There was a recent post on Slashdot this past weekend which listed GadgetTrak along side a few other companies that develop theft recovery software. I am a huge Slashdot fan, mainly because the readers/commenters do not pull any punches, they are geeks geeks, meaning they know technology. One key difference between GadgetTrak and these other solutions became quite apparent in the comments, as many security and IT folks in the know understand the security ramifications of the “traditional approach” to theft recovery, whereby a back-door is essentially installed into the system. The comments regarding one solution backs up why we feel this approach should be avoided:

What I find is interesting: A program that installs without my permission or knowledge, takes orders from a 3rd party (up to and including “wipe the hard drive”), and actively resists removal. The sales rep at MPC/Gateway got the XXXXX rep on the phone and they both claim that it isn’t a virus. Okay, fine, it doesn’t self-replicate. Seems to fit darn near every other part of the definition! Their tech-support guy ordered the two computers to disable their BIOS component and uninstall [remotely], which THEY DID! The files in C:\Windows\System32 vanished before my eyes.

Gateway/MPC doesn’t seem to understand my frustration. We spend so much time and money securing our computers and making sure they run only the software we WANT them to run. Now you want me to feel safe with a BIOS-level program that copies itself to FAT32/NTFS partitions and tricks Windows OSes into executing it? This same program that calls a 3rd party and requests instructions? I know of only three instructions it can accept, but what if there are others? (”Stolen, check in every 15 minutes”, “Stolen, wipe hard drive”, “Disable and uninstall” we know of)