SPECIAL REPORT
Better Keep That Laptop Within Reach

It could happen in an airport, when you walk from a seat in the waiting area to a newsstand. Or it could happen when you park your car in front of a client's office and rush in to pick up a needed report. Or it might happen when you walk across the room in the local coffee shop to grab cream for your latte. When you return, you make a startling revelation: Your laptop computer is gone.

Unfortunately, such scenarios have become quite common. "As laptop use has increased during the past few years, so have the opportunities available to criminals to steal the devices," said Alan Promisel, research analyst at market research firm International Data Corp. (IDC).

Two reasons motivate the criminals. The most obvious is the desire to sell the device to a third party and then pocket the loot. In other instances, the motivation is access to the data stored in the laptop, which can be sensitive and confidential. In fact, laptops were stolen from the U.S. State Department as well as from the chief executive officer at Qualcomm (Nasdaq: QCOM).

The high profile nature of such thefts has made laptop security a major concern for many corporations. "Companies are recognizing that they need to protect the data on their employees' laptops often even more than the systems themselves," noted Pete Lindstrom, research director at Spire Security, a Malvern, Pennsylvania, consulting company.

Choices for Protection

Corporations have a wide -- and ever growing -- array of choices to protect their systems. Vendors sell products that physically secure the devices, include software that sends out secret notifications about devices' locations, or feature biometrics measurements (fingerprints, retina scans) so only certified users work with the systems.

Physical security is the easiest technique to understand and a common one used. Products from firms like Anchor Pad International, Computer Security Products, Kryptonite, PC Guardian and Targus tie a notebook to an object, say a desk or a car seat, so a thief can't quickly abscond with it.

These devices, which cost about $40 to $50, attach to a security slot provided on most notebooks and lock it to a stationary object. If a laptop does not contain a security slot or a desk does not provide a location for suitable anchorage, special adhesive pads containing anchorage slots are available from manufacturers.

Alarms systems act as either a deterrent or an aid in the recovery of a system. These products often include a sensor that detects movement and sounds an alert for the owner.

Intuit's (Nasdaq: INTU) TrackIT security product consists of two units: one designed to be contained in the laptop case, the other carried by the owner.

A series of RF transmissions between the two devices act as the system's sensor. Should the units become separated beyond a predetermined distance (as would occur when the case is stolen), an alarm sounds both in the case and in the unit carried by the owner.

New Technology

Security systems are emerging that rely on the Internet to notify users of a stolen system's location.

Similar to the LoJack vehicle retrieval system, these products consist of specialized "stealth" software loaded into the laptop and a monitoring service. Residing in an undetectable file on the hard drive, the stealth software detects the presence of a telephone line and periodically dials an 800 number to report its position. Once it reaches the monitoring service, the missing computer identifies its location, information generally sufficient to provide probable cause for a search warrant and lead to recovery of the system.

Absolute Software receives calls at the monitoring center where the application running in the laptop is automatically updated with a new date and time to make the next call. Should the machine be reported stolen, the system will be programmed to increase the time between calls, thus providing a more accurate picture of the location.

Cyberangel Security Solutions Cyber Angel offers both a theft retrieval service as well as a monitoring service that advises a user immediately (via fax or e-mail) of any unauthorized attempts to access a computer. After the alert, the program locks the modem port to prevent access to the corporate LAN, Internet or other remote operation, and an optional software module can also lock out the keyboard and mouse.

Getting It Back

Recovery is an issue with these systems. The victim has to convince the local police department to help find the system -- a process that may be simple in some cases and difficult in others.

Also users have to be patient: the average recovery takes about three months.

Biometrics systems check fingerprints, listen to users speak or scan their eyes before providing access to data.

Although there are a handful of biometrics techniques, the process of capturing, extracting a person's characteristics, storing and matching them is similar. An individual presents his biometrics data (fingerprint, voice) to a capture device, which collects the personal information and forwards it to a software algorithm that extracts each person's unique characteristics and creates an identifier.

Identifiers are then stored centrally so users can log into any reading device on a corporate network. Whenever the employee wants to access data, he presents the identifier, and if it matches, he gains access to information.

Fingerprint Biometrics

Biometrics products are becoming popular.

"Increasingly laptop vendors are incorporating fingerprinting biometrics -- which has dropped in price -- into their systems," Spire Security's Lindstrom told TechNewsWorld.

Sony (NYSE: SNE) Electronics bundles webcams to verify user identity in its laptops. The camera kits include Keyware's biometric screensaver, protecting laptops and preventing unauthorized transfer of information.

The webcam scans a user's unique face geometry, a microphone cross checks the reading with a spoken password, and Keyware's technology verifies that the person accessing the information is who they say they are.

Bundling may eventually be the way that these extra security measures will be included in laptop systems.

"Corporations are becoming more aware of the need for additional laptop security measures, but they do not want to be burdened with installing and maintaining the add-on products," IDC's Promisel told TechNewsWorld.

"As the additional measures become inexpensive, it will become simpler for laptop vendors to incorporate them into their products," he said.