Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Security Firm Deserts Users

Security Firm Deserts Users

by Nikola Strahija on December 4th, 2002 A company that once promised to find stolen corporate laptops is now itself missing in action. And left behind are countless customers stuck for the prepaid service and saddled with a software agent that not only resists being disabled but can still transmit sensitive data over the Internet.


Lucira Technologies Inc. has been defunct since August, when it filed for Chapter 7 bankruptcy protection in Boston, federal court records show. Nearly two dozen users contacted by eWeek, however, say they've never been notified that the managed service has been terminated. All telephones to the company's Boston headquarters have been disconnected, Lucira's corporate Web site has been shuttered, and the company's landlord said the firm moved out several months ago leaving no forwarding address.

The company, which was founded in 1999 as CyberTrak Systems Inc., marketed a service alternately called MobileSecure or SecurePC. At the heart of Lucira's service is a technology dubbed Pinpoint, which makes regular, automatic checks to a Lucira server when a client computer is logged on to the Internet. When a machine is reported stolen, the software could be used to log trace routes and locate the machine for recovery by police. A Lucira official once bragged in published reports that the company's client-side software agent was so robust that the only way to defeat it once installed was to physically remove the laptop's hard disk drive.

More troubling to users today, Pinpoint also allows data on the client's machine to be retrieved, destroyed or encrypted by remote control.

"I can understand a company just not making it. But how expensive is it to e-mail customers and tell them, 'Sorry ... take other measures to protect yourself,'?" said Craig Uselman, corporate IT support manager at American Packaging Corp., in Rochester, N.Y. Uselman in April bought a one-year package from Lucira to protect his laptop for $49. While the contact information for Lucira is no longer valid, Uselman said Lucira's software agent continues to transmit data when he is logged on to the Internet.

Running totals show more than 8,000 copies of the free version of Lucira's software were downloaded from popular download sites. And though the vendor is out of business, the product remained available at sites such as Amazon.com until late last week.

"The Lucira product was not a bad idea, but its implementation was amateurish," said Gregor Freund, CEO and founder of Zone Labs Inc., in San Francisco. Freund evaluated MobileSecure and ended up with the product stuck on his laptop. "I tell you, it was a major pain to removeónot something the average user could handle."

Ironically, Freund said he found that Zone Labs' own ZoneAlarm firewall product kept the Lucira agent from contacting the server. "It turned out to be not all that sophisticated," he said.

To help Lucira users left in the lurch, one former competitor, Ztrace Inc., is stepping in. Former customers with time still left on their paid contracts with Lucira can contact Ztrace for instructions for transitioning to the Waltham, Mass., vendor's laptop security service.

"Whatever time they have left, we'll give them for free with our service," said Alexander Kesler, president of Ztrace. Kesler said instructions for removing the old Lucira agent would be included. Ztrace has been contacted by about a dozen Lucira enterprise users so far.

Lucira was founded by 24-year-old University of Pennsylvania medical school dropout Ravi Hariprasad, who was inspired into entrepreneurship when his laptop was stolen. After winning several business plan competitions, Hariprasad scored $10 million in venture funding in early 2000 and started peppering press releases with well-known names.

Faced with serious concerns about privacy as a result of the nature of its product, Lucira named noted Boston privacy attorney Keith Enright as its chief privacy officer. But Enright, best known for running PrivacyLaw.net, now says he left Lucira in March 2001, following "irreconcilable differences with Hariprasad regarding how the company should move forward."

"At that time, there was no discussion of filing for bankruptcy, and I had no input into Lucira's exit strategy," Enright said.

The company also issued a release saying Gerald Isaacson, data security manager at Massachusetts Institute of Technology, would join Lucira's board.

But Isaacson now says he was never on the company's board and had no idea it is defunct. "I haven't spoken to anyone there in several months," Isaacson said from his MIT office in Cambridge, Mass. "They asked me to look at their product because they wanted to put an MIT name on it. That was the extent of it. I have no idea what became of them."

Isaacson said he still has the Lucira agent installed on a laptop but has "no idea at all" who is receiving the information from it when he logs on the network.

Despite bright beginnings for Lucira, by early this year, the money was running out. By the time the company filed for bankruptcy Aug. 6, it had debts of more than $900,000. The case, filed in U.S. Bankruptcy Court in Boston, is still pending, but none of the company's creditors has filed objections.

Investors say they're more angry than surprised.

"When you invest in something, you take a risk," said Darrell Browning, president of Browning Communications Inc., based in Philadelphia, which invested in Lucira and did some public relations work for the company. "But all we got was a letter telling us they had ceased operations."

Lucira's key officials, CEO Hariprasad and Chief Technology Officer Zulfikar Ramzan, did not respond to numerous requests for comment.

"It's a poor practice for any company, be it Enron [Corp.] or Lucira, to just walk away and leave users holding the bag," said Bradley Lide, president of Computer Sentry Software Inc., in Nashville, Tenn.

Since 1996, CSS has been making CyberAngel, which protects laptops much the same way as Lucira's technology. Lide said he understands Lucira's trouble in the tough economy. "But a company like that needs to have an exit strategy that includes helping users uninstall at least," he said.

The business of protecting corporate mobile computers with hidden agents that turn into Internet beacons was pioneered in 1995 by Absolute Software Inc. with its Computrace product. CEO John Livingston said the failure of Lucira shows "it's important to deal with companies of substance that can grow and maintain current services."

"[Lucira] should have had a mechanism to turn the server over to the customers ... to allow users to take over and run it themselves," said Livingston, in Vancouver, British Columbia.

- article available at www.eweek.com -


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »