TR Dojo: Locate a stolen laptop with Prey

Bill Detwiler: IT departments use techniques like encryption and remote wiping to protect data stored on laptops. While these methods may prevent the data from being compromised, they don't help locate the actual machine. But, a free program called Prey might.

I'm Bill Detwiler, and during this episode of TR Dojo, I'll show you what Prey can do.

Before I tell you how to configure and Prey, you should understand how it works and its limitations.

Prey is a free application, with versions available for Windows, Mac, and Linux. You can download it from Preyproject.com.

Once installed, it runs as a background process on your machine. At specified intervals, Prey connects to the Internet and attempts to determine if the laptop has been stolen.

How does it do this? Well, in one of two ways. First, if you configure Prey to use the developer's online control panel, when someone walks off with your machine, you would login to the Prey Web site and indicate that the machine has been stolen. When Prey checks in with the online control panel, it will receive a message that the machine has been pilfered.

On the other hand, you can also configure Prey in what the developer calls "standalone" mode. In this setup, Prey never talks to the developer's online service. Instead, you manually create a Web page and give that page's URL to Prey. The page doesn't have to contain any specific information; it just has to be live. Periodically, Prey will attempt to access the page. If the page exists, Prey continues to run, but takes no further action. If your laptop is stolen, you simply delete the page. The next time Prey checks in, it will receive a 404 Not Found message and know that the machine has gone missing.

So what happens when Prey determines that the machine has been taken? Well, it sends you timed reports that contain information describing the machine's whereabouts, such as:

• The status of the computer,
• A list of running programs and active connections,
• Network and Wi-Fi information,
• A screenshot of the running desktop,
• And a picture of the physical surroundings (if the machine has a Webcam).

If Prey is configured to use the online Control Panel, these reports and the information they contain are stored on the developer's servers. You can logon to the Prey Web site from another machine and view them there.

If Prey is configured in Standalone mode, the reports are mailed directly to a specified email address.

So what do you do with the information once you have it? Well that's the rub with all of these laptop recovery tools. Even if you know who has taken your machine, all you can do is give that information to the appropriate law enforcement personnel and hope they use it to recover the laptop.

Under no circumstances do I encourage you to confront the thief yourself. This could be highly dangerous and potentially illegal. Remember, breaking into or trespassing in an area, even to reclaim your own property is still illegal.

Now that we know how Prey works, I'll explain how to set it up. First download the appropriate version for your device from the Prey Web site and run the installation file.

The installation screens may differ depending on your operating system, but the process is ultimately the same.

When you install Prey on a Mac, you're asked to choose whether you want to use Prey in Standalone mode or with the online Prey Control Panel. If you want to use Prey in Standalone mode, select the option and click Continue. Next, set the Run Interval and choose you language. Finally, enter the URL for the Web site Prey will check to determine if you've flagged the machine as missing, the email address where you wish to receive the reports, and the email account information for the account Prey will use to send the reports.

On a side note, if you use Google s SMTP server you'll need to set the port to 587.

Once you've entered all the information, click Continue, and Prey will begin checking for an active Web page at the URL you specified.

If you'd rather not mess with maintaining an active Web page for Prey to check, and you want the ability to configure the Prey client remotely, you can use Prey's online Control Panel.

As I mentioned earlier, to do this, you'll need to sign up for an account at preyproject.com and add your laptop to the account. I recommend you do both before installing Prey on your computer. This is because you'll need two specific pieces of information from the Web site to properly configure the software.

Once your account is active, you'll be given an API key. This is the first piece of information that you'll need. When you add your laptop to the Prey account, you'll also be given a Device Key -- the second piece of information you need.

With these two pieces of information in hand, run the Prey installation as before, but select the Control Panel option. After entering the Run interval and language, you'll be asked to enter the API and Device keys that you were given by the Prey Web site. Once you enter the information and Click Continue, Prey will connect to the online Control Panel and confirm that the laptop can now be tracked.

Now, the previous installation screens were taken on a Mac. When installing Prey on a Windows machine, instead of giving you multiple configuration screens, you're given a single Prey Setup window. From here you can choose the http option to use the online Control Panel or the email option to use Prey in standalone mode. Either way, you'll enter the same information as during the OS X installation. Once you enter the information and Apply the changes, Prey is ready to go.

You can now use the online Control Panel to indicate that your device is missing and view the reports sent from your laptop.

To test Prey, I placed a machine in our TR Dojo studio, set the Run interval to 5 minutes, and marked it missing. At the end of the five minutes, Prey sent a report to the Control Panel. The report contained a photo taken with the laptop's Web cam, a screenshot of the desktop, network information, the device's Mac address and information about the current session.

Now that you've seen Prey in action, you may be wondering how useful an application like this really is. Well, that all depends on the information you can get from the missing machine and how able you are to use that information.

For example, if the laptop thief wipes the hard drive, removes the software, or never let's the machine connect to the Internet, Prey can't help you.

And as I mentioned during the beginning of this episode, even if you were able to gather solid information about the individual who has your missing laptop, you would need to give that information to the appropriate authorities, and hope they can use it to recover your machine.

Lastly, Prey is currently a free service and as such, you have to do the legwork once you laptop has been reported missing.

If you're interested in a more robust solution, you'll have to pay for it. Products like Absolute Software's LoJack for Laptops or Computrace BIOS Tracking Agent (used by manufacturers like Dell, HP, and Lenovo) are more difficult to remove and allow data to be wiped from a stolen machine. Absolute Software also has personnel who will work in conjunction with local law enforcement to help recover your laptop.

Overall Prey is an interesting system, and it could help you recover a stolen laptop. But if you're trying to protect highly sensitive data, I recommend you explore a more-robust paid solution and always encrypt the data on your hard drive.

If you have used Prey or another laptop recovery solution, or you have a story to share about recovering a missing machine, share it with us on the TR Dojo blog.

And as always, for more teachings on your path to becoming an IT Ninja, visit trdojo.techrepublic.com, or you can follow me on Twitter at twitter.com/billdetwiler.

Thanks for visiting the TR Dojo.