Mastercard Locked my Microsoft Surface so I Installed Linux on It
Вставка
- Опубліковано 12 вер 2024
- In 2019 I bought a used MS Surface to use as a drawing tablet both personally and in my role as an art teacher. Every Surface is loaded up with some nasty software from Absolute Software that acts sort of like Ransomware, and the fun part is YOU CAN"T GET RID OF IT.
Thankfully Linux is around to bail me out and prevent this really nice tablet PC from becoming e-waste.
1. USB stick $4.99
2. Linux distro $0.00
Beating Microsoft and MasterCard in the same day? Priceless
same ad for Visa
This wasn’t Microsofts fault.
@@MyLibertyTV but we can agree here that removing a proprietary crap like windows from the tablet and installing a (mostly) free Linux OS which re-enabled its functionality at *NO COST* was a killer move.As far as we know the lock was implemented via windows.
@@MyLibertyTV It was a Microsoft Surface after all…wasn’t it??
@@The_Last_Ninja They made it. They didn't install the virus on it, steal it, and sell it on ebay.
More likely this was a corporate owned device and either stolen and resold on eBay illegally or when it was decommissioned, they didn't remove it from their management systems. Surfaces and MacBooks can phone home to check if their serial numbers are registered to a corporate account and then pull policies from that corporate account without your say so since as far as the device is concerned, it still belongs to the business. The root cause here is that Mastercard never released this surface from their management systems. Microsoft is not at fault here. The business was just using the provided features to secure their assets. The failure by the business to release it is the problem. I say this as an IT admin that implements these functions in Windows and Apple laptops I issue to employees.
I didn’t know the Surface had UEFI level security like that. I know for Apple devices it’s practically impossible to get around.
yeah video is clickbait at best. This is also people need to be careful when buying refurbished Thinkpad or other business laptop especially if it was previously owned by Fortune 500 or other fancy companies
That makes more sense. MasterCard has nothing to do with Surface otherwise.
I didn't see anything in the video where the man implied it was a Microsoft problem specifically, but rather a "firmware" problem that cannot be undone - which happens to be in a Microsoft device. I've been in IT for a long time. Plenty of cases where we did new rollouts, and the company was very "here you go... a bonus" with all the old hardware. Problem was, more than one person was fired for not doing the very basic "duh-level" requirements of wiping data, BIOS passwords, security lockouts, and remote WoL credentials. Most of what I worked with was all still built-in configuration stuffs excep for a huge rollout of the Dell Optiplex mini pcs for us inside kiosks. Custom firmware out the wazoo. Once we had to uninstall all of those for a new rollout, it was a whole new ballgame to wipe them for "repurposing".
i doubt it was stolen, he said the one he bought was being sold along with hundreds of others.
who's getting away with illegally selling hundreds of company computers?
My guess is these were corporate devices that somebody forgot to inventory out and now their it logistics “can’t find them”
either that or they were stolen and sold illegally on e bay.
@@mapl3mage
I don't think it was stolen.
If Mastercard owned it and did nothing for years, then it is a huge negligence from different layers.
Also, how will Mastercard claim the insurance? and how will Mastercard discard it from the inventory?
most likely it was handed out to employees and 1 guy took it home and didn't even wipe it or anything.. so the laptop was still under policy.@@eng3d
Also, this hardware has been written off as it had depreciated years ago. Not to mention Surface warranties are notoriously short. Major companies replace hardware once the extended warranties expire. This was more than likely sold by a recycler. If it was stolen the failsafe would have been activated immediately, especially since it belonged to a credit card company.
@@mapl3mage must be some dedicated thief to get 100 used tablets from all the cubicles. Those are clearly from an electronics recycler. Master card probably got CO2 credits or whatever bs for them.
Congratulations Mastercard, you have been Linuxed.
@@wazza33racer nope, computrace can install on Linux too. It's a pesky rootkit.
lmao
Fr
@@RealJonDoeDon't work with older PC. Even with newer update of Linux can make incompatible.
Some Linux can ignore requests. Depends how Linux developer's desire to build Linux with their own preference.
You may already know this but Computrace is not exclusive to the Surface. It can be in any computer - but especially one geared for "enterprise" markets. It had it in my old Lenovo ThinkPad T450 but fortunately I was able to "permanently" disable it via the UEFI config shortly after unboxing.
Presumably if the device is brought brand new then the feature is not an issue / in use.
A non issue :)
@@ArmChairPlum You would assume so. But then, you do know how to spell assume, don't you?
@@ArmChairPlum Just an FYI. Dell will add this to your software list if you have a Dell Enterprise purchase contract ... so it can come from the manufacture with Computrace on it.
@@DucNguyen-bd5ir I've seen a lot of bioses with Computrace on them in the shop I work but haven't run into one yet where it's in use....Thank God. It's a good idea in some cases but pity the guy who buys used equipment and it's been activated. I'm sure there must be a way around it but who's going to bother themselves for a 200 or 300 dollar used device?
Cant turn it off after it gets activated, its there forever
I'm so glad I learned Linux as a teenager. I'm 32 now. It's still serving me well to this day. Never let your hardware die before it's ready to go. Awesome work.
I forced my 4 kids to only use linux lmao. It was fun but they thank me for it now.
if you can solder, hardware almost never really dies....
@@98f5your poor children, lol. I've tried Linux so many times and it ends up pissing me off. I do have a server running Xigmanas on free BSD, and that's okay because it's simple. The ZFS file system is really cool. I also keep a VM of Ubuntu just in case I need to recover my data from hard drives formatted with Ext4. But for general computing I'm squarely in the Windows garden because I can work much faster with Microsoft products than in any open source solution.
Right on man!
Try finding an ISA video card lol
Mastercard, creating new Linux users one day at a time.
There are some things money can't buy.😂
Installing Linux on your device? Priceless.
😂😂😂😂😂
One tablet at a time :)
More like Windows 11. Making Windows WORSE with every new version.
It's now a... *Canonical Surface*
Canonical* :3
It was a cannon event
@@fluoriteByte :3
@@fluoriteByte:3
@@fluoriteByte :3
Better to learn linux now rather than later, if you don't want to be forced to buy new hardware. Microsoft is blocking PCs with older CPUS and TPM chips from receiving windows 11 upgrades.
So they can spy on you? Steal your data? Conspiracy theories! Lol
Rufus fixes that. I have 11 on all my orders pcs and laptops except for 1, unsure why it keeps failing.
thats not a bad thing. win 11 is garbage from what i've been reading and it'll just send more and more to linux. its a win/win for the customers.
@@Igorath there are places that linux hasn't covered well yet. My linux laptop still derps on dual graphics and debian forums are like "hurr durr dual graphics are hard". Thankfully I don't need it so screw tinkering until I have nothing better to do.
@@Igorathyou mean, it's a lin/lin for the customers 😏
You don't need to be a nerd for Linux. It's not about the OS its about your mindset. Works different? Thankfully yes. U have to get used to it? For sure. Worth it? Fcuk yeah.
yeah its already growing on me.
It's not hard to just get things working. A total noob can figure out how to install Arch without much problem. Whether they'll get everything to work or work correctly is what separates the nerds from the noobs.
@@joemann7971 there isn't much to get everything working correctly in Ubuntu, it works great out of the box, unless you have some custom software needs, that require a bit more knowledge how to set it up.
You don't sound like someone involved much into Linux?
A noob may have hard time installing Arch, but on the other hand - it doesn't take a nerd to have an up and running Arch, everything working fine. (unless you do something especially special, I don't know).
@@moetocafe no. The issue is PC manufacturers sometimes add proprietary crap into the machine that only work properly with Windows.
I had an MSI GS65 laptop that would always go into an apparent hardware locked airplane mode with no way to get it out of airplane mode without a reboot. I eventually found a workaround that would allow linux to be able to take it out of airplane mode but it wouldn't work reliably. I eventually just gave up and just disabled sleep. Since it had a fairly fast NVME drive, I just enabled hibernate as a sort of permanent workaround.
@@joemann7971 couldn't that airplane mode be disabled in bios or hidden/service bios (if any) ?
I had sleeping issues with my PC as well (I run on Debian), but managed to fix it.
When I was younger and e-bay first launched, my friend bought a car from there, transferred the title, had it registered and more than a year later, some kind of federal agents showed up at her house and took her car back. It's not uncommon for people to sell stolen goods on e-bay.
Yes but it was a tribunal who decided it, and not just an evil company.
@@eng3dbruh in this case they probably locked all their old surfaces because they upgraded to new ones.. just that.. this particular one must've been sold by an employee who left.
"Transferred the title"
Sorry but if there's a title of ownership, the feds couldn't take the car back as stolen, because that's not how things work with property management. Something that might surprise you: someone can literally forge your house's deed with their name on it, and you'd be incapable of getting the police to evict them and arrest them for fraud. You'd be required to take the criminals to civil court to fight over ownership. That or pay them to go away. Big problem with this kind of fraud happening right now.
The only reason the law enforcement would have leave to take the vehicle if a title of ownership was presentable, would be if the car was used in the committing of a crime, or if there are liens out on the owners name due to non-payment of debts. If the feds are taking it, it's likely because the IRS told them to take the car, and your friend was less than fully forthcoming about her financial situation and her willingness to pay her taxes.
@@grahamb7947 You made me laugh, thanks that's so funny
I should imagine that it was bought and then not used by the company, with the product then being sold on without any thought of what was on the computer hidden deep in the systems. Some inventory has been done and then just an automatic shut off as they probably thought that after 5 years the Microsoft programming would have died anyway! Or even that is what they programme into their own stuff so no one can continue to use their old work stuff. Most companies I know replace all their computers after five years.
My guess is that Ubuntu has support for some of the features offered on the surface pro. The program used to make the ISO bootable on a thumb drive shouldnt have any bearing on the OS functionality. Ubuntu is one of the most stable, well-documented, and well-supported Linux distros around.This is likely why it worked so well. Linux for the win. Always good to keep a bootable drive around with a popular distro.
A drive loaded with Ventoy and a bunch of ISOs is another good thing to keep around
@@SigmaMan1448 + for Ventoy, I have had certain computers not boot some distros. It's not really the distro itself thats the problem, it's the way the computer is booting it. You can have some issues with EFI stuff.
"The program used to make the ISO bootable on a thumb drive shouldnt have any bearing on the OS functionality." It shouldn't, but sometimes it does. And Ventoy is absolutely great and I have a 32GB thumb full of ISOs, but sometimes it doesn't work and I have to make a bootable drive in the old fashioned way. But it's still better than Windows.
@@Dragon_Slayer_Ornstein Ventoy allows you to install the necessary keys to make the secure boot process happy.
@@JeanPierreWhiteif the previous company has locked down the bios then perhaps no. You may not be able to import the certificate into the secure boot store.
This was previously owned by MasterCard, and was not properly reset before MasterCard got rid of it. They probably just got around to cleaning up the mess from their previous admin.
I'm just replying here in hopes that Matt sees my comment. You can bring up the keyboard anytime by swiping up from the bottom! 7:10
Yep, they won't have removed them from intune properly and it'll be shown as a corporate device.
It's also possible that they have the policy set to require enrollment on boot.
That setting persists in uefi.
Unless you clear all secure keys from it.
Have had this issue with govt issued devices during covid. They require internet during windows install and also rename themselves to their naming scheme.
just getting around to cleaning up the mess only almost 5 years later... sounds about right!
You guys missed the most probable situation, an employee for Mastercard likely sold the device instead of sending it back to IT. The device likely is still owned by Mastercard and was illegally sold.
@@leefhead1 this is really not a likely scenario. If the device was not returned, they would have reclaimed it. Since it was returned it was probably just put in a pile and forgotten about.
When I was working at a local computer repair store, they ended up buying an HP laptop that also had CompuTrace activated. We also ended up putting Linux Mint on it and used it for in store use only. This was back in about 2011.
The good thing about Linux is that you own your OS and you own your hardware. Microsoft and Apple can at any moment remote kill your device if they wish to.
TRUTH!
Fuck Microsoft and Apple!
I never thoght about it but *remote kill* - is it mean that my data on a device won't be available? Or it would but throughout different OS?
I mean, if they do, they'll brick my OS or they'll brick all of my SSD/HDDs with all the data I "own" on it?
So companies can lock down devices that are stolen (by either Employees, or otherwise) and that annoys you? Also, this video wasn't even locked using Intune. Dude probably couldve just reinstalled Windows and been fine.
@@Evgen13Great if you have bitlocker enabled then u might be out of luck but they can't normally brick ur ssd/hdd
@@hunterzone4846 Bitlocker is a joke. We routinely decommission laptops and workstation PC's for our company. I've removed the bitlocker on all the computers I decided to take home with me.
Not being able to own your tech is the most frustrating part.
In this case, I would say it was an ex corporate device from a leasing company.
They (Mastercard) will have not properly released the device from management.
So he owns the device but would need to get Mastercard to both lift and remove it properly.
The device could have windows installed back on it. Just need to clear the uefi secure boot tpm keys.
Create a local account on boot and don't connect it to the internet (at least for the first boot)
Just imagine that you tell an old farmer that you are not allowed to open the hood or modified an attachment.
@@robumf I imagine I'd be shot in place.
@@robumf John Deere?
Exactly. that's why i hate mobile devices. It's a pain to flash a new ROM or kernel on a mobile phone.
As others have pointed out, I'm sure it USED to belong to MasterCard, but really, locking up an 8 year old device? C'mon!
More than likely these devices were meant to be destroyed because of the sensitive information that would be on them but someone decided to resell them on. It's shitty but Mastercard has every right to prevent these devices from being used.
It sucks but it's the seller that's at fault here.
@@TonySquared09 Why not just destroy and replace the storage/SSD? Makes sense to do that instead of destroy the entire device. (unless M$ is being crappy and soldering the storage to the motherboard in which that would sorta make sense)
@@shane_gentle it's not about "M$" soldering shit to the motherboard, it's about data compliance. Depending on the country or sensitivity of the data, data compliance generally means the destruction of the entire device and with this being an ex-MasterCard based device, it would most definitely be up there with things that need destroying.
@@TonySquared09 makes sense
Switch "used to belong to MasterCard" with "stolen from MasterCard", and I'm with you.
I hope Louis Rossman sees this!
Indeed, I hope @rossmanngroup sees this too!
He would say yeah he shouldn't buy stolen goods
@@ANGELROB_YT If they were really stolen back in 2019, MC would have bricked them a long time ago. They probably just forgot that they sold a batch of them after they were replaced back then and they forgot to remove them from asset inventory. It is very frequent to see ebay seller puchasing lease end tech in big lots and sell them on ebay. Stolen good seller tend to be less visible especialy for large batches. But in fact we currently don't know for sure.
This is not the anti-consumer garbage you think it is.
3:45 The CSR implied that it was probably a mistake and now tons of tablets, etc are frozen? This sounds like the beginning of a class action lawsuit to me.
Somebody sold that tablet illegally on ebay - there needed to be enrollment done of that device that linked it to device management under Windows - it cannot do it on it's own - you need IT support to supply passwords to begin this process.
If it has been booted up and connects to the device management system it will be locked out if it has been tagged as stolen or missing.
That's what I assumed, but I'm confused why it took 4 years for this to happen.
Its possible no laws were broken. The IT department just got sloppy when recycling old tablets.
@@gattmolson people leave, devices get lost in a shuffle.. IT crowd decided to do a full audit of systems and "locked" each they couldn't find. Standard practice. So if you could get hold of someone, then you could probably get it removed. Try emailing support, or any mastercard emails.
@@gattmolson They only care about the data on the device - a lost laptop is the least of their worries.
It is called Microsoft Intune and only when you try to logon into the corp domain account it then phones home and checks if the device has been tagged as lost and then it will brick Windows.
The firmware does not do that hence why he could install Ubuntu and I suspect he never re-installed Windows since he got from ebay and simply renamed the user account credentials to his own.
Always re-install Windows when buying used.
@@leonidas14775 A lot was sent to a recycler and instead of being turned into e-waste they resold it to the supplier on ebay.
Corp would have marked them as gone from their asset register as common practice - the ebay seller should have reimaged them with fresh Windows.
Everyone should stay as farther away from Microsoft as possible.
And don't say "I'm happy to be MS slave" - this is exactly what gives them the power to abuse you like that.
I hate Microsoft deeply and prefer to use Linux for many tasks, but sweeping statements telling me how to live make me not care about your opinion
@@cinderwolf32 you don't have to. You can continue to be their loyal customer and see how that benefits you :) I was just sharing my opinion - you may or may not like it and that's fine.
Sharing information is good. Just keep in mind that telling other people what they *should* do or *should* think will likely never get people who already hold a different opinion to consider your arguments.
@@cinderwolf32 assume I'm giving advise, not TELLING people what to do. But Microsoft surely are much more convincing, than me :))
... as far away from ...
Nothing comes from the factory with Absolute Software installed. It is a product used by companies to keep track their computers and to remotely lock and wipe them. I worked at a company that used it.
It looks like Mastercard didn't remove the UUID of the hardware from their Azure tenant which probably managed their endpoints. I had a similar problem with my old surface 3 ironically with a company I used to run. I closed the company and the associated tenant forgetting to remove the devices from endpoint management. A year later the surface got locked. This was also used to encrypt the drive, DOH. Luckily, I could still log into the old Azure tenant and remove and reset the device and bingo it worked
cool video! nice to see more linux use. though to play devils advocate, what are odds this was actually a mastercard office device or given to employees as part of their perks and they just got rid of it on ebay xD
Quite high. He bought a stolen device.
highly likely
although you can't remove or prevent the Absolute software from installing on windows. You can stop it from running and connecting to the remote servers. Install windows and do not connect to the internet, remove the service from the registry and create a new registry folder with the same name, change the permissions so only your user has permission to modify it. The permissions are very important otherwise it will just remove and add it's registry stuff back. restart and the Absolute services/processes will no longer be run. I can't remember the exact names of the services and such but that's the method I used.
So MasterCard fixed their mistake and fixed the tablet's, right?
If they didn't - they broke someone's property. That's a crime.
No. If its a device that was supposed to be recycled, and some guy sold it instead, thats on the seller and you, the buyer, for not checking its locked down.
At the Office where I worked, I gave life back to an old and sluggish 2013 iMac running OS Sierra. No way to update, Apple had already scrubbed down their servers and nothing to do with it, it was really, really slow and sluggish with tons of pop ups and old company credentials to validate. I installed Fedora 40 using an old Fedora Burner (pre-installer) for the USB device. When initializing inside the MAC -prior to using the fedora software, initialize as follows: MS-DOS (FAT) and the scheme to GUID Partition Map. When booting, press the mac sign and boot from the device to run, install, and when formatting claim all the used / unused space for the new OS. Long story short, running better than when it was new, new face, high security and for a new purpose.
Good that there is a software to detect which device was stolen, but not after 5 years when all the devices were sold to legitimate people that paid for them
The man is making videos since 14 years. And this is his highest viewed video which is posted just 5 days back. Thats power of linux and common man!!
Anyone who starts to daily drive Linux never comes back the same, especially as no ‘man’
Mastercard didn't do anything. Their IT department decommissioned a bunch of road computers and someone "recycled them" on ebay. They were fine and then one day the mdm team probably locked a ton of old devices. What you do is actually install windows fresh and then pick the I don't have internet until you get to the desktop and then DO NOT connect a windows account. What they need to do is remove this from their device management. You may not be able to email them because it's a portal and unfortunately the seller is in the wrong, not mastercard. Once you're in windows you can block the mdm with a powershell script. You can also install windows Ameliorated edition.
did lots of google searching before installing ubuntu and couldn't find this information. Thanks!
5:05 i believe not every microsoft surface is like that, like one your viewers commented, its most likely a corporate device that they forgot to remove in their systems👍
Someone didn't use Google, or Bing ... lol.
To turn off Absolute Software on a Microsoft Surface, follow these steps:
Shut down your Surface and wait about 10 seconds to ensure it's off.
Press and hold the Volume-up button and - at the same time - press and release the Power button.
As the Microsoft or Surface logo appears on your screen, continue to hold the Volume-up button until the UEFI screen appears.
Run the following commands in the PowerShell to disable Absolute Software's Lojack:
Get-HPBIOSSetting -Name "Absolute Persistence Module Current State"
Set-HPBIOSSettingValue -Name "Permanent Disable Absolute Persistence Module Set Once" -Value "Yes"
Get-HPBIOSSetting and Set-HPBIOSSettingValue are specific to HP systems. Is there an equivalent for Surface devices?
so its possible a stolen device sold on ebay? or the seller or Mastercard IT didn't follow the process to de-commission the device. usuall when I try to buy a used laptop, the 1st thing is to check if the device have bios locked or not.
I have a work laptop with Computrace enabled and the BIOS isn't locked. You need to check the BIOS Setup to see if Computrace is enabled. For me, it's under the "Security" tab.
You might say there isnt much info for av video like this but its always facinating to hear people who arent very technology knowledged try something like this, it makes me smile that people are learning tech, even if it a slow process
You had a good 5 year run with the tablet. Please hold no ill will towards MasterCard. Do not install Quibble and load a version of Windows on a non-NTFS partition, bypassing Computrace locking mechanism
Quibble? I haven’t heard of that bootloader in YEARS.
Love the way you phrased that! 😃😃😃😃😃😃
You can't install windows on a non- NTFS partition. You haven't been able to do that since Windows Vista came out. Maybe you are thinking of installing windows on an MBR partition disk layout instead of the GPT partition layout now in common use? Unfortunately Surface Pro firmware requires a GPT layout to boot, and there is no support for MBR legacy booting at all.
Work around doesn't actually address the problem. You could still get yourself in trouble for having "stolen" equipment.
The “Shawna quit” was very funny for some reason
It got me too
most likely lease returns (with that quantity available) or part of a package that they had for customers to replace older card processing hardware that someone forgot to take out of their system when retired and they finally ran an inventory.
You will own nothing and you will be angry
yeah blame Mastercard not Microsoft for that one🤣🤣🤣🤣🤣
Louis Rossman would be interested in this video😂
Who is that guy?
@@billymania11 Go ahead and google him. It's worth it if you're against monopolies and owning your own stuff. Also right to repair issues.
Wow, I'm surprise they didn't lock it at the bootstrap loader stage, Luckily they didn't. But Just in case I never going to buy a used Microsoft surface now, that's for sure.
Not all Surfaces have something like this installed, it's just that this device was likely stolen by a MasterCard employee and sold online. Instead you should be careful to only buy used electronics from trusted sellers.
Can happen with any corporate laptop. HP does the same too.
@@angryox3102 can confirm. Apple Uses MDM and I seen that in action too. Can't restore it, can't boot from anything except the OS that's on it or recovery. If you try a USB it skips it.
@@mjdxp5688 Happens even with trusted sellers with hundreds of thousands of sales over many years. The large ones don't buy from individuals who might be selling a stolen device but rather in bulk from corporate auctions, devices that were leased for a few years and then returned and now have no re-lease value since they're outdated. Although they'll usually have been wiped or had the storage removed prior to return, sometimes the lessee will neglect to release some of the devices from remote management before they return them. Then the reseller buys a big pallet full of them, puts a fresh install of Windows on, and sells them to customers on eBay. The reseller will have been assured as part of their purchase that all devices have been removed from remote management, and even if they checked BIOS and saw Computrace present that would not be unusual and there wouldn't be any reason to believe it would later be used to lock an end user's computer. It's unfortunate these screwups happen, but the reseller could probably get the lock released for Matt. Or if they couldn't, then considering the circumstances they might be willing to provide him an exchange for a device of comparable value even years after his original purchase.
Hey, I work in IT for a Pharmaceutical company that does the same thing. Sounds like someone stole it from work, never returned it when they left/were fired, or it was stolen from someone who used to work at MasterCard (this happens a lot). Typically flashing the BIOS and reinstalling Windows should fix the issue.
Yeah, but with 100 such devices? Probably just sold by the recycler, rather than stolen.
@@shoham00 100 devices stolen in a year isn't crazy. My company has about 20 locations worldwide and at mine, we probably have 20-30 a year stolen. Thieves tend to target business people at the airport and break into their rental cars to steal their luggage a lot, especially overseas.
@@shoham00 It's not unlikely, I know my company switched to the Surface when it first came out for our salesforce since it was easy for them to use on a plane and in meetings with customers. When you have a company with thousands of employees worldwide having 100 or so devices lost or stolen in a year isn't crazy. Thieves like to target business people at the airport and frequently break into rental cars to steal luggage, especially overseas.
@@darius5066 What I meant was simply that a single seller having come by a batch of 100 or more of the same device sounds a lot more like recycling than theft. No doubt a company could lose 100+ devices annually - but for all of those stolen items - which were presumably stolen as singletons - to wind up in the hands of a single seller is unlikely, and for there to be a single theft of hundreds of items also seems somewhat unlikely.
>Normal UA-camr uploads a Linux Video ...
UA-cam algorythm: Linux users, you have been summoned!
Good Job, Matt!
Can't wait for more.
LOL, kinda of crazy. Sadly I have nothing else to say about Linux.
@@gattmolson Spare machines are great for trying out some different versions. It's fun to explore the different tools and setups that each version has to offer. I personally have settled on MX Linux KDE for my daily driver. Worst case, even if you don't like them, you at least have some content. MAME and RetroArch both will run on Linux, too. In fact, Retroarch even has a few distros dedicated for RetroArch, like Lakka.
It's running endpoint protection software. Most big companies and ALL publicly listed companies run something like that. So if any equipment is stolen, the thief can't steal data or use it to access the network. It can be remotely bricked. My company is starting to work with public companies and without exception they all require us to show we have a security policy around using endpoint protection for mobile devices.
GET LINUXED MASTERCARD!!!!!!!
After that initial wipe you should actually be fine to go back to windows. However, enjoy linux and i hope they have good ink drivers to support your work!
I wish it was that easy, but after deleting all partitions, making new ones formating and reinstalling windows BOOM! It comes right back. Computrace lives in the UFEI and comes right back.
Computrace will re-write its files from the UEFI chip to the windows partition. It might be possible to dump the firmware, reverse engineer the uefi, and reflash the chip, but that's not quick nor easy.
@@gattmolson In the industry, we call that "malware".
@@classicrockonly Yeah, that computer is bugged sadly. You would have to reflash its firmware* and other onboard memory to stock (and hope nothing in it relies on any one-time-programmable CPU fuses that the computrace thing has burned)
* and that's assuming there is a non-backdoored firmware out there and that the CPU won't refuse to boot it due ot key mismatch
@@gattmolson It behaves like a virus similar to Spectre and Meltdown, that is disgusting.
I'm always glad to see big corps motivating people into Linux :D
Linux sucks
Similar to you, I bought a used SurfacePro 4 from eBay from a reputable seller. The booting up "Surface" display repeats a couple of times. It used purely to view to view movies and TV show episodes I copied from their original media; and music I copied from my CDs and vinyl discs. Surface is hardly what I would consider a "serious" laptop type PC.
This is an actual big issue with the 2nd hand market from these companies that sell their old stock.
I've worked as a sysadmin for the better part of 13 years and this software is nice when something is stolen or misplaced as it enables you to remote wipe devices.
HOWEVER
The admin running the software needs to be aware of when the company mass sells things so that you dont mark a sold item as stolen which it looks to be in your case.
If anything what I suspect is that the admin was rather lax on this software and the CFO or someone from finance wanted a list of devices that they actively maintain and keep.
Rather than doing the min that youd expect they just line item said all of these devices that haven't been seen in x number of days we're calling them lost which is what that screen is.
Keep in mind that nearly no hardware that you buy second hand is immune from this software as I've found blackberries and android phones with it installed and it's just as troublesome.
Sorry my dude but hey if nothing else you've dipped your toes into linux land and i hope you enjoy your stay.
completely agree with you.
That's definitely a possibility, it's also likely the device was stolen. I've worked in a school environment and kids would steal Chromebooks and sell them online sometimes. We got calls from people saying the device was locked asking us to unlock them.
@@mjdxp5688 I remember a girl called in once saying her boyfriend gave her a phone for her birthday that displayed that it was lost or stolen.
@@mjdxp5688one seller having hundreds of them though makes that less likely. I mean, I guess someone could have broken into MasterCard HQ and raided their IT office, but it seems much more likely that IT had done a bulk sale after they did a big device refresh.
Would have been a different story if the seller was offloading them in 1s and 2s.
But, this guy buys a Surface in a way that he has every reason to believe is legitimate, and then some faceless megacorp deprives him of the use of his device, perhaps because of their own mistake, and won't respond to him. That actually looks a bit like theft to me, though not the sort all the commenters are talking about. Linux to the rescue (and Visa for a credit card).
I thought that when the absolute software protection is turned on even Linux installing wasn't possible. It is even stranger because normally it's membership for protection for absolute shitware is 3 years and your device is 5 years. Nice story, i am following you now. Kind regards.
I put Linux Mint 22 on an old Surface Pro 3 I've had since new. Brilliant.
YEah Mint is superior to plain Ubuntu.
@@JeanPierreWhiteCompany behind ubuntu sucks
Linux sucks
Yelling at the kid in the background was hilarious. 😂
Terrible that this happened. Unfortunate you could not enjoy your choice of tools on your equipment. Glad you found linux to be an acceptable work around. Could be a great learning experience.
Linux sucks
The serial number is pushed into NVRAM by the bootloader and Windows then reads it from there. It's actually pretty trivial to patch the EFI bootloader to prevent this, it's actually how you pirate Windows nowadays by tricking it into thinking it's an OEM device with a valid serial number.
I'm guessing this is most likely a stolen device that had this flashed to it so it could be remotely bricked to discourage stealing. Make sure to vet computer resellers before doing business with them or else there's a chance they'll sell you stuff pike like this.
If the ebay seller had a bunch of them - they probably were leased to MasterCard, aged out and were taken off the lease. Then sold as scrap to recycler. Recycler then sold it to an ebay reseller….
@@dereketnyre7156 I'd say this too. A combo that would be the IT at Mastercard not removing them properly from management or ensuring they are wiped. (Nothing persistent in the UEFI)
The leasing agency should also have made sure that the devices were fit to resell. ie that Mastercard has done their part.
Otherwise charge them for bricked devices.
For reference, I'm basing this on a scheme at schools in NZ and the leasing company wants us to ensure that devices are appropriately decommissioned.
Otherwise they can't onsell after refurbing the units...
Disable the Internal UEFI Shell
Press F2 during startup to enter BIOS setup, then go to Advanced > Boot > Boot Configuration and disable Internal UEFI Shell in the Boot Devices pane. Disable UEFI Secure Boot
Hold down Shift and click Restart, then click Troubleshoot > Advanced options > Start-up Settings > Restart. Next, tap F10 repeatedly to enter BIOS setup, go to Boot Manager, and disable Secure Boot.
I see a lot of reactions here, it must be a stolen one!
Nothing could be further from the truth!
An old friend buys a Lenovo laptop on my advice in the store, so not stolen.
Until one day he could no longer access his laptop because bitlocker was activated by microsoft.
They thought that he had made suspicious login attempts to encrypt his data.
Since it is an older man who only uses his computer for digital banking and reading emails, this is a disgrace!
Now Linux Mint and Libre Office are installed.
Bitlocker is activated by default. If you are comfortable having it turned off it's one of the first things you do when you get a new windows laptop. Turn off bitlocker. It will run slightly faster as well.
@@JeanPierreWhite I myself have turned off bitlocker on his new windows 11 laptop, but I don't trust Microsoft!
I also still have windows 10 running for various applications, but the updates that I can't turn off are worrying me!
I have so many issues with this video.
I have a Surface Pro 8 and I had a Surface Pro 3 and I've been drawing on them for almost a decade and it's excellent. Perhaps you mean "Turns out it's not a good drawing tablet" for you. With the Surface Pro, it's going to depend a LOT on what software you use because since this is a regular Windows device, most Windows drawing software expects you to be on a desktop using a Wacom and so isn't written to work well with a Windows tablet. I use Sketchbook Pro (the tablet edition) and it's fine.
And as for getting rid of the software... I'd have to see what's happening, but you can download clean ISOs of Windows Home and driver packs for the Surface Pros and those are stock... so not sure how that can be happening.
You call it a big cellphone, which suggests this is a cellular model, and there are very few Surface Pro models with that, so it's either a Go or a business model... which explains the Absolute software. Gotta do your homework before you buy, sport. But it should still be fixable without Linux. But TBH, the fact that you even considered that as a real solution on a tablet Windows device suggests you weren't that keen on Windows in the first place... so happy endings?
Thanks for the response. In regards to it not being a good drawing tablet, you are of course correct, in that I mean it's not a good drawing tablet for me. I owned a Motion Computing tablet 10 years ago with a wacom digitizer that I thought worked much better. As I mentioned in my follow up video my favorite drawing app is also sketchpad pro.
As for getting rid of the software do some research on computrace. I was, of course using stock ISO of windows, and not the OS install that it came with. Stock installs on formatted drives didn't fix the problem, computrace is in the surface bios.
When I saw I was using it like a big cell phone, that was misleading, all I meant was that I used it for email and general browsing.
Finally you become quite condensing near the end, but I'll just say that the device works very well with linux, but probably better with windows. Due to the reach of this video and the orignal seller's assistance, Mastercard unlocked the device and I installed windows.
"It's not a virus, it's a feature" Yep, Microsoft in a nutshell.
Nothing to do with Microsoft, this is part of a Mobile device management class of software used to secure company assets like laptops that are issued to employees, because this is still company property they have every right to secure it, now tyhe issue that come up is when a device is no longer being actively used by the company and they sell i off or want it destroyed. the correct practise is to remove the device from the platform before selling or disposal. This wasn't done. But there is also the equally likely that an employee stole them and tried to resell on on ebay although having so many might mean its more likely old machines that weren't properly removed from their device management software.
its got the microsoft logo because of the motherboard being made by microsoft, in case anyone was curious
Microsoft always gives us more reasons to switch to Linux.
This is not really Microsoft thing - it's companies that buy these devices and put their own "Security" features that block users from doing anything if device was lost or sold. Good luck trying to go around this shit on Macbook
Linux sucks
@@notanetcherno it doesn’t. SW dev prefer Linux destro over windows on any given day. Only non-tech people loves Microsoft crap
@@aps125 dude Linux didn't work on my old HP Stream it kernel panics and no WiFi
Without knowing the serial, it’s hard to say for sure why it was frozen. Mastercard will freeze a device if it’s been marked as lost/stolen. Chances are, this was stolen and sold illegally, or it was in the Mastercard inventory and came up missing. Feel free to send the serial to the asset recovery team and they can look into this for you.
And if you’d like a quicker response, let me know an email I can reach you at and I’ll figure out why it was frozen. I work at MC and can get it unfrozen pretty quickly.
The only thing I can think of is that Mastercard owned the laptop, and the seller got a hold of it. It's got nothing to do with Microsoft or Linux. Blame the seller for selling a company laptop.
I am guessing it may have been a "Joined" device which means it was a device which was joined to MasterCard's corporate network domain, basically a network workstation with a certificate on it to authenticate to MasterCard and they would have had full control over it until you completely delete everything bringing it back to factory settings or installing a new OS.
That was probably a company tablet, actually not microsofts fault this time around 😂. Anti theft features built into firmware makes a lot of sense.
It just sucks for the second hand market if they get sold. If mastercard did allow these to be resold they should of disabled auth for it, instead if screwing over a bunch of people.
That said, on any low power device, this tablet included, Linux is just better, its current, and usually a lot more performant. You dont really lose anything since this tablet probably isnt being used to play competetive online games. 😂 If I were to put it on a weird and unique device like a tablet I think ubuntu would be my first choice as well.
Yes indeed. Only problem with Linux is that there is some software that isn't on Linux, and the alternatives are maybe not so good, or are not as widely used. And then tend to be concentrated in the graphics/photography area.
fedora is one of the best distros for tablet pcs. I've installed it on very odd hardware and everything was supported out of the box unlike ubuntu.
MS supports Computrace.
Surfaces have special partitions that are there but you can't access. To do a full actual wipe, there is a surface tool that has to be ran. I wonder if that would remove the security software
FREEDOM! (shouted at top of lungs with Scottish accent)
This is Intune the machine is enrolled in the Mastercard tenant also it seems you have Absolute installed which is locking the PC as it's well over the time for secuirty patching or it was stolen ..you could setup while the PC isn't connected to the internet and connect after everything is setup... But hey Linux's works but as @talmenTX said it's more likey due poor asset management
You should try out KDE plasma, its more similar to windows than gnome (not sure how the touch stuff compares, tho i would assume its pretty good)
GNOME is probably better for a touchscreen than KDE.
@@mjdxp5688 oh ok, i dont have any touch devices that run full linux so i wouldnt know for sure
@@mjdxp5688100% agree. Also W pfp.
If you REALLY want to use Windows, you can probably reinstall windows 10 from a usb and when it asks to connect to the wifi, don’t. You then create a local account. It won’t attempt to connect to the corporate domain as it would if you allow it to use a Microsoft account.
These were probably life cycled machines, and on their way to recycle. A lot of big corporations want these destroyed since the storage is not removable. They are still stuck in the platter hard drive thinking. Happy e-waste heaven. Since these machines could contain sensitive data, they wanted to keep it out of anyone's hands. 4 ideas that come to mind, is that it didn't properly make it through the companies disposal process. It did go through the process and there was a documentation error. Their disposal process includes destroying the machine. It wasn't supposed to leave the company (hot). Either way their data is mostly safe now. Common error, using the term "burn" while creating a bootable USB, even more so while using an iso.
Tux is happy to welcome to the GNU Club Penguin. Enjoy the party.
Joke aside, if you want a suggestion for a distro for home desktop and laptop usage, I'd suggest going with Linux Mint with Cinnamon or looking into distros that use KDE Plasma Desktop environment. You could also look around the start menu to see if you can find the distro's app store/package manager, then research what packages you need for Cinnamon or KDE Plasma and then look into how to change the Desktop environment from the login screen once you're installed one of those. The reason I suggest these two is because they're going to look familiar to you since you're leaving Microsoft. Gnome might be better if you prefer a touch screen, though.
Anyway, enjoy the OS and your tablet.
Linux sucks
I had a Surface Laptop 5 and it was a pain in the ass to get Linux to work. Only the distro Nobara booted. Everything worked great except it doesn’t go to sleep when I close the lid.
Linux sucks
@@notanetcher clearly you haven’t actually tried to use Linux, or just tried Arch and gave up.
@@Butterscotch_96 dude Linux didn't work on my old HP Stream it kernel panics and no WiFi
@@notanetcher What distro?
4:44 our guy is literally sitting in a hacking shed, and arguing hes not a computer geek bro whaat
???
@@xanderplayz3446 you either didn't saw the video or ... , see his background, it is full of tech stuff
alternative title: I bought a stolen tablet from ebay. Mastercard locked it and now i'm using linux to circumvent the lock.
Indeed. I love Linux and have been using it for decades but the premise of this video isn’t the great promotion of Linux that that the author thinks it is 😅
Then why didn't MasterCard respond to any of his emails looking for the seller's information? It is bad enough that they waited 4 years, but then when he reaches out in order to try to resolve it (which could include his returning the stolen device) they just totally ignore him.
Even if true, it sounds like the guy repeatedly tried to contact Mastercard and was rebuffed. And the tablet was so old that it most likely would have been scrapped by the corporation anyway. What this video is really saying is that you're taking a big chance buying used hardware off ebay. That could've just as easily been spyware or ransonware as security firmware.
Blame the victim, eh? It might have been stolen, or it might not, but he didn't know it was stolen. I don't know how US law goes on that, but Mastercard ought to be answering his emails.
I could not possibly care less about corporate ownership and it does no good to permalock this machine. It’s a fine plug for Linux.
The Surface has whats called MDM, Mobile Device Management, probably using Office 365. The only easy way around without fiddaling with Windows to bypass it checking in with Microsofts servers is to contact Microsft which can remove it from MDM after seeing your proof of purchase etc. Windows checks in with the Microsoft servers and sees the specifications, serial numbers etc. tide to someones Ofice 365 Tenant/MDM. In this case some one in Mastercards IT department has not removed the device from their MDM after retiring the device.
I too was a victim of the hardware product bitlocker. I initially bought the laptop with Windows 10, and tried installing Linux Mint side by side on dual boot as I used to do before. Installation was successful, but upon reboot, Windows boot manager was asking me for the bitlocker key. Obviously, Microsoft has hostaged MY hardware to be able to run only Microsoft Windows and I cannot install any other OS into it. I had to reinstall later Windows 11 and told my supplier to skip applying encryption into hardware. This time, the dual boot installation of Linux MINT was successful and the dual boot grub appeared upon boot up. So happy to have reclaimed my own hardware.
I am generally against legislation. However, this is one case where something needs to be put in place. A company should not have the ability to retroactively deactivate former property after they sell it.
Average Linux W
Well, it raises some questions.
Why switching to linux did not lock the device? Is this presumably anti-theft stuff, a Windows OS feature or part of device firmware? Whether formatting and re-installing windows could have helped?
I suspect that the security software is coded to run on Windows only, and even if it's baked into the TPM chip or wherever, when the machine boots into Linux, the security program basically hits a brick wall. But reinstalling Windows would reestablish the "correct" software pathways and the lock would again show up. I've seen this setup on Lenovo Thinkpads in their BIOS. It was not switched on, and there was a footnote there saying that if it WAS switched on it couldn't be switched off, so I tiptoed around that, set up my Linux, and went about my business.
It's baked into the firmware. Of course the first thing I did was format delete partitions reformat, install windows without an interconnection and delete the computrace files then create dummy files and set them to read only. This worked until l turned on wifi again then the next time rebooted it was locked again.
I do repairs on things like this for a living- Chances are pretty good that that unit was licensed to some corporate entity, & might have been stolen, either by the guy that sold it to you, or whoever supplied him. Regular M$ Surface units don't usually have those features even listed in their bios, so the avg consumer doesn't have access to them. I've dealt with McDonalds, Sonic, Samsung /doordash /grubhub type ones as well as POS & other systems nearly all of them can "phone-Home" if they are still listed in their systems. That might have been an actual MasterCard office unit- it's doubtful, but possible. In some cases it's removable or can be disabled but usually only through what is an admin password protected bios. And there are some cases that one a unit is registered with the security provider it will always red-flag the device, even it it was obtained legally. for not being a techie, god job finding something else that worked for you.
Rufus W
Idk why people are suggesting so many other alternatives
I've always used rufus. It's the first program I download when I get a new Windows machine
Guy doesn't question the seller of the unit. Just howls about "Microsoft bad x reason!" Seller of the tablet supposedly had hundreds of units on hand selling'em, guy didn't question how ONE PERSON. On EBAY. Had that many tablets to sell. Usually, THEFT IS INVOLVED WHEN THAT HAPPENS, either from a store, or from a company.
Or just decommissioning of old devices which weren’t properly unenrolled…
I’ve gotten multiple computers for free because companies decommissioned them
@@sleepingcattv I've been a Configuration Manager for 25y now. This is not uncommon. I always verify my inventory - and when I was working for a municipal agency, I discovered that about 400 devices were unaccounted for. So the normal procedure is flagging them as "Missing". At first I wasn't allowed to because (hold on to your hats) it would be an indirect admission that we lost hundreds of devices and never took any action.
But I did anyway (who cares what managers think) and in the months following they all popped up, bit by bit. The were in and on cupboards - some clients even had entire secret stores "in case something happened" - or even entire project crews were covertly equipped with the stuff.
So, IT departments, write down your procedures, educate your employees - and most importantly, embed your administrative procedures within the working procedures. And verify often, define and report performance indicators, analyze any discrepancies and take away root causes.
There are entirely legitimate business that deal in equipment that has been disposed of by corporations and other big orgs. The fact that there were so many available makes it MORE likely that it was a legitimate business. But you hate this guy because he's a teacher, I guess.
End of lease or warranty/support contract often triggers batch disposals by corporations.
The way these random corporations are entitled to just control our crap is absolutely gross. Need some serious laws
Good video. I recommend the UA-cam channel SomeOrdinaryGamers and use the channel search feature to look for Linux content (though, I believe he would probably point you to one of the dedicated specialist channels as he creates a variety of content). Notably though, you could try to contact him or comment on his videos, and he might make a video to spread awareness about this Absolute Software (and maybe your channel as a bonus). I already commented about this video on his most recent one, myself, but more voices are better.
They determined that because they did own it. It was probably an employee laptop that someone decided to sell and not return
Maybe don’t post videos on UA-cam showing that you’re in possession of stolen property?
Where's the part where any proof of it being stolen is shown? Mistakes happen. Lazy IT staff exist.
@@cinderwolf32no kidding, know of a schools IT department where the jerk in charge doesn’t bother to wipe anything from the drives, allows it to out the door to auction. Now the school system is being sued for false claims that the computer was totally sanitized and unlocked. Sounds like this dude won’t have a job for long and the school system will probably loose in court for fraud and deceptive advertising.
@@cinderwolf32 The part where Mastercard is asking for their stuff back. That is embedded software in the bios put there by the device owner. It was activated because they have the ability to ping the equipment they own. If Mastercard had sold it legally, they would have destroyed that hard drive and fresh installed windows before it left their possession. There is a very very good chance he bought stolen property. Having it for a long time does not make it un-stolen.
@@sonnyward9857 the software is built into the BIOS not the hard drive. Would be very easy for IT to clean install Windows or even replace the hard drive and forget to clear the call home software in the BIOS (which, by design is hard to deinstall).
Also, the seller supposedly had many of them, which makes a bulk buy when MasterCard did a device refresh seem a lot more likely than the seller getting their hands on dozens of identical stolen devices. And MasterCard waited 4 years, when presumably locking the device would be part of the employee off-boarding procedure. Definitely seems more likely that this was a slip up by IT than stolen.
This computrace sounds like a nightmare. I shutter at the thought of a future where we have to pay a monthly fee to use computers. Welcome to the linux club, you don't need to be a computer nerd to join! It gets easier every year!
Now that you got Ubuntu installed you might be able to install windows but guessing the surface wouldn't work on a regular windows program. There are a few linux programs that have a more closely matched windows program...maybe if you don't like the ubuntu you could try Android, all these different softwares do is just set up for the equipment on the device...like if the manufacturer was a company that puts out androids so it would have the touch screen part of the software. Yes, if you install anything from a USB you have to use RUFUS, there's no way around that one...but at least it's free....LOL
>buy used tablet
>Never do clean install/factory reset
Thats like asking for troubles
Old thinkpads have this too, however there you have the option of flashing a custom bios such as Coreboot which completely removes any and all traces of it. its also possible to short out a chip to reset it however this is quite risky
There's a good chance you left secure boot enabled in the BIOS which caused some linux distros to bug the hell out
MDM device that was originally imaged by the Master Card company for internal use. The eBay guy who sold you the Surface has some explaining to do.
Good for you that you managed to install Ubuntu on it though; that answers a question for me 👍 Thanks for that.
so about the "you can't turn it off" thing, you CAN - but it's permanent. businesses use CompuTrace to manage important assets, like employee work electronics where the data on them may be EXTREMELY sensitive.
they go by LoJack now, but this isn't Microsoft's fault. as you said, MasterCard turned it off using CompuTrace, not Microsoft.
just be careful. CompuTrace enabled devices can have their data pulled or wiped at any time, usually without OS involvement. they can also see where it is at all times, as the BIOS itself pings them with each boot unless it's disabled remotely.
There was no way to put a fresh install of windows on it?
I'm sure it runs better anyway if it only has a couple cores and 8 gigs of ram, but I would think you could make a windows installation media USB stick and wipe the drive.
There are heaps of reasons why this need not be a resold stolen tablet. For example, when companies are declared bankrupt, receivers move in immediately to recover all stock for resale and couldn't care less about any proper decommissioning procedure. There are a thousand other examples as well.
Gnome interface is suited for touchpads. You can just touch the top left and a big app selector pops up. This vid reinforces me pawning my Surface Go after Win11 came out, and their TPM chip debacle. I fully switched to Linux and never looked back. I'll probably buy a Mac at some point, Chromebooks, anything but Windows.
I wonder if part of your issues installing it had to do with just formatting the USB.
I've had issues where if I'm trying to put install media on a usb but don't format it first it messes up. Rufus might start its process with a format.
You bought it used. The company that owned it didn't take it out of their inventory system.
It's security software working as intended. The fault lies with the company that sold it used and the person buying that used device.
But this will be great to know for the "grey market" buyers.
Now you've got me going down a rabbit hole, every single thing I have found so far state that the BIOS triggers Windows to download some software which makes your computer unusable, I don't have one of these PCs but I'd love to mess around with one, some people have had success messing up the permissions of these files that are downloaded so Windows can't execute them. I am really interested in this, and also interested in Surface Linux because Windows 10 is going EOL. My mom has been using an old Surface Pro 4 I gave her every day, and honestly it works fine, I see no reason for her to upgrade since all she uses is Chrome. The only downside I see to using Linux for her is sometimes she needs Adobe Reader because some forms she receives are PDF's but have some strange form of DRM which prevents them from being opened in anything other than Adobe Reader