A way to easily bypass Prey's lock.

668 views
Skip to first unread message

Maksim Tretiakov

unread,
Dec 2, 2011, 1:51:19 PM12/2/11
to prey-s...@googlegroups.com
Just wanted to test it. Locked my notebook in Prey Control Panel. After 10 minutes from Guest account (by the way, why it takes so long? It's enough time reinstall OS from DVD) - After screen is locked - press Ctrl+Alt+Delete, then log Off, then Log on again in a guest account - you have again 10 minutes to reinstall the system. Asked my stupid friend to bypass this. First what she did - pressed same keystroke. So You should find better lock algorithm for screen which is not so easily bypassed.

Drew Reece

unread,
Dec 2, 2011, 2:22:59 PM12/2/11
to prey-s...@googlegroups.com
It takes so long because Prey asks the server for it's instructions on a schedule. You can upgrade to Pro to get a 2 minute timescale. Once the lock instruction is picked up it will re-lock on every Prey run without a network connection.

Bear in mind if Prey can't get a network connection it won't get the initial lock instructions & will be wide open.
Prey's lock is a backup plan, not a foolproof method of securing a system.

You would be wise to set a password on your admin & user accounts, also turn off auto login. A guest account should be fine for a thief to use. Using a screensaver password will help in the event of a laptop being taken whilst logged in & you won't be relying on Prey getting the instructions.

Can a user run the Windows installer from a guest account without an admin password? Seems more like a flaw in Windows if that is possible. You can also apply a BIOS password if you want to limit the ability of thieves to erase the system by booting external devices.

Drew
On 2 Dec 2011, at 18:51, Maksim Tretiakov wrote:
Just wanted to test it. Locked my notebook in Prey Control Panel. After 10 minutes from Guest account (by the way, why it takes so long? It's enough time reinstall OS from DVD) - After screen is locked - press Ctrl+Alt+Delete, then log Off, then Log on again in a guest account - you have again 10 minutes to reinstall the system. Asked my stupid friend to bypass this. First what she did - pressed same keystroke. So You should find better lock algorithm for screen which is not so easily bypassed.

--
------------
Want to help translating Prey to your language?
Write us: transl...@preyproject.com
------------
You received this message because you are subscribed to the Google
Groups "Prey" group.
To post to this group, send email to prey-s...@googlegroups.com
To unsubscribe from this group, send email to
prey-securit...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/prey-security?hl=en_US?hl=en

Javier Domingo

unread,
Dec 2, 2011, 2:21:29 PM12/2/11
to prey-s...@googlegroups.com

Sure, but take into account that prey is a program which depends on the commands from the shell that the OS provides. The best way would be to create in linux for example a linux kernel module, etc. But that is not portable. In windows, you could do some drivers, and in lion I really don't know.

I think its a stupid idea if you are trying to have your computer back, to warn the thief about a software that will make him difficult to use your system. Anything that discourages the thief from using the system is bad.
Prey depends on booting that system for working.
If I steal a computer, and in the remote case I don't format it directly, I would try to use it. If something makes difficult to use it, or the word prey appears anywhere, just a search in google and done. I format it.

El 02/12/2011 20:02, "Maksim Tretiakov" <maksimt...@gmail.com> escribió:
Just wanted to test it. Locked my notebook in Prey Control Panel. After 10 minutes from Guest account (by the way, why it takes so long? It's enough time reinstall OS from DVD) - After screen is locked - press Ctrl+Alt+Delete, then log Off, then Log on again in a guest account - you have again 10 minutes to reinstall the system. Asked my stupid friend to bypass this. First what she did - pressed same keystroke. So You should find better lock algorithm for screen which is not so easily bypassed.

--

Drew Reece

unread,
Dec 2, 2011, 2:37:35 PM12/2/11
to prey-s...@googlegroups.com
On 2 Dec 2011, at 19:21, Javier Domingo wrote:

Sure, but take into account that prey is a program which depends on the commands from the shell that the OS provides. The best way would be to create in linux for example a linux kernel module, etc. But that is not portable. In windows, you could do some drivers, and in lion I really don't know.

On Lion it may be (it worked on <10.6)…
sudo killall loginwindow
It will boot all users out to the login window, it's not graceful but it is the 'native way' of dealing with this type of locking. I'd prefer this to the lock.app since it may stop users doing a search & opening the prey-lock.exe with disastrous consequences :)

I agree with you about relying on the lock, it may cause more panic than real security.

Drew
Reply all
Reply to author
Forward
0 new messages