1. Field of the Invention
The present invention relates to a persistent or tamper resistant servicing agent in a computer and network environment.
2. Description of Related Art
In today's competitive business environment, information technology (IT) is playing an increasingly important role in the exchange of knowledge in day-to-day business functions. Individuals, systems, organizations, and other business assets are interconnected in this emerging economic web, and as this IT landscape grows increasingly complex, so does the need to efficiently manage computer assets. As a result, organizations now, more than ever, are recognizing the need to take control of, manage and secure their computer asset base, in order to maximize their investment and attempt to control costs.
The amount of time and fiscal resources required to manage computers in a network can be significant. These assets support key business processes such as e-commerce and business intelligence. If these assets are not protected, and there is no ability to proactively manage them, the potential for short and long-term loss is enormous.
One of the main challenges organizations are encountering is the ability to manage a specific software image and required updates on the device storage drive, and to track the location and ongoing migration of their computers. Knowing what assets one has and how they are changing in time is fundamental to ongoing IT asset and policy management. This knowledge also enables better planning and budgeting, such as hardware or software upgrades, or computer retirement. This problem is further compounded as companies expand geographically, and as the adoption of mobile and remote systems becomes increasingly popular. Keeping track of these assets and the software images on them is not only important for the value of the computer itself, but often more importantly, for the protection of the valuable data residing on the machine. A missing or misconfigured asset may have readable confidential or proprietary information on it, or not have anti-virus updated, or it may still have rights to access a corporate network. Companies must be able to account for their assets and their configuration; and know not only what is on them in terms of hardware and software, but also where they are, and who is using them. Only with this additional information can organizations begin to address issues of security and regulatory compliance with remote and mobile users.
With the increase in processing power for mobile computing devices, more and more individuals have opted for mobile computing devices, either as replacements to their desktop units, or as additional devices for home or small business networks. While individuals are not primarily concerned with computer asset inventory and configuration management, they nonetheless share similar concerns as large organizations, in regards to keeping track of personal computer assets and protection of personal data.
Most IT departments will support the statement that conventional asset management solutions can't accurately account for the ever-increasing population of remote and mobile users. In fact, a typical organization will lose up to 15% of its PC assets over a 2 year period to PC drift1—where assets are not necessarily lost or stolen, but they simply cannot be accounted for due to the many times they've changed owners or departments since first being provisioned. On average, most organizations can only accurately identify 65% of their actual PC asset base when asked to do an inventory2. Best practices demands that IT know where at least 90% of PC assets are located at all times.
Remote and mobile computer assets that travel outside a LAN are problematic in a number of ways. Initially, most asset tracking software cannot track these machines when they are not connected to the local network. Also, these remote machines pose a large security threat to the entire IT network. More often than not the remote user is responsible for the administration and configuration updating of the machine rather than the IT administrator. Most users are normally not as security conscious as they should be. Users may lower security settings, install malicious software unknowingly, let anti-virus software fall out of date and fail to install the latest security patches. What may seem like minor security faults to a remote user can have drastic effects on the entire network. When the remote user connects the LAN they may infect the entire network due to these relaxed security concerns. Without effective asset management tools for these remote machines IT administrators cannot ensure the integrity of the entire network. A network is only as secure as its weakest link. The annual CSI/FBI survey on computer security shows that 57% of stolen PC assets are used to perpetrate additional crimes against corporations.
In a response to recent corporate accounting scandals, identity theft and malicious hacking, governments are establishing regulations that force businesses to protect and be accountable for all sensitive digital information. The Sarbanes-Oxley Act of 2002 is an excellent example of such a regulation. With Sarbanes-Oxley there is increased exposure when not accurately reporting assets. Executives are asked to legally verify if the proper controls and regulations are in place to ensure accurate asset reporting. It is now the fiduciary responsibility of the CFO and CEO to ensure that accurate asset reporting is performed. The legal, regulatory and financial exposure to an organization that inaccurately reports its asset base could be significant. Computers often make up a material percentage of an organizations asset base and thus require accurate reporting. The Gramm-Leach-Bliley (GLB) Act is another regulation to ensure customer records are protected in the financial sector. Likewise, the Health Insurance Portability and accountability Act (HIPAA) established federal privacy standards to protect the confidentiality of medical records and health information. If organizations do not effectively track all of their computing assets there could be severe regulatory concerns.
For an asset tracking and/or configuration management application to undertake its tracking function, it should be able to resist certain level of tampering by a user. In the context of asset tracking, typically, an authorized user is a person responsible for some aspect of the life-cycle management of the computer. In this context, the tracking agent should be able to protect the authorized user from the accidental removal of the software agent, while allowing the legitimate need to disable the agent (for example at end of life of the computer asset). An unauthorized user is a person who wishes to remove the agent software, but who is typically not responsible for the life-cycle management of the computer. A reason for a deliberate, unauthorized attempt to remove the agent would include actions of a thief or potential thief who wishes to ensure that any tracking software is permanently removed. An attempt of un-authorized yet accidental removal would include someone's successful or unsuccessful attempt to install a new operating system, or re-image the hard drive, for example.
Attempts to track, manage and update PC assets and their configurations are further challenged in view of the fact that during a PC's lifecycle it will undergo many hardware, software and image changes including: break/fix repairs, configuration changes, operating system reinstalls, hard-drive reformats/replacements, system crashes and user-driven configuration changes. Many of these changes will require a reinstallation of the operating system whereby the original footprint, identification or tracking agent of the PC asset can be disabled or removed. This change, if not diligently recorded and tracked, is the beginning of a PC asset drifting from a known state into an unknown state. These routine PC life cycle operating requirements can increase the complexity and challenge of tracking PC assets, especially those that are remote and mobile.
Heretofore, existing asset tracking applications are deficient in the Windows NT/2000/XP environment to the extent that they do not display the features necessary to achieve the required persistence against tampering by unauthorized users. These tracking applications are generally easily defeated by the unauthorized or accidental user actions referred above, or other simple acts such as deletion of registry settings or deletion of application files.
Absolute Software Corporation, the assignee of the present invention, has developed and is marketing Computrace, a product and service that securely tracks assets and recovers lost and stolen assets, and AbsoluteTrack, a secure asset tracking, and inventory management, solution powered by the Computrace technology platform. Computrace deploys a stealth agent, which is a software client that resides on the hard drive of host computers. Once installed, the agent automatically contacts a monitoring center on a regular basis transmitting location information and all auto-discovered asset data points. Ongoing communication between the agent and the monitoring center requires no user intervention and is maintained via an Internet or phone connection. As long as the computer is turned on and has either a connection to a telephone line or access to the Internet (through an ISP or through a company network), the Computrace agent will be able to report asset data to the monitoring center. The user intervention-free communication between the agent and a monitoring center ensures the authorized user of the agent to have secure access to up-to-date location information and comprehensive asset data about their entire computer inventory. Whether used stand-alone, or as a complement to an existing asset management tool, AbsoluteTrack has been a cost-effective application service for helping businesses of all sizes monitor remote, mobile and desktop computers and perform daily hardware and software inventory tracking functions. Computrace has been an effective tool to track theft of mobile computers, and to recovery of stolen mobile computers.
The technology underlying various Computrace products and services have been disclosed and patented in the U.S. and other countries, which patents had been commonly assigned to Absolute Software Corporations. See, for example, U.S. Pat. Nos. 5,715,174; 5,764,892; 5,802,280; 6,244,758; 6,269,392; 6,300,863; and 6,507,914; and related foreign patents. Further information concerning AbsoluteTrack has been published by Absolute Software Corporation (e.g., AbsoluteTrack—Secure Computer Asset Tracking Solution, a white paper, published Apr. 25, 2003).
The agent software that is deployed on each protected device is stealthy, making it resistant to detection by the user of the computer. The level of tamper-resistance directly impacts the difficulty of detection and level of skill required to defeat the Computrace service. While the software-only Computrace agent is as tamper-resistant as a disk-based utility can be, it would be desirable to develop an improved agent that provide additional level of tamper-resistance, and further enable, support and/or provides services beyond asset tracking and recovery.