Intel has sought to remedy the situation with the introduction of what they call Intel Anti-Theft (or Intel AT) technology. The concept is so simple, that it’s a wonder it hasn’t been implemented before. But then again, it’s the simplest things that are the easiest to miss at times.
Its workings are as follows:-
- First you need a device that supports Intel AT. Any 3rd generation Core processor with “vPro” support does have this feature. Unfortunately, this means that laptops with the Core i3 processor are unsupported. To find out if your device is supported, check out this very handy link here.
- vPro enabled laptops have AT technology directly embedded in their firmware and once configured, they can be setup to contact a server at regular intervals. A failure to connect to the server or a “stolen” flag will immediately lock down the device. Any tampering with the device itself, such as the removal of the CMOS battery, multiple log-in attempts, etc., will also disable the device.
- Once recovered, the registered user will need to enter the security key or server-generated key to login and re-activate the device.
The main reason why this service is so effective is because the Intel AT enabled device will contact the server on a channel that is unsupported by the OS, making it almost impossible to intercept or interfere with. Because of this isolation, a device can be completely locked down independent of the installed OS or HDD. A thief can remove the hard-disk and insert a new one, format the current one or even try to boot from a pen-drive but it won’t work. The device will be locked down at a hardware-level and nothing but the right key can revive it.
Be warned, the AT technology will not, by itself, protect the data on your HDD though. Anyone can remove the HDD and access the data on it with the right tools.
To aid in data security, Intel’s vPro-enabled processors allow a part of an encryption key to be stored securely within the AT-hardware itself. With the right software, this encryption key, along with a user generated key, can be used to encrypt and lock any data on an installed HDD in such a way that that data cannot be accessed on any other device without both keys being present and accessible.
Read more about this here.
Intel doesn’t provide this AT service for free. You get the hardware if you purchase a supported device, but that doesn’t mean that you have AT enabled by default. You will need software that will support and take advantage of the AT features at your disposal, especially as someone needs to maintain the servers.
To this end, Intel has set up some “trusted” partners, one of which is McAfee. You can try out McAfee’s version of AT from here.
McAfee sent us an Acer ultra-book for previewing the anti-theft software and hardware, and we must say, the technology is impressive and is an elegant solution to the problem of device security. In the course of our testing the AT technology worked exactly as advertised (and as mentioned in the “Working Mechanism” section above). We even “stole” the ultrabook and used Ubuntu from a pen-drive, making sure that we weren’t connected to the internet and while we could use the device just fine (and access all the unencrypted data on the HDD), when the pre-set ping interval for the AT service expired, the device locked itself down and wouldn’t boot beyond the “This device is reported stolen” screen.
McAfee also takes advantage of the encryption technology offered by the AT hardware to provide you with a secure data-vault. There are a few restrictions with regard to this vault though. While you can have multiple vaults, the maximum size of each vault is restricted to 8GB and you cannot have a file larger than 2GB in there. That said, this vault is meant to store your sensitive data, particularly documents and images and for that purpose, does an admirable job.
There are other software alternatives to a data-vault, many of them free, but this differentiate itself from all the others by incorporating the encryption key from the AT-hardware (as mentioned earlier) and thus, providing a far more secure vault. Of course, high levels of encryption with a long and complicated key will still be almost as good as McAfee’s method given that a brute-force attack would still take decades to crack either system.
McAfee anti-theft works in the following way:-
- You purchase a license and setup a McAfee account.
- Install the software on a supported device and register and setup McAfee anti-theft.
- Configure the security options from the McAfee web-console from anywhere.
- Configure the data-vault from within the software interface on your device.
- If at any time your device is stolen or “misplaced”, simply login to the McAfee web console and report the device as stolen. Once reported, the device will automatically lock itself down the moment it contacts the server and gets the report.
- To unlock, simply boot up the device and enter your key where requested. If by some chance you forgot your key, you will need to login to the web console and use a server-generated key to unlock your device. Simple.
NOTE: The device-tracking service that is offered by the software (and hardware) is simply awful. Don’t pin your hopes on it. During our tests, the device, while in our Chembur office, was listed at all sorts of locations all over Bombay, even indicating that the device was in Pune at one point.
Intel’s (and McAfee’s for that matter) Anti-Theft solution is something that should ideally be a part of every laptop/ultrabook that is being sold. It’s a very simple solution to a very prevalent problem and for someone worried about security, well worth the price.