Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Laptop Recovery--Preparing for the worst

J

j0nheck

macrumors newbie
Original poster
Apr 4, 2010
12
0
Hey all-

tl;dr: What's the best way to make a throw-away account on my computer to help aid in theft recovery.

I've recently been on a paranoid streak and started thinking quite a bit about protecting my data and recovery of my laptop (Macbook Pro i7) should it ever be stolen.

I took a few basic steps and installed Prey, started using FileVault, changed settings to require passwords to wake my computer, removed/disabled any type of "auto login" features and beefed up my passwords. The basic things we should all be doing anyway....

I got to thinking about my machine actually getting stolen, and it came to mind that if it is stolen, the chance of an (average) user being able to login was much less likely. I know he/she wouldn't be able to get into my account due to my password strength (unless it was already compromised). This pretty much makes my recovery plan moot, since in order to recover, I'd need the computer to connect to the internet again so I could get a location/IP/photos/ etc. If the thief can't login, how does he/she connect to the network? He/She doesn't I suppose.

I figure if someone is going to steal the computer, and can't get into my account, they'll probably do a hard reboot, and get to a login screen. What if there were two accounts on my computer--my personal account; and another throw away account just designed to be a honey-pot for would-be thieves to login to? They could login, connect to the network.. and my recovery efforts can start.

What's the best way to create such account? Obviously it needs to have certain permissions, but not everything (root). Can I lock it down so the user can perform basic tasks (open apps, connect to a network, etc), but not do more advanced tasks (create/delete accounts). What else am I leaving out here?

Does that sound reasonable...is there any flaw to my logic?
 
The only advantage FileVault gives you is protecting your data.

Your laptop if stolen will get reformatted and OSX loaded back on. All the thief needs to do is put the 10.6 install disk in and reinstall.

Now depending on what type of data you have on your laptop will dictate whether File Vault is a good option. If you don't store your credit card #s, bank info and top secret CIA documents then perhaps an encrypted disk image would be better. Why encrypt your entire home folder, if you don't need too.
 
The odds are that the computer will be stripped and the HD simply removed. They make chips similar to Low Jack, in which a GPS chip is implanted somewhere in the computer and upon activation will show the location.
 
NickZac said:
The odds are that the computer will be stripped and the HD simply removed. They make chips similar to Low Jack, in which a GPS chip is implanted somewhere in the computer and upon activation will show the location.
Click to expand...

Really? Is that something that comes standard on new laptops or do you have to buy/install it yourself?
 
there seems to be a consensus that the computer would be reformatted; when is the last time a laptop thief had OS X disks laying around, and would first reformat before trying to login? Not sure there is any real data out there to support this. no?

I like the parental controls idea, to be honest, i had never used them. Thanks for the advice.
 
helptheold said:
Really? Is that something that comes standard on new laptops or do you have to buy/install it yourself?
Click to expand...

To be honest I do not know much about the specefics. My buddy is one of the IT administrators for a college around here (Towson U), and they use it in all of their computers and have had great success.

Also, check out 'hidden app'...you can track and even turn your camera on to watch the ****** who jacked your comp
 
Honestly, the chance of your computer ever being stolen is extremely low, and the chance that if it is stolen, that you'll have any chance of recovering it is almost infinitesimally small. I'd focus on making sure the machine is fully backed up all the time (this means automatically - no manual backups), and any extremely sensitive data is encrypted. Then I'd make sure the machine itself was covered by my home-owner's policy or renter's insurance, and forget about it. The hardware itself is easily replaceable. It's the data you need to secure.
 
j0nheck said:
there seems to be a consensus that the computer would be reformatted; when is the last time a laptop thief had OS X disks laying around, and would first reformat before trying to login? Not sure there is any real data out there to support this. no?

I like the parental controls idea, to be honest, i had never used them. Thanks for the advice.
Click to expand...

If the thief doesn't have OSX disks, he walks into best buy, apple store and buys them (or steals them because he's a thief), or downloads them from a torrent.

A thief takes the laptop either because he wants it, or wants to sell it, as a whole, or in parts. I'm not really seeing the advantage of putting an account with parental controls? In all cases has a very easy work around.
 
Can't you put a setting to make a password required right when you press the power button? That way they can't boot into any hard drive (even if they take yours out) or DVD drive (so they can't boot from the OS X disc) unless the password is entered?

Advantages to this feature?

blocks the ability to use the "C" key to start up from a CD-ROM disc.
blocks the ability to use the "N" key to start up from a NetBoot server.
blocks the ability to use the "T" key to start up in Target Disk Mode (on computers that offer this feature).
blocks the ability to start up in Verbose mode by pressing the Command-V key combination during startup.
block the ability to start up a system in Single-user mode by depressing the Command-S key combination during startup.
blocks a reset of Parameter RAM (PRAM) by pressing the Command-Option-P-R key combination during startup.
requires the password to use the Startup Manager, accessed by pressing the Option key during startup (Figure 1).
requires the password to enter commands after starting up in Open Firmware, which is done by depressing the Command-Option-O-F key combination during startup.

4368739975_5be85cb46f.jpg


Check this out. Its called Open Firmware Password


http://support.apple.com/kb/ht1352
http://support.apple.com/kb/DL675
Read this too : http://discussions.apple.com/thread.jspa?threadID=2703115&tstart=15


Alternative option: http://preyproject.com/

Hope this helps to a certain extent.


As long as you keep an eye on your MBP when you take it out of your house, then you should be fine.
Don't keep your MBP visible in your house either (ie. in front of a window)
 
Last edited:
NickZac said:
The odds are that the computer will be stripped and the HD simply removed.
Click to expand...

Do you have any facts to back up this statement? In my experience it wasn't true, nor was it true for the three dozen other thieves arrested as a result of the police arresting the member of the crime ring that stole my machine.

Thieves want to steal and resell as fast as possible. If they were smart enough to wipe the drive, they wouldn't be relying on petty theft to make a living.
 
wordoflife said:
Can't you put a setting to make a password required right when you press the power button? That way they can't boot into any hard drive (even if they take yours out) or DVD drive (so they can't boot from the OS X disc) unless the password is entered?

Advantages to this feature?

blocks the ability to use the "C" key to start up from a CD-ROM disc.
blocks the ability to use the "N" key to start up from a NetBoot server.
blocks the ability to use the "T" key to start up in Target Disk Mode (on computers that offer this feature).
blocks the ability to start up in Verbose mode by pressing the Command-V key combination during startup.
block the ability to start up a system in Single-user mode by depressing the Command-S key combination during startup.
blocks a reset of Parameter RAM (PRAM) by pressing the Command-Option-P-R key combination during startup.
requires the password to use the Startup Manager, accessed by pressing the Option key during startup (Figure 1).
requires the password to enter commands after starting up in Open Firmware, which is done by depressing the Command-Option-O-F key combination during startup.

4368739975_5be85cb46f.jpg


Check this out. Its called Open Firmware Password


http://support.apple.com/kb/ht1352
http://support.apple.com/kb/DL675
Read this too : http://discussions.apple.com/thread.jspa?threadID=2703115&tstart=15


Alternative option: http://preyproject.com/

Hope this helps to a certain extent.


As long as you keep an eye on your MBP when you take it out of your house, then you should be fine.
Don't keep your MBP visible in your house either (ie. in front of a window)
Click to expand...

Even an Open Firmware Password can be circumvented by replacing the machine's RAM. Not that I expect most thieves to know that, but the point is, it's not bulletproof by any means. I'm also not sure what the point is: if a thief wants your data, they can get around the OFP or just put the HDD into another machine.

If they want your machine, an OFP isn't going to help you get it back. Sure, it might prevent the thief from using it (small victory), but you've still lost your machine...

*shrug*
 
Demosthenes X said:
Even an Open Firmware Password can be circumvented by replacing the machine's RAM.
Click to expand...

Not true. I had to send my MBP in for repair, so I took out the RAM and HDD and stuck them in my White Unibody MacBook. I put the 2GB of RAM and 250GB HDD from the MacBook into the MBP. Both machines still had their firmware passwords in place. What aggravated me was I had the genius specifically note in the work order form on my MBP that I had a firmware password, and what it is... I got it back, and lo and behold, the firmware password was gone :eek:. That really pissed me off.
 
Wirelessly posted (iPod touch 2nd gen: Mozilla/5.0 (iPod; U; CPU iPhone OS 4_2_1 like Mac OS X; fr-fr) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

AlphaDogg said:
Demosthenes X said:
Even an Open Firmware Password can be circumvented by replacing the machine's RAM.
Click to expand...

Not true. I had to send my MBP in for repair, so I took out the RAM and HDD and stuck them in my White Unibody MacBook. I put the 2GB of RAM and 250GB HDD from the MacBook into the MBP. Both machines still had their firmware passwords in place. What aggravated me was I had the genius specifically note in the work order form on my MBP that I had a firmware password, and what it is... I got it back, and lo and behold, the firmware password was gone :eek:. That really pissed me off.
Click to expand...

You must boot with one stick removed IIRC. Otherwise the system can't tell something has changed.
 
lewis82 said:
Wirelessly posted (iPod touch 2nd gen: Mozilla/5.0 (iPod; U; CPU iPhone OS 4_2_1 like Mac OS X; fr-fr) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)



You must boot with one stick removed IIRC. Otherwise the system can't tell something has changed.
Click to expand...

It's something to do with the RAM... point is, OFP aren't bullet-proof, either.
 
miles01110 said:
Thieves want to steal and resell as fast as possible. If they were smart enough to wipe the drive, they wouldn't be relying on petty theft to make a living.
Click to expand...


My thoughts too--that's why I'm thinking a 'honey-pot' account so the thief (or unsuspecting buyer) can login and I'll start receiving my Prey notifications is the best bet. (in addition to my redundant backups)

Like others have said, the Open Firmware passwords are good, but not bullet proof.

I liken it to MAC-filtering your wireless home network. Sure it's an additional step, but anyone with enough smarts to break into your network should be easily able to circumvert that security measure...a better bet is to try and contain the threat (honey pot account).
 
I asked my friend and he says the tracking hardware is actually administered by Lo Jack, the car people.


miles01110 said:
Do you have any facts to back up this statement? In my experience it wasn't true, nor was it true for the three dozen other thieves arrested as a result of the police arresting the member of the crime ring that stole my machine.

Thieves want to steal and resell as fast as possible. If they were smart enough to wipe the drive, they wouldn't be relying on petty theft to make a living.
Click to expand...
i've seen statistics on what happens to stolen laptops but I am not sure where to find them at the moment. I don't know if I can call laptop theft 'petty theft'; they aren't cheap, are small, easy to transport, and can be stripped and parts sold.

The number of laptops stolen is crazy too; IIRC I think it is like 8-11% per year.
 
NickZac said:
i've seen statistics on what happens to stolen laptops but I am not sure where to find them at the moment.

The number of laptops stolen is crazy too; IIRC I think it is like 8-11% per year.
Click to expand...

When you find them, please provide a link to the source. I don't really believe that one out of every ten laptops is irrecoverably stolen annually, but would be open to changing my mind if presented with reputable evidence.

I don't know if I can call laptop theft 'petty theft'; they aren't cheap, are small, easy to transport, and can be stripped and parts sold.
Click to expand...

Laptops are more valuable sold as a working whole. They aren't particularly expensive either, depending on the make and model.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back