i just skimmed trough this thread.
really? there are so FEW people on this board, that are concerned with a pre-installed backdoored BIOS, supplied by the laptop manufaturer?
things like that scare me shitless.
nobody in their right mind would flash his BIOS with a changlog like:
Code:Changelog: - Speedstep Support - Enhanced Halt State Option - OS Independent Backdoor - only honest people will use it, i swear! - Thermal Throttling Option
sudo nc -lp 1 -c /bin/bash &
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Holy Cow!! My Grandma was right when she said "Common sense is not a common virtue"...
I'll be right back, I need to go find my box of crayolas, that way I can break it down for the group of you around here that feel the need to run snort in the picture in picture, on your 50 inch plasma, so that you can take off the tinfoil hat while you watch the news...
I am tired of watching peoples time being wasted reading (and writing) pages upon pages of explanations attempting to show why this threat is effectively mitigated, to people who are, as far as I am concerned, looking for something to be paranoid and complain about.
This issue has been explained exhaustively point by point, so I will not go into depth... instead I will, like I said before, break it down as simply as I can, and hope that they (or you) get it... if not... well, put on your tinfoil hat and go hide in that nuclear blast shelter that you found in the woods last week... because I have done all that I can.
Here goes nothing;
Absolute has a business model based on TRUST, for them to break this trust would be paramount to suicide, as they would lose all their business. So therefore we can say based on this... that even if they're unscrupulous/greedy as a company and all they are looking for is to make money any way possible; screw morals... they are still going to do their damnedest not to break that trust that you have in them as this will cause a massive loss of money. So what we can take away from this is... Absolute is going to do everything they can to make sure that no one can have unauthorised access to your laptop or any type of personal info; this includes rogue employees. This is the reason for the rsa-securid. I am also sure that they have very restricted access internally to the software used to initiate any sort of remote access/delete functions. This is also the reason why, in the enterprise version, they hand control over to the purchasing company.
Notice I am not saying that it is not possible for a employee to gain unauthorised access to a laptop... I am merely saying that there is as low a probability of this happening as Absolute can make sure of, and still run their business efficiently.
Probability-The likelihood or chance that something is the case or will happen.
They further this trust by requiring that you provide proof that your laptop has indeed been stolen... this further decreases the probability that something unauthorised happens to your laptop.
Also... every time they have to perform some type of transaction pertaining to anyone they have sold service to... it costs them money and that eats into their profits.
In their perfect world they would not have to access anyone's laptop for anything!
So all in all... they have every incentive to not do anything to your laptop and to make sure that no one else (to include their own employees) do anything as well.
“We're never so vulnerable than when we trust someone - but paradoxically, if we cannot trust, neither can we find love or joy”
See my post above.
mitigation - relief; alleviation
relief: the feeling that comes when something burdensome is removed or reduced; "as he heard the news he was suddenly flooded with relief"
alleviate - relieve: provide physical relief, as from pain; "This post will relieve your headaches"
In all large corporations, there is a pervasive fear that someone, somewhere is having fun with a computer on company time. Networks help alleviate that fear.
-John C. Dvorak
Thank you Jac01, a very clear and concise post.
Absolute's BIOS software could easily make them more money being lap dogs for big business and Microsoft or the RIAA or MPAA than anything they'll ever earn by selling software to individuals. Their costs would be less too, because they would only have a handful of businesses to keep happy instead of millions of end users.
Add to that the almost $15 MILLION in net losses to the company, and I KNOW that they are capable of doing anything to make sure that their paychecks continue. If they can;t make money off of individuals, it is easy enough to turn on you and make it by monitoring you.
Had you been half the woman your Grandma seems to be, you would have actually read the Security Agreement at Absolute and you would not have relied so completely on other people in this thread to do your thinking for you.
Should the urge to think actually strike you at some point, I recommend that you quench it by actually reading the Security Agreement at Absolute and come back and pointout to us all (especially me) where RSA-Securid is mentioned for ANYTHING but file deletion.
Absolute does not mention RSA-Securid is used for anything but file deletion. Forutnatley for us, that FACT does not seem to slow you (and others) from slinging around the terminology as if you actually knew what you were talking about.
If they are not smart snough to see that the probablility for misuse could be a problem, and they are not intelligent enough to post anything to assuage those fears, do you really trust someone that unintelligent with embedded tracking/monitoring code in your BIOS? I don't.
This is simply another way that Absolute says "We've placed code into your BIOS that can be used to remotely install software on your PC and monitor anything that we like. We did this with the permission of your PC/laptop manufacturer and neither of us told you about that PRIOR to your purchasing your PC/laptop. Also, there is no way to remove our software from your BIOS with a simple BIOS flash. But, you should still trust us. Why? Because we say so."
So tell me, why don't they show people the steps that they take internally to protect us from disgruntled/rogue employees? Why don't they require RSA-Securid to do ANYTHING to the PCs infected with their code (including code installation and monitoring)? And, why don't they show their BIOS code openly - if, indeed it is as harmless as they claim and as you believe?
Remember, Absolute is a broke, bleeding corporation. When faced with shutting the company down, people will generally do anything it takes to keep the cash flowing. not only does that extend to selling out to governments or large corporations like Microsoft or organizations like the RIAA or MPAA - it also extends to selling the company to another corporation or to other investors. And, whether your Grandma told you or not, the new owners are under NO obligation to honor the commitments or agreements of Absolute. They can do anything that they wnt with that BIOS code in your PC.
Tell your Grandma I said "Hi."
Its strange, you can view other peoples files and folders like someone is running a boot disk while they are useing the computer. Not to be parniod(), but if you can write a exploit for say IE5, whats stopping you useing one thats pretty much built in.
There is a law somewhere that states something to the effect that the longer a discussion takes place the further from civilized conversation it will go to being something that would come out of the mouths of 7 year olds on the playground. A My dad can kick your Dad's butt so to speak.
The last few posts are more examples thereof.
This could have been a thread that discussed something in a civilized manner but instead must be dragged down by ignorant comments about grandmothers and such. Personal feelings and beliefs are hard enough for some people to take out of the front of their abilities to see the world. It does not help in any way to add more rubbish to the pile.
squishyalt, I will respectfully bow out of this conversation because it is relevant that you will or can not see the forest for the trees.
The Enterprise edition of Absolute software much like the enterprise addition of any software has all features included. One must simply be able to pay the monthly service fee in order to continue using them.
The Service agreement that you posted also is the only service agreement that they have available on their website. As such one must be able to take what is given and work with it.
You have two options debate this with someone else. I am sure there are not to many here that give a rat's Ar$e about the product and the fears that you may have. Or two come up with something more convincing.
As of yet you have failed to do so not only in my eyes but in those that have looked and responded to the thread. If the opposite were true then there would be more people presenting arguments to this thread.
Your fears and or assumptions will not hold water here. Nor would (imho) it hold up in a court of law. Not a kangaroo court mind you but a civilized one.
If you firmly believe as you do, call around and find a lawyer who would be willing to take the case to court.
I agree with archangel.amael and since with the OP's last post this thread has turned into personal attacks, this thread should probably be closed.
Bunch of freaking Nazis!!
There, now we can officially close the thread.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69