.....its done all the time.
Here the software vendor depends on the public not to have enough experience to see a rat as a rat instead they see a rat as a squirrel ....but in fact: a squirrel is a rat with a fluffy tail.............just as a trojan is a trojan even if called a software program. Having the experience to know a rat as a rat leads to "finding the knowledge" to remove the rat.
As already mention..in this case...the Rat is very easy to remove....but does the software vendor want YOU to know that....of course not...would you purchase a program that can be so easy to remove....an the program is advertised as a security program...a tracking program...the holy grail of tracking..........yeah right.......any 10 year old can remove it........but I didn't tell you that LOL
The point is: We, the computer users of the world....have been slammed....insulted.....and crapped on for years.......but there are a few computer user who got fed-up and got EXPERIENCE.....an moves about the internet sharing that experience.........there will always be trojans and virues......an there will always be someone out there with the experience to "feel" something is wrong with his os.....and there will always be someone out there with the KNOWLEDGE to help the person with the EXPERIENCE remove the BUG........its call TEAM WORK......an the security community does it better that just about any group in the world

These days in seems common that when someone shares experience with others the Vendors find out and send Posters in to begin flaming.....its being done more and more..........when that begins.....just laugh it off. There is knowledge out there that is yet to be shared.....stay open minded.