In a defense of Absolute software - I met with them few years ago and they are a fairly large and very technical company, not a bunch of hacks. Their CTO is a guy who wrote QEMM [1] back in 80-90s. Younglings may not know what this is, but it was one of the most impressive and useful bits of software to ever hit MS-DOS.
With regards to the CompuTrace - it is their primary product and it has been in the development for quite a while. From what I remember they have went to great pains to standardize the placement of the tracing software on bootable disks, i.e. create an open standard through RFC process with disk/OS vendors and what not. As I said they are not some random hacks, and they fully understand the importance of being open and transparent.
In other words, if you want to point a finger here, point it at Toshiba that failed to disclose the placement of ComputTrace on their laptops. Also understand that the software is designed to be hard to detect as its primary usage is tracking, recovery and remote wipe of stolen laptops, hence it being very similar to a rootkit.
I think the point here is that the computer was recording and transmitting information about him and his wife without either of their knowledge or consent. If he had wanted LoJack for his laptop, he could have signed up for one of the services that offers it. Once again, hardware manufacturers seem to think they still own the device once you've bought it.
To be fair to Absolute and Toshiba, there are advantages to this sort of tracking/anti-theft software being integrated by the manufacturer. Building it into the BIOS, though scary and rootkit-like, gives the software persistence across re-installs of Windows, a feature I doubt the standalone competitors boast. If I was a laptop thief, the first thing I'd do would be to image then wipe the drive.
But yes, consent is a must. Absolute and Toshiba should have avoided this issue by adding a clear, detailed notice/consent screen on the first boot.
It's not even consent. Toshiba should be listing this "feature" as a security feature, letting potential buyers know that there is non-removable software that allows this laptop to be tracked in event of theft. Marketing this has the potential to turn it around from "Toshiba plants rootkits" to "Toshiba has some of the best anti-theft protection"
I don't see this listed in the official specifications, so if it were me that found it, on a laptop that doesn't say it has it, I would also agree that this is malware.
My black-hat days are behind me, but isn't it SOP to copy a version of the uncorrupted file under another name, and run it when you're done with your cruftiness? Or incorporate the old code into the .exe along with your insertion?
right -- so a proper black hat would make autochk.exe do its bad stuff and then go ahead and do a proper checkdisk, so the user doesn't notice anything amiss.
Oh, you mean - the Absolute Software guys should have done that? Yes, totally, I'm with you! I thought you were suggesting a solution for me - a laptop user who's not able to run checkdisk.
With regards to the CompuTrace - it is their primary product and it has been in the development for quite a while. From what I remember they have went to great pains to standardize the placement of the tracing software on bootable disks, i.e. create an open standard through RFC process with disk/OS vendors and what not. As I said they are not some random hacks, and they fully understand the importance of being open and transparent.
In other words, if you want to point a finger here, point it at Toshiba that failed to disclose the placement of ComputTrace on their laptops. Also understand that the software is designed to be hard to detect as its primary usage is tracking, recovery and remote wipe of stolen laptops, hence it being very similar to a rootkit.
[1] http://en.wikipedia.org/wiki/QEMM