PC Phone Home (Do It Yourself)

Some time ago I downloaded an evaluation copy of the for-sale PC Phone Home, and reviewed it here and here. I did not recommend PCPhoneHome in that review, and some of the comments left by readers are quite interesting too. Bottom line - at that time it seemed to be mostly a scam, because even if it did work there was no way to get a response from the company if your computer was stolen. Your results may vary.

I had never done anything with Windows scripts, but I studied up a little, and it turns out that you can fairly easily create a pc-phone-home batch file to be executed by the Task Scheduler at system startup. This batch file can automatically send you an email describing the computer, time of day, IP address, and whatever else you wish to add. No changes to the registry (except those made by the Task Scheduler), no secret code, no risk of a trojan in the system, everything is done with standard Windows command-line commands plus one well-proven, free, open-source SMTP mail sending program called BLAT. The same batch file runs on Windows Vista Ultimate, Vista Home Premium, XP Professional, and XP Home Edition, probably all Vista and XP systems, and even Windows 7, though testing is not complete on Win 7. It will not work on earlier Windows systems, and has only been tested on XP and Vista systems that are fully up to date, SP3 and SP2 respectively.

On my computer, the batch file is called BootMail.cmd. Its weakness is that it may be easier for a thief to find and uninstall BootMail than PCPhoneHome. But that would require a knowledgable computer thief, which may be an oxymoron. And there are things that you can do, like hiding the BootMail.cmd file somewhere in the operating system and renaming it something innocuous like GoogleHelper.cmd. In addition, if there is no network found at bootup, it will not lurk in the background waiting for one to show up. I may add that someday.

Previous experience with Windows scripts and with the Task Scheduler might be helpful to a person installing this software, but they are probably not required. I got by somehow, and you may be able to make some simple modofications and otherwise use the example code exactly as is.

BootMail is designed to phone home at system start, but it could easily be modified to run on different triggers, such as the network coming back up, or a disk error, or any other event that is logged by Windows. There are lots of those, especially in Vista and Windows 7. Of course a user knowledgable in windows commands can also modify the information that it displays. Click here for an example of the email message that it sends.

To make it work:

• Copy the code from this page into a file with a .cmd type extension, e.g. bootmail.cmd. Modify it for appropriate email addresses and user names. See code comments.
• Download the small BLAT program from www.blat.net and put the executables where Windows will find them. See code comments.
• Use the Task Scheduler to set up bootmail.cmd to run at system startup. See code comments.
• Set debug=TRUE at first, until you get it working.

The code looks big, but it's mostly documentation (every line beginning with ::). If you prefer not to do the screen copy, you can download both the code and the example email text in a zipped file here. The files are very small.

What I DON'T know is what to do if a computer is stolen and I do get an email. There is enough information in the email to pinpoint the exact IP address from which it was mailed, but how does a person proceed with that? I guess I'd call my local police, or perhaps better yet the cops at the address where the IP address is owned, as determined by WHOIS. Will the police even care about one stolen computer? Anyone have a better idea?

PCPhoneHome Does Not Call Back

Update 2009 Sep 28: Do It Yourself PC Phone Home

Update: I left three separate tech service requests with Brigadoon Software, the makers of PCPhoneHome, two by email and one by telephone. The most-recent of those, the phone call, was five days ago and the oldest was more than a week ago. I have received no response yet.

It's my current opinion that PCPhoneHome is an orphan - nobody home at Brigadoon Software. So what if my PC was stolen and it did phone home? I seriously doubt I would get any help tracing it. Apparently it's still possible to order the product, but I won't!

Now the problem is that it's still phoning home, from my home, every day at least twice. Brigadoon's documentation implies that it is nearly impossible to uninstall it without their help, and they don't call back. Since PCPhoneHome puts other "hooks" into the operating system, I think I will try to uninstall it anyway before the trial period expires.

PCPhoneHome Not Recommended

Update 2009 Sep 28: Do It Yourself PC Phone Home

What if I left my laptop in the car for a moment, and someone ripped it off? or, perish the thought, someone broke in and took my nice new computer? It happens all the time, especially in the corporate and public sectors, but certainly it happens to private individuals too. One in 14 laptops is stolen, say some experts.

But what if that stolen laptop or computer was powered up by the thief, then connected to the internet, and it sent an email back to the original owner describing where it was? And what if "someone" could then tell the police the name and address of the thief?

That's what PCPhoneHome is supposed to do. It costs $30, a modest one-time charge. There is a Windows version and a Mac version. You install it on the hard drive of the computer, and whenever the computer gets a new internet connection it sends an email to any email address that you specify. This happens regularly, day after day, and unless the computer is stolen it's of little use except to let you know that it is still working. But if the computer is stolen, that email contains vital information including the IP address of the computer on its local network, if any, and especially the IP address of the mail server from which the email is actually sent. That IP address can be traced back to the user who was connected to the mail server at that time.

Brigadoon software, the makers of PCPhoneHome, promise to help with the task of tracing the computer and contacting the police with that information. So, for the price of $30, you are buying an insurance policy that may get your computer back, assuming that Brigadoon will actually answer their telephone and trace the PC, and that the police will take the time to retrieve the PC.

I downloaded three trial copies:

Laptop running Windows XP:

Version 3.0 is the "standard" version set up for a 30-day trial. It doesn't say that it works on Vista, but it does on XP. It installed with no problems, I filled out the form with details of my laptop computer (make, model, serial#, more...) and it immediately sent its first email to the address that I specified in the form. The laptop was connected by WiFi, and when I connected it directly to the LAN it sent another email. In fact, it sends TWO emails every time, with a slightly different FROM address, for some reason. No problem. So far, after three days, it works just fine.

New home-built desktop running Vista Ultimate 64-Bit:

I knew that Version 3.0 was not recommended for Vista, even though that was the standard trial download from Brigadoon Software. So I downloaded a 3.2 "upgrade" version and tried installing that, with a subsequent comedy of errors:

• First, the installation program failed to run because, according to Windows, I did not have sufficient privileges to run it even though I was logged on as administrator;
• So I clicked on the installation program's Properties, then Compatibility, and selected "Run as Administrator;"
• Then the installation program went a lot farther, but eventually reported a different error;
• It continued past that error and put up the "registration" screen which takes data to be included in the email that PCPhoneHome sends, but because of the reported error I didn't bother to fill out the screen;
• Nevertheless, the installer said the installation was successful, though I knew better;
• I uninstalled it (still possible until reboot), and tried again;
• Same results, so I rebooted;
• PCPhoneHome disappeared from the list in Programs and Features - it could no longer be uninstalled. This is a security feature built into PCPhoneHome;
• So I "reverted" the drive to the most recent restore point, deleted one leftover executable, and started over;
• This time, surprisingly, the installation went well. I filled out the "registration" screen and allowed it to reboot the computer.
• After logon, Windows alerted me that an "unknown" program XYZ (I won't disclose the name here) wanted to run and asked me if that was OK;
• I said yes. Pretty soon I received the two emails. Yay!;
• Sadly, though, upon each succesive reboot, Windows continues to ask whether program XYZ can run;
• I have modified "User Account Control" (UAC) in Windows Vista so that this no longer occurs, but of course this modification is unacceptable for the long term. UAC is a pain in the ass, but it has a purpose and should be turned ON for day-to-day activities.
• I requested a technical service response by email on January 25, but so far have not received any.

Friend's laptop running Vista Home Edition 32-Bit:

Wow I'm SO SORRY that I tried PCPhoneHome on this computer. I tried downloading the official trial version and installing that first, as most users would do. Of course it didn't work, because that version is not for Vista, so then I downloaded the upgrade and tried to install that on top of the first install. The resulting comedy of errors totally eclipsed anything that I had encountered with the desktop installation, and it still doesn't work. I have installed a lot of software on many different machines, but this takes the cake. I have requested a technical service response by telephone and by email, but so far have not received any.

Bottom line: I DO NOT RECOMMEND PCPhoneHome FOR VISTA.

In my opinion, it works fine on XP but is not ready for Vista yet. It phones home on only one of my two Vista installations. There is a workaround for the XYZ "unknown program" prompt at bootup, but that workaround simply trades one security risk for another. Brigadoon Software must fix that problem somehow, perhaps by getting valid "digital signatures" for their software.

Perhaps this is all my fault for installing it on both Vista systems incorrectly. But I don't think so; I suspect anyone running Vista with UAC turned on will experience similar problems. If true, that's an astounding failure, since:

• The most-easily-stolen computers are laptops;
• Almost all laptops sold in the last YEAR run Vista;
• UAC is turned on by default in all new Vista systems;
• Brigadoon Software had months BEFORE THAT to prepare for Vista; so
• They are about two years behind the curve and falling further behind daily.

It's as if Brigadoon is a one- or two-person shop, too busy to take the time and do the testing necessary to make their product really install and run correctly. What happens then, I know from experience, is that you spend so much time dealing with tech service questions that you have no time to fix the product. Meanwhile you are selling more of the junky product and compounding your problems. I'm only speculating here though ...

Other Issues:

1. If your computer is stolen and does phone home, will Brigadoon Software actually answer their telephone and trace an email for you? When I called their telephone number this afternoon during regular business hours, I got an answering machine and no callback today. This is not what you want, because the computer may soon evaporate into the black market and never call home again. I see other remarks on the internet which indicate that this is a real question. I will update this post and add a new post when/if I hear from them regarding my pre-sales technical service problems.
2. One very good thing: My computers are set up to require a password for my own logon, to prevent access to my account through the network, and also through the keyboard if the computer were to be stolen. On both the XP and the Vista desktop system, if I booted up and did NOT log on, the computer sent the email anyway. Thus if a thief were sitting at the keyboard trying various passwords, and made the mistake of connecting the computer to the internet first, the email would be on its way.
3. But what if the thief didn't connect to the internet before logging on? In another part of the FAQ document, Brigadoon goes into great detail to show how to set up a computer so that it will boot up with one account which does NOT have a password. They don't spell out WHY we should do that, because it obviously reduces the system's security. But I suppose if I were the thief, I might try each of the usernames on the logon screen, looking for one with no password. If found, I might start with that account, and might even use that account to connect to the internet. Obviously, that account should not have administrator privileges!
4. Brigadoon makes another good point in their FAQ document: It's important to set up a password to the BIOS of a computer, and then set the BIOS to boot first from hard disk, not floppy or CD/DVD or memory stick. This prevents a thief from using an alternate boot to simply reformat the disk and install a new operating system, thereby obliterating the PCPhoneHome program. In case YOU have a problem with the hard disk, you simply enter the password and change the BIOS back to allow boot from alternate devices. Of course the thief can still remove the hard drive and reformat it some other way, but that's more work and by then the computer may already have phoned home.