Hardware

Unleash Retriever to protect and track down stolen laptops

Retriever is an easy to use, inexpensive solution to locate, lock, and report lost or stolen personal or SMB laptops. However, it may not be for everyone.

During the years, I've looked at several products and services intended to manage lost or stolen laptops.  Most were expensive.  One was free but unable to live up to its promise.  However, I recently found a service which is inexpensive and easy to use—Retriever from Front Door Software.  And although it has a few issues which I cover in this post, Retriever is a pretty good personal or SMB laptop theft management product.

Installation

Installation began with downloading an .MSI file for my laptop (Windows XP SP2).  The application installed is used to enforce policy set by the administrator via the online user interface.

The first step in the install process is completion of a registration form, as shown in Figure 1.  This information is used when the auto-registration and license initialization occurs during the final setup step.

Figure 1

Completing this form and clicking Next brought me to the message screen, shown in Figure 2.  This information is displayed during login in case the person using your laptop is inclined to return it to you.

Figure 2

The next setup step requires answering "secret questions."  The information requested is shown in Figure 3.  There is a lot not to like about this.  First, there is only one question.  Granted, it can be anything you like.  However, most users left to answer this on their own, will probably use something silly like mother's maiden name.

Second, year born is easy to obtain.  In my opinion, this doesn't even count as a good security question today.

Finally, I had to select a favorite activity from a list.  Hopefully I remember what I chose if I have to call for support.

Figure 3

Finally, the setup program prompted me for a password for accessing the Web-based management software.  I filled the password field using my static Yubikey.  Completing this step launched the initialization step.  When finished, it displayed the informational window shown in Figure 4.

Figure 4

At this point, I thought I was done.  However, when I logged into the management site, the laptop was shown as not actively managed.  A little checking and I found I needed to restart to complete the install.  It would have been nice if Retriever told me this during setup.

Browsing and testing

It was now time to login to the management app and run Retriever through a test course.  After signing on to the Web site as an owner, I was presented with the "dashboard" shown in Figure 5.  The initial listing displays all devices managed by the organization and contact information.  Although I spent about three hours fooling around with this, I'm limiting the scope for this post to just the basics.

Figure 5

Send Message

Clicking on Send Message brings up a list of possible methods an owner can use to communicate with lost/stolen systems.  In addition to throwing up a big red and yellow notice (I explain this later), you can have a stolen laptop yell at an unauthorized user.  You can use the default messages or record your own.  You can also select how often you want the message played, as shown in Figure 6.  Further, you can send text or voice messages to your laptop user population—like a "connect now and get your patches or we're locking your device" kind of message…

Figure 6

Equipment Info

Although I believe more information is available if I actually pay the $29.95 fee for a three-year license, the information provided about my system is pretty comprehensive, as shown in Figure 7, including,

  • Data and time device last connected
  • Computer ID
  • License ID
  • Equipment type (displays OS version and SP level in my case)
  • MAC addresses for all three of my network interfaces (Other1)
  • Version of Retriever client loaded on the laptop (Other2)

Figure 7

Stolen & Lock

Now to core functionality.  The Stolen & Lock list allowed me to either flag my laptop as stolen or lock it with a lock code, as shown in Figure 8.  To test, I clicked Edit in the first column, checked Stolen, updated, and waited to see what happened.

Figure 8

Although the laptop side of the Retriever solution checks in every 5 minutes, I didn't know that.  So after waiting three or four minutes, I decided to restart my laptop to see if the yelling would begin.  However, the reboot didn't look any different.  No yelling and no red and yellow banner.  After waiting a few minutes, the yelling did start and repeated continuously.

So I rebooted to see if the banner would come up.  As soon as the GINA appeared, the yelling started again.  I didn't have to log in.  The Retriever login message window had also changed.  At the top in huge red-on-yellow letters it read, "Stolen Computer! This computer has been reported lost or stolen.  Please contact the owner."  Contacting me would be easy, since immediately below this message was my name, phone number, email address, and a user-defined message stating an offer of $50 to whomever returned my computer to me.

After I entered my password into the GINA, the laptop appeared to boot normally.  But it locked soon after.  I could move my mouse pointer around the screen, but clicking on anything was futile.  To see if this was part of the stolen laptop process—I hadn't checked Lock¬—I called the support number prominently displayed everywhere.  I discovere that voice support is not available after business hours.

So, I did the only I could do.  I held down the power button for 10 seconds and brought my laptop down hard.  I also cleared the Stolen box in the management site.  Since the laptop needed to power up and connect to Front Door Software to see it wasn't stolen any longer, the banner and the yelling commenced with the GINA.  After a few minutes, everything returned to normal.  Front Door Software informed me when I called them on the next business day that the lockup was not a feature and should not have happened.

I then tested the lock feature.  The system didn't lock until I hit CTRL-ALT-Delete or restarted the computer.  In both cases, I had to enter the lock code to get back in.

Map/Track

Finally, there's laptop tracking.  Although this is a good way to locate a stolen device, you need to rely on local law enforcement to actually care about your laptop.  With all the other stuff they have to do, this has not proved easy to do for many who've tried.  And unlike other, more expensive services, you have to report the laptop's theft, location, and follow-up with authorities yourself.

The Map/Track screen contains a lot of information about a licensed laptop.  First, there is addressing information and time to reconnect, as shown in Figure 9.  Not only is the external IP listed, but also the internal IPs for all interfaces.  Also available is a real-time locator, as shown in Figure 10.

Figure 9

Figure 10

The final word

Because of price, ease of use, and the fact I can easily set up yelling if a family laptop comes up missing, I plan to pay the three-year license fee and implement Retriever… at home.  However, there are issues which might cause me to pause before ranking this as a favorite pick for SMB or enterprise use.  I confirmed the following list during a call to Front Door Software:

  1. There is no 24x7 telephone help desk support, but email is answered at all times.  This isn't stated on the Web site.
  2. There doesn't appear to be an easy way to distribute or maintain the software centrally via the online interface.  Front Door Software will work with a customer to create one or more distribution images, however.  They will also upload a list of users for the purpose of sending install instructions to laptop user population.
  3. You're on your own when attempting to get the authorities interested in going after a hostage laptop.
  4. The method used to identify callers is weak.
  5. There doesn't appear to be a way to force a laptop to lock if it doesn't connect to the Internet for a specified period.  This allows unauthorized use of a lost or stolen laptop unless an Internet connection is made and status checked in the management database.

In my opinion, this is a good solution for individual or SMB use.  For enterprise applications, it might not be the best choice.  In any case, this and other laptop lost/stolen laptop solutions are no substitute for full disk encryption.

About Tom Olzak

Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be publish...

Editor's Picks

Free Newsletters, In your Inbox