Open Source Netbook Protection: Adeona

Wednesday May 13th 2009 by A. Lizard
Share:

Adeona gets a lot of credit as a top open source laptop/netbook protection app, yet some say it doesn't work as well as intended.

Adeona has been widely touted (194K hits at google) as the Open Source solution to protecting your laptop or netbook.

It is intended to send a tracking signal from your computer to a server network. The tracking information is encrypted with a key generated during installation to protect user privacy. If your computer disappears, use the retrieval software bundled with the program to query the server network and hopefully, retrieve the IP address where your computer is connected to the Internet, and information on nearby routers. The OS X version allows photographs taken from the computer's webcam to be retrieved. Hopefully, the retrieved information will make it possible for law enforcement to retrieve your computer. But as good as this sounds Adeona has some roadblocks; if you're in a hurry, skip ahead to the bad news section. You must install Adeona on both netbook/laptop and on whatever machine you plan to retrieve the tracking information from. Retrieval of information about laptop location requires a retrieval key from the netbook/laptop which is generated during the installation of Adeona.

You can download Adeona from here. Dependencies:
  1. OpenSSL
  2. traceroute
  3. cron
  4. iwconfig [optional]

Of these commands, cron and iwconfig are most likely to be already installed in a default Ubuntu laptop or netbook installation. In Debian/Ubuntu, OpenSSL means the default install plus the development tool package libssl-dev. Iwconfig is part of the wireless-tools package.

So . . .

# aptitude install cron wireless-tools openssl libssl-dev traceroute cron

Since aptitude won't install a package if is already installed, it's safe to use the above command line even if two or more of these packages are already installed. In my Ubuntu netbook installation, traceroute and libssl-dev were the only things actually installed.

Then, do the usual build-from-source:
cd to whatever directory the Adeona tarball is installed to

# tar -xvf adeona*
# cd adeona
# ./configure
# make install

type “y” “to the do you want to install ?” question

When the crontab entry which will make sure Adeona runs on startup appears, copy and paste it from the terminal to a text editor because you'll need it later.

# crontab -e

Pick nano from your editor choice (unless you really like something else better)

Paste the crontab line entry generated by Adeona into the crontab file.

Once you are done, transfer a copy of your key to whichever computer you expect to use for finding your netbook, and install a copy of Adeona for whatever supported OS you run on it. Don't worry about the crontab file on the retrieval machine unless it's a laptop/netbook you also want Adeona to protect, otherwise there's no particular reason to send location updates.

I simply attached the adeona-retrievecredentials.ost encryption key to an e-mail and sent it to my desktop, otherwise, transport it via flash drive, ftp, or whatever's convenient to a place where you can find it when you need it. It won't do you any good if it's on your netbook and the netbook is stolen.

Retrieval:

To find your netbook if stolen, you must retrieve the location information for your netbook from the OpenDHT database. To do this, you must have Adeona installed to whatever computer you want to use to track your laptop. Any Adeona installation will work, whether on Linux, OSX, or Windows.

This assumes the default Linux installation, if your files are somewhere else, modify the following retrieval command accordingly. The following command is a single line regardless of how this web page inserts page breaks:

# /usr/local/adeona/adeona-retrieve.exe -r /usr/local/adeona/resources -l /usr/local/adeona/resources/logs -s /path-to/adeona-retrievecredentials.ost -n 1

-r = resource directory (configuration files)
-l = output log directory
-s = location of adeona-retrievecredentials.ost file.
-n = number of updates to collect

After going to all this trouble, Adeona does not work as intended. You can not rely on it to send position information from your laptop or netbook to whatever machine you were hoping to monitor it from at this time.

There have been reports all over the Net that properly set up copies of Adeona do not retrieve data from the OpenDHT database with a failure like:
---error message

Searching for most recent 1 update(s) in time period [ 04/02/2009,16:48 (PDT) - NOW ]

Connecting to remote storage server...
Trying server 1...please be patient
Succesfully connected to remote storage server

Checking update scheduled on 04/04/2009,15:48 (PDT)
Update replica 0 not available
Update replica 1 not available

Checking update scheduled on 04/04/2009,15:33 (PDT)
Update replica 0 not available
Update replica 1 not available

Checking update scheduled on 04/04/2009,15:12 (PDT)
Update replica 0 not available
Update replica 1 not available

Checking update scheduled on 04/04/2009,14:51 (PDT)
Update replica 0 not available
Update replica 1 not available
. . .
--------end error message

The connection works about half the time. That would actually be good enough if any information could be retrieved. Unfortunately, of the dozens of times I've tried Adeona data retrieval, successful retrieval is decidedly unusual.

Since you're unlikely to see one in real life until after the Adeona fix is delivered, here's the important part of what a successful retrieval looks like.

Checking update scheduled on 04/03/2009,05:03 (PDT)
Update replica 0 not available
Succesfully retrieved update replica 1
===============================
Retrieved location information:
update time: 04/03/2009,05:03 (PDT)
internal ip: 192.168.200.201
external ip: 86.1.2.3
access point: accesspoint
Nearby routers:
no routers found>


Basically, Adeona sends out retrieval information to the OpenDHT server network several times an hour, and on 4/03 , the netbook had been plugged into the net for several hours. There should have been dozens of position updates, not a couple over days.

I tried this a day later, and the 4/03/2009,05:03 (PDT) location information that was visible the day before for mysteriously disappeared. I tried it again, and it reappeared.

Even if Adeona is ever made to work consistently, there's a conceptual problem with it. If the thief can't log on, just how is software that works after the computer has finished booting going to work? While putting a post-it on the computer with a UID and PW on it would work, it's bad security. Though you could create a guest account with very limited functionality which would have no access to your personal /home tree and leave that as a post-it next to the trackpad. and make sure that your browser password file is inaccessible to unauthorized people.

There is good news about Adeona's current lack of functionality as a program.

I managed to contact the development team, and I was informed that they would try (subject to the usual potential development problems) to get a working version of Adeona out some time in July 2009.

All I can say is that if you do want to use Adeona for security rather than research, check the site, when there is no disclaimer based on an OpenDHT problem, the fixed version is probably ready to go. Or check the Adeona user forum available from the site.

  1. Make sure there is no access to anything you'd like to keep confidential in your computer for a potential thief, including passwords stored in your browser, especially to things like online banking and the web access to your personal/business e-mail. Most browsers support a master password for stored password access. This confines your potential loss to the cost of the hardware itself. Remember that remote access to your desktop means you don't need to keep confidential documents on your computer. If data is not on your machine, you don't have to worry about who gets it along with your computer whether your computer got confiscated by Customs on a border crossing or stolen from your hotel room.
  2. If you've got remote control software on your laptop that accesses your home or work computer, be sure this is as secure as you can make it. Cheap insurance is to call home and have your remote PC unplugged, then first chance you get change the password and encryption key.
Physical security:
  1. Don't let your laptop out of your sight if you can possibly avoid it.
  2. Use the locking slot with a good quality lock/cable; but only when you can't put it in a locked compartment that is big enough that it can't be removed casually. (a hotel safe, for instance) And remember that this is really good only for keeping honest people honest, if one doesn't care whether the laptop is intact afterwards, breaking off a chunk of the case to take it is easy enough.
  3. Register your laptop with JustStolen.net so if it's ever recovered, you might actually get it back.
  4. Consider getting a Stop Tag. This puts a label with your name and address on the computer, if the label is removed, the word STOLEN gets etched into the computer case.
  5. Get a laptop insurance policy.

Conclusion:

What direction should Adeona development take?

The disclaimer on the Adeona site with respect to Adeona operation needs to be changed to something on the order of "Adeona is extremely unreliable at this time, a revision is in progress, we are hoping to have this working sometime in July 2009" . Remember, this is security software, so people *need* to know that it can't be depended on at this time and that the problem is the software, not improper installation.

Article courtesy of Linux Planet.

Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved