What's new

Disabling Absolute in UEFI

SurfacePro3-New

New Member
Does anyone know how to deactivate the back door chip in UEFI for surface pro 3(Absolute Computrace) This is an i5
I see that supposed that all Surface Pro 3 have them, is it true? I try to run the Nessus scan, but it's almost useless as I don't understand the complicated program.
Thanks!
 
Actually I would also like to know rather more detail about this. According to MS and Absolute Computrace, embedded in the Surface Pro 3 in a manner that cannot be relaibly removed there is a product that can track, lock, wipe, remote copy data, audit usage,, identfy software etc on your device. All without user interaction and with apparently almost no ability to remove, as they so charmingly call it "Absolute Persistence"

  • Through our partnership with computer manufacturers, the Absolute persistence module is embedded into the firmware of computer, tablet, and smartphone devices at the factory.
  • Once the Computrace agent is installed and activated our customers enjoy a level of persistence that is virtually tamper-proof, providing them with a trusted lifeline to each device in their deployment.
  • The Absolute persistence module is built to detect when the Computrace and/or Absolute Manage software agents have been removed, ensuring they are automatically reinstalled, even if the firmware is flashed, the device is re-imaged, the hard drive is replaced, or if a tablet or smartphone is wiped clean to factory settings.
  • Absolute persistence technology is built into the BIOS or firmware of a device during the manufacturing process. Once activated, customers who purchase these devices benefit from an extra level of security. View a list of devices that support Absolute persistence.

http://www.absolute.com/en

Littel extra detail on the possible concerns

http://www.theregister.co.uk/2014/02/17/kaspersky_computrace/
 
The Chip is on the Motherboard, but is not activated unless you subscribe to the service through the vendor (or if your company does). Then much like a TPM it stores its unique keys in the Chip tied to your account.
 
Problem is, Kaspersky raise this as a concern as they identified several brand new, out of box PC's of theirs that had been activated and they don't subscribe to the service.
 
The report doesn't explain how the vast majority of these activations occurred. I would guess most are in the Corporate/Government Sectors, they are activated via Service Contracts, some people who use their personal devices for Work don't read their organizations BYOD Policy and could have it activated without their explicate knowledge.

At this point, if you are fearful of the technology your only option is purchase products that do not contain the technology. I know that Microsoft included it because it was one the main design requests from their enterprise customers.
 
Hi thanks for all your replies, I have research quite extensively about this. I have not found any answers to fixing this, and is paranoid. The only resolution that I found was thru the high scale network security co called Nessus, which they claim can at least scan if it's communicating or active, all of the others resolution seems gimmicky and doesn't really resolve the problem, if anyone is a network guru and kind of explains how to use or which policy to use in Nexxus, I would really appreciated. I have no idea what I am doing, there is a home version from their company which you can download for free, it's seems to work really well, I just don't know how to interpret it.

BTW, @jnjroach when you say enterprise edition, what if I just got it thru bestbuy? I assume the chip is there on all surface pro 3 so it wouldn't make a difference..right?

Thanks, this is quite annoying, I am doing scans with the nessus on my other PCs as well, it turns out I have other vulnerabilities...again which I can't interpret...LOL

Thanks all
 
Problem is, Kaspersky raise this as a concern as they identified several brand new, out of box PC's of theirs that had been activated and they don't subscribe to the service.
Kasperky Lab admits that it has "no proof that Absolute Computrace is being used as a platform for attacks"
 
Identify the traffic and block it in the firewall or router... end of story. Well Kaspersky what's the traffic signature or port? please tell us you know and aren't just grandstanding.
 
Hi thanks for all your replies, I have research quite extensively about this. I have not found any answers to fixing this, and is paranoid. The only resolution that I found was thru the high scale network security co called Nessus, which they claim can at least scan if it's communicating or active, all of the others resolution seems gimmicky and doesn't really resolve the problem, if anyone is a network guru and kind of explains how to use or which policy to use in Nexxus, I would really appreciated. I have no idea what I am doing, there is a home version from their company which you can download for free, it's seems to work really well, I just don't know how to interpret it.

BTW, @jnjroach when you say enterprise edition, what if I just got it thru bestbuy? I assume the chip is there on all surface pro 3 so it wouldn't make a difference..right?

Thanks, this is quite annoying, I am doing scans with the nessus on my other PCs as well, it turns out I have other vulnerabilities...again which I can't interpret...LOL

Thanks all
What I'm saying is the Chip is on the Surface Pro 3 (All Models) but is not active out of the box and must be enabled, either through paying for the service via Absolute Computrace or through an Organization's Internal IT Department.
 
Than if we don't want it active, private owners of the Surfaces do not have a problem since you have to subscribe and pay for it to be active.
 
Actually I would also like to know rather more detail about this. According to MS and Absolute Computrace, embedded in the Surface Pro 3 in a manner that cannot be relaibly removed there is a product that can track, lock, wipe, remote copy data, audit usage,, identfy software etc on your device. All without user interaction and with apparently almost no ability to remove, as they so charmingly call it "Absolute Persistence"
/

It's on a chip. You can't remove it unless you want to take your Surface apart.

kay-say-rah-say-rah. If I worried about everything like this, I would wind up in a mental institution and never get to enjoy my Surface.
 
Than if we don't want it active, private owners of the Surfaces do not have a problem since you have to subscribe and pay for it to be active.

That would appear to be the case, unless you take it to work and connect to the network there, in which case it may be activated automatically by the on-site activation servers?
 
Back
Top