[Review] Undercover – Bad news for Mac Thieves

Undercover was easily one of the best pieces of software that I have had the privilege of reviewing for 2014!
Like any good Apple user, you probably have Find my Mac (Find my iPhone, you know what I mean) enabled, and hope to heck that you will never need to use it.

Touch wood though, should that day ever come, will it be enough to get your own back?

While I have the utmost respect for Apple’s native software and services, this is clearly a tool that is playing in a league of its own. 
FmM feels like a lonely peg-leg pirate at a square-dance competition.

So, once you head over to Undercover’s website, you will be presented with an option to Try or Buy.

While I recommend this software 110%, and urge you not to even bother with the trial and just go and buy it outright, I do get it. 

Press the Try button and get the process started. This will get you going with a 7-day trial.

When you select the Try option, you will be required to enter an email address.
Do it! There’s no getting the trial without it, as your email address becomes your username.

You will receive an email with simple instructions, asking you to select a link that will take you to the UndercoverHQ dashboard and force you to select a new password.

That’s it, you are ready to get to the good stuff!

In the dashboard, you are presented with a side panel and a menu bar.

In the side bar, you will see any and all Macs that you have enlisted for protection, and the menu bar will be specific to each machine you select.

Since you have no Macs enrolled just yet, you can tap on the huge option called “Add your Mac”.
Once selected, you will see 2 important items.

  1. The link to download the pkg installer for version 6
  2. How many Macs you can still enrol under your registered licensing option
    1. For now it will be 1 🙂
Hit the download Link and install the magical software.
It’s just a normal installer, but there is a bit of voodoo in the background.
For instance, it doesn’t actually install an app, and it most definitely does not install a System Preference pane either. “So what does it do then” I hear you ask?
First, it installs a Launch Agent in /Library/LaunchAgents called com.orbicule.ucagent.plist
Then it installs a Launch Daemon in /Library/LaunchDaemon called com.orbicule.uc.plist
And finally, the payload. It installs a folder called UC inside of /usr/local . This is where the actual agent is located.
(These locations are great for when/if it ever comes time to uninstall)
After you install the agent, reboot the Mac and voila! Your Mac is now registered within your UndercoverHQ dashboard.
Without doing anything further, you will be on the INFO tab on top of the page.

Here you will see 3 sections, including the basic information about your Mac, any recent activity logged and what the current status of the Mac is (Stolen or not)
So without further stalling, what can Undercover do exactly?
If that day every comes that your machine gets misplaced within the hands that are not your own,  first things first, head to the THEFT REPORT tab.
Here is the all-important button, Report Stolen.
This puts the Mac into Stolen mode, and kicks in all the various services to begin the hunt to get your own back.
This not only puts it into Stolen mode, but it actually generates an official-looking theft report.
The moment you put your machine into stolen mode, an email is generated informing you of the state of the Machine too, i.e. Stolen.
You can then tap on the button to set the Police Contact Details for this case.
While this actually works in the USA, unfortunately SAPS does not play well with these auto-generated black-magic self-proclaimed police reports. They want to do it their own way, the hard way.
With or without the Police contact details, you will be able to generate your theft report, and download a package with all the little goodies that Undercover has been collecting since your machine was marked as stolen.
When you download your package (no snickering please, we’re all grown-ups here) it will include amongst other things, a PDF report with as much detail as you could hope for, for an official investigation.
So, what are these goodies that Undercover collects for you, to bust your perpetrator in the act?
Head over to LOCATION.
The obvious thing to expect here is the current location of your stolen device.
But Find my Mac can also do that?
But what FmM cannot do, is scrub the timeline at the bottom of the screen, to see the history of locations since your machine was put into Stolen mode.
The location is transmitted every 30 minutes.
I feel like Nifty Points +1 is in order here.
When you tap on your location marker, it will show you the GPS coordinates, the internal AND external IP addresses, as well as the network name that it is connected to.
Nifty Points +1 anyone?
Now that we know where the master-douche is hanging out, let’s take a look as to who exactly is behind this dastardly crime.
Tap on PHOTOS.
The built-in iSight camera will take a selfie every 8 minutes, hopefully catching the perp in the act, or at least enough to catch his/her mug.
If you would like to see a photo within the 8-minute window, just tap on take photo for instant selfies. 
The only cue is the green light on the camera, which is so quick, it is often missed.
I don’t recall FmM taking photos?
Nifty Points +1 indeed.
Want to see what the bad guy/girl is up to?
Head over to SCREEN SHOTS.
While you know it can’t be good, whatever it is they are doing, at least this way you will be able to see if they are after something super-specific, like data-espionage or simply looking for some juicy photos.
Screenshots, like photos, take place every 8 minutes.
But these screenshots leave no visual cues behind, like the photos.
While unnecessary, we are definitely adding this feature to the Nifty pile.
Nifty Points +1

Not only can you see the screens that they are working on, but you will also be able to see physically what they are typing, character for character.
Every single little things gets logged under the KEY LOGS section.
Well, all except for usernames and passwords!
This puts even my mind at rest.
This means the good folks at Undercover won’t be able to get into my sensitive accounts, and neither will the feds. (Apart from the 128-bit encryption between your machine and the mothership of course)
At the bottom of the screen, you will be able to filter the Key logs according to apps, as well as text typed versus text highlighted.
Interesting choices.
Key logs are recorded continuously. No time intervals for this one.
Nifty Points +1 for sure!

So now that you know everything about the person that has mistakenly taken your laptop and is mistakenly trying to log into your internet banking sites, what else does Undercover provide yo with.

Well you have a PRIVACY tab on top for, wait for it, privacy settings.

Basically, do you want Undercover to be taking photos, logging key strokes, snapping screens and locations ALL the time, or only when Stolen?
I think we all have the same answer here…only when stolen please!

No nifty points, but critical nonetheless.

Oh yeah, then there’s PLAN B. My fav!

Plan B is taking the perp-tracking tool to a new level.

You have 3 options for Plan B. Or Plans B, C and D if you will.
No not really, they are all called Plan B, whether you will or won’t.

Firstly, you can simply leave Plan B on the default option, which is Off.
I know it seems counter-intuitive, but this basically means do nothing that will give our game away, and keep tracking in the back ground. 
Apart from potential emails coming in, and the odd green-light selfies, there is no indication to the thief that you are tracking them.

You could set Plan B into Hardware Failure mode.
This is brilliant!

It runs a script in the background that randomly adjusts the brightness of the screen at incredibly quick intervals, making it look like a hardware failure with the display.
Don’t worry, this won’t damage your Mac, but it will make the would-be thief want to get rid of it ASAP. 
Perhaps this will lead to the recovery of your Mac, perhaps not.

Either way, Nifty Points +1 in the bag!

And finally, your 3rd Plan B option is to lock the screen with a good old-fashioned screen message.

This message can be whatever you want it to be.
Polite and sincere or obnoxious and rude. 
I would opt for somewhere in the middle.

The nifty points for this will come from the fact that not only does this message take control of the screen, and does not allow for any other key stroke or mouse click, but it also calls the message back if you hard-reset the computer.

A few moments after restarting the box, the message will take control of the screen, and the thief can see and do nothing, nada, zip!
And to top it all off, Voiceover kicks in at full volume and reads the contents of the message out LOUD! How embarrassing! 

Yes, you can turn the volume down, or even off, but once the voiceover finishes reading the screen, it starts all over again, and resets the sounds settings, to LOUD.

Definitely +1 in the Nifty Jar.

Anything else that Undercover can do to help get your machine back?

Why yes, now that you ask.

Undercover version 6.0 now supports Undercover Watch.

This gives you 2 options to begin Auto-Tracking a machine, without you actually clicking on Report Stolen.

The 2 options are:

  1. When I leave this network (You can specify a few)
  2. When a user logs into a specific “dummy” account, or more commonly, OS X’s guest account.
Any/both of these options will auto-trigger the stolen attribute, and begin tracking and taking a few snaps shots for the photo album.
That deserves +2 Nifty Points.
So, that’s it. Finally!
That is all that Undercover can do for you and your home, business, studio or classroom. It will give you peace of mind, that no matter what, you will have options to get your own back again.
Some overall thoughts?
In the beginning I was instantly put off by the price of the software.
Costing R540 to cover 1 Mac or R640 to cover 5…there isn’t really a choice is there?
You can also up this license to cover up to 25 machines, but it will set you back R5500, or R220 per machine.
When you look at all of the above features and consider the entirety of the 9 Nifty points, Undercover should be charging more!
So what are the pitfalls and considerations?
Well, first and foremost; If someone manages to format and reinstall your Mac, your tracking days are over, since the agent will have been wiped off the machine for good.
How do you prevent this? Set a firmware password!
Reboot the Mac and hold CMD+R, tap on Tools, and choose to set a Firmware password.
Then, why can’t someone just remove the agent manually, since I have listed the exact locations above?
Well, firstly the user would need your administrator password in order to do this.
“But what about the builtin Password Reset Utility found in the Recovery partition” I hear you say?
“Please refer to the above point of setting a firmware password” you will hear me say in return.
This will prevent anybody from getting into the recovery console in order to reset your password.
Does Undercover play nice with FileVault2?
Apple specifically designed FileVault2 to not allow any 3rd party utilities or apps to alter the booting process or drive encryption. 
So unfortunately, you either use FileVault2 or Undercover, not both.
But what if you want the benefits of both? Tracking and drive encryption? Well, invest in a 3rd party drive encrypting utility out there, there are many to choose from.
So all in all, Undercover is definitely going into the hall of fame for 2014 of Apple Domination!
I always feel that if I don’t personally believe in something, like a piece of software, I cannot endorse it.
I am extremely happy to endorse Undercover!
Not only will I be using it on my household Macs, but I will also be providing it as a service to my Mac Clients.
Go out, get it, and feel better knowing that you have done everything that you can to prevent and recover your machine from theft!

One thought on “[Review] Undercover – Bad news for Mac Thieves

Leave a Reply

Your email address will not be published. Required fields are marked *