Monday, January 28, 2008

PCPhoneHome Not Recommended

Update 2009 Sep 28: Do It Yourself PC Phone Home

What if I left my laptop in the car for a moment, and someone ripped it off? or, perish the thought, someone broke in and took my nice new computer? It happens all the time, especially in the corporate and public sectors, but certainly it happens to private individuals too. One in 14 laptops is stolen, say some experts.

But what if that stolen laptop or computer was powered up by the thief, then connected to the internet, and it sent an email back to the original owner describing where it was? And what if "someone" could then tell the police the name and address of the thief?

That's what PCPhoneHome is supposed to do. It costs $30, a modest one-time charge. There is a Windows version and a Mac version. You install it on the hard drive of the computer, and whenever the computer gets a new internet connection it sends an email to any email address that you specify. This happens regularly, day after day, and unless the computer is stolen it's of little use except to let you know that it is still working. But if the computer is stolen, that email contains vital information including the IP address of the computer on its local network, if any, and especially the IP address of the mail server from which the email is actually sent. That IP address can be traced back to the user who was connected to the mail server at that time.
PcPhoneHome Registration Screen
Brigadoon software, the makers of PCPhoneHome, promise to help with the task of tracing the computer and contacting the police with that information. So, for the price of $30, you are buying an insurance policy that may get your computer back, assuming that Brigadoon will actually answer their telephone and trace the PC, and that the police will take the time to retrieve the PC.

I downloaded three trial copies:

Laptop running Windows XP:

Version 3.0 is the "standard" version set up for a 30-day trial. It doesn't say that it works on Vista, but it does on XP. It installed with no problems, I filled out the form with details of my laptop computer (make, model, serial#, more...) and it immediately sent its first email to the address that I specified in the form. The laptop was connected by WiFi, and when I connected it directly to the LAN it sent another email. In fact, it sends TWO emails every time, with a slightly different FROM address, for some reason. No problem. So far, after three days, it works just fine.

New home-built desktop running Vista Ultimate 64-Bit:

I knew that Version 3.0 was not recommended for Vista, even though that was the standard trial download from Brigadoon Software. So I downloaded a 3.2 "upgrade" version and tried installing that, with a subsequent comedy of errors:
  • First, the installation program failed to run because, according to Windows, I did not have sufficient privileges to run it even though I was logged on as administrator;
  • So I clicked on the installation program's Properties, then Compatibility, and selected "Run as Administrator;"
  • Then the installation program went a lot farther, but eventually reported a different error;
  • It continued past that error and put up the "registration" screen which takes data to be included in the email that PCPhoneHome sends, but because of the reported error I didn't bother to fill out the screen;
  • Nevertheless, the installer said the installation was successful, though I knew better;
  • I uninstalled it (still possible until reboot), and tried again;
  • Same results, so I rebooted;
  • PCPhoneHome disappeared from the list in Programs and Features - it could no longer be uninstalled. This is a security feature built into PCPhoneHome;
  • So I "reverted" the drive to the most recent restore point, deleted one leftover executable, and started over;
  • This time, surprisingly, the installation went well. I filled out the "registration" screen and allowed it to reboot the computer.
  • After logon, Windows alerted me that an "unknown" program XYZ (I won't disclose the name here) wanted to run and asked me if that was OK;
  • I said yes. Pretty soon I received the two emails. Yay!;
  • Sadly, though, upon each succesive reboot, Windows continues to ask whether program XYZ can run;
  • I have modified "User Account Control" (UAC) in Windows Vista so that this no longer occurs, but of course this modification is unacceptable for the long term. UAC is a pain in the ass, but it has a purpose and should be turned ON for day-to-day activities.
  • I requested a technical service response by email on January 25, but so far have not received any.
Friend's laptop running Vista Home Edition 32-Bit:

Wow I'm SO SORRY that I tried PCPhoneHome on this computer. I tried downloading the official trial version and installing that first, as most users would do. Of course it didn't work, because that version is not for Vista, so then I downloaded the upgrade and tried to install that on top of the first install. The resulting comedy of errors totally eclipsed anything that I had encountered with the desktop installation, and it still doesn't work. I have installed a lot of software on many different machines, but this takes the cake. I have requested a technical service response by telephone and by email, but so far have not received any.

Bottom line: I DO NOT RECOMMEND PCPhoneHome FOR VISTA.

In my opinion, it works fine on XP but is not ready for Vista yet. It phones home on only one of my two Vista installations. There is a workaround for the XYZ "unknown program" prompt at bootup, but that workaround simply trades one security risk for another. Brigadoon Software must fix that problem somehow, perhaps by getting valid "digital signatures" for their software.

Perhaps this is all my fault for installing it on both Vista systems incorrectly. But I don't think so; I suspect anyone running Vista with UAC turned on will experience similar problems. If true, that's an astounding failure, since:
  • The most-easily-stolen computers are laptops;
  • Almost all laptops sold in the last YEAR run Vista;
  • UAC is turned on by default in all new Vista systems;
  • Brigadoon Software had months BEFORE THAT to prepare for Vista; so
  • They are about two years behind the curve and falling further behind daily.
It's as if Brigadoon is a one- or two-person shop, too busy to take the time and do the testing necessary to make their product really install and run correctly. What happens then, I know from experience, is that you spend so much time dealing with tech service questions that you have no time to fix the product. Meanwhile you are selling more of the junky product and compounding your problems. I'm only speculating here though ...

Other Issues:
  1. If your computer is stolen and does phone home, will Brigadoon Software actually answer their telephone and trace an email for you? When I called their telephone number this afternoon during regular business hours, I got an answering machine and no callback today. This is not what you want, because the computer may soon evaporate into the black market and never call home again. I see other remarks on the internet which indicate that this is a real question. I will update this post and add a new post when/if I hear from them regarding my pre-sales technical service problems.
  2. One very good thing: My computers are set up to require a password for my own logon, to prevent access to my account through the network, and also through the keyboard if the computer were to be stolen. On both the XP and the Vista desktop system, if I booted up and did NOT log on, the computer sent the email anyway. Thus if a thief were sitting at the keyboard trying various passwords, and made the mistake of connecting the computer to the internet first, the email would be on its way.
  3. But what if the thief didn't connect to the internet before logging on? In another part of the FAQ document, Brigadoon goes into great detail to show how to set up a computer so that it will boot up with one account which does NOT have a password. They don't spell out WHY we should do that, because it obviously reduces the system's security. But I suppose if I were the thief, I might try each of the usernames on the logon screen, looking for one with no password. If found, I might start with that account, and might even use that account to connect to the internet. Obviously, that account should not have administrator privileges!
  4. Brigadoon makes another good point in their FAQ document: It's important to set up a password to the BIOS of a computer, and then set the BIOS to boot first from hard disk, not floppy or CD/DVD or memory stick. This prevents a thief from using an alternate boot to simply reformat the disk and install a new operating system, thereby obliterating the PCPhoneHome program. In case YOU have a problem with the hard disk, you simply enter the password and change the BIOS back to allow boot from alternate devices. Of course the thief can still remove the hard drive and reformat it some other way, but that's more work and by then the computer may already have phoned home.

9 comments:

selloutboy said...

Did you get an answer back from Brigadoon? The reason I question this seemingly amazing software is the fact that everything on their website is updated through 2005. Thanks in advance for sharing your findings!

Don said...

As of Feb 15, no response of any kind from Brigadoon Software.

SolarBuddy said...

I loved this product until I had to reinstall after a hard-drive update. It has been impossible to get in contact with these people! I'm looking for an alternative.

Alan Jones said...

I live in Australia and have this product on my laptop and home computer. I had some problems with the installation and contacted Trace Technologies, who sold me the products. They replied to me promptly and gave me all of the answers. Overallthe product and the support have been great

Don said...

I should have bought it from Australia! The USA company doesn't seem to exist any more.

hayhaypaula said...

I am planning to fdisk and reinstall Win XP on my home-built system. I contacted Brigadoon last week, asking them for a personalized uninstall utility, and have not heard back from them. My antivirus alerted to one of the executables, warning it was a trojan. I ignored that back in 7/07 when I first installed this Security Program, because I figured it was the nature of the PC Phone Home program to run stealth mode. I became concerned earlier today because I had not heard back from Brigadoon with a removal utility. Of course they should have responded right away when a customer needs to remove the program. I searched this evening for "complaints" and found that the man behind the Brigadoon company has many Grand Jury Indictments, and is infamous as a con artist. Included on one site's disclosure of his history, was reference to the PC Phone Home program, which is alleged to give the con artist key stroke logging access to our systems. I intend to do a high-level format to that hard drive, and pray that traces of his program have not imbedded in any of my backups!

hayhaypaula said...

I forgot to mention that after installation back in 2007, I did NOT RECEIVE ANY emails from Brigadoon. This concerned me, and I contacted them. They did something to correct it, and I received emails for about a month. Those emails stopped in September 2007 and I have not received a single one since (checked that account last week and still nothing). This concerns me since the program is supposed to send one each time the computer is connected to the internet. What good is it if it doesn't send the email - ergo it never advises me thru an email of the current IP location of the computer! I have not made any substantial changes to my security software since installation of PC Phone Home. There is no reason I can imagine for why it stopped sending emails!

When I searched for "brigadoon pc phone home complaints" I found a site with information about Frank Jones, the founder of Brigadoon, who is alleged to be quite the con man. This information is located at: http://www.attrition.org/errata/charlatan/jones/

I also discovered that McAfee, one of the leading anti virus producers, has published a lengthy page on this program, including an itemized list of registry key changes made by the program, and a list of the executables installed with the program. The info is at http://www.siteadvisor.com/sites/securitykit.com/downloads/13537491/\

I went to the pc phone home site a few minutes ago, and noticed that they have a different 'contact' email address. It used to be "tech@brigadoonsoftware.com" and now it is "support@brigadoonsoftware.com". I just emailed them to request the uninstall utility, that they claim is necessary to remove the program from my system.

In my recent endeavors, it has occurred to me that if their program embeds itself in word documents, etc., then their removal utility will be useless. Of course, I will install my anti-virus, etc. first thing after f-disking and reinstalling Win XP. Hope it will go smoothly! Not sure I will reinstall the PC Phone Home program though!

Paula

Don said...

I posted a do-it-yourself PC Phone Home here.

Don

Helen Neely said...

I thought it was a nice piece of software after a friend recommended it. But having seen your review here, I guess I should look elsewhere because I'm on Vista.