I am currently working on a security-related article that focuses on the Faronics software program Deep Freeze. I'll be posting it here at Wilders as well and would like to include some experiences from members. The article will show how Deep Freeze (hang on!) renders almost all third party security tools obsolete. It is as close to fool-proof security as there is. Unfortunately, it is only now getting attention as computer security software as it was initially developed for use on school and library computers to protect their systems.

Many people who raise this issue find out real quick that many don't like the Deep Freeze solution as it ruins all the fun of messing around with security tools. I even read here on Wilders not too long ago of someone who had been vilified for daring to suggest that Deep Freeze virtually eliminates all threats to your computer.

If you have experiences with Deep Freeze (good, bad, indifferent) please either post them here or PM me. Thanks a lot and for those interested, hang on; my article might spoil all the fun. :D


Gerard

While the below posts are little dated....never the less they have user comments concerning Deep Freeze.

Deep Freeze- Back Up program (http://www.wilderssecurity.com/showthread.php?t=39466)

DeepFreeze..could this be the ultimate security tool?? (http://www.wilderssecurity.com/showthread.php?t=9876)

Thank you Bubba! I had read through those already, but it was a good reminder at some of the objections of Deep Freeze. I am reminded of the "It's just for schools" argument against Deep Freeze and like programs (namely ShadowUser). Of course, nothing could be further from the truth. Deep Freeze can be used at home for a personal license cost of only $29.95. When DF was sold last year, they lowered the price from $79.95 to the new lower price in order to encourage interest from the home user. I still think the marketing could be better. ShadowUser does a better job in this area.

I noticed that one of the arguments (from a developer of security software!) was that you could place too much trust in Deep Freeze and thereby make things worse. Actually, it doesn't really matter what happens: virus, trojan, whatever. A simple reboot, all pests are gone, and you are back to optimal state, and much quicker than an image.

In "thawed" state (when you can add programs, tweak Windows, update applications, etc.) the threat is nil when you run FreezeX, which disallows the running of any programs and many other files with use of a whitelist that tells FreezeX what is safe to run, rather than what is not. Actually, ironically, (because it was Gavin of DiamondCS that was being critical of Deep Freeze in its "thawed state") running his own Process Guard during those short times offers near-complete protection and is an excellent companion to Deep Freeze.

As for liking to install and uninstall programs and thinking it wouldn't be good because of that; actually, it's just the opposite. You can install a program anytime Windows is "frozen" and try anything to your hearts content. Like the program? Re-Boot "thawed" and it's yours and part of the freeze next re-boot. Install a nightmare program? Re-boot and it's gone forever, you are back to your "optimal state" in seconds.

Yes, for ease-of-use, you would want to setup that "optimal system" with all programs installed, etc. ALL data goes on another partition and is unaffected by anything. Once that perfect state is setup, you are as fast as a re-boot from that perfect state each time.

Again, I need Deep Freeze stories: pro, con, indifferent. I intend to show how Deep Freeze renders third-party security tools absolutely useless. Not even a reason for an anti-virus! I would very much like to use real experiences, so PM them to me or post here. Thank you!!
Gerard Morentzy

-{ Quote: "Actually, ironically, (because it was Gavin of DiamondCS that was being critical of Deep Freeze in its "thawed state") running his own Process Guard during those short times offers near-complete protection and is an excellent companion to Deep Freeze." }--{ Quote: "I intend to show how Deep Freeze renders third-party security tools absolutely useless." }-Hi Gerard Morentzy,

Aren't you contradicting yourself? Why shoud Deep Freeze need any companions to offer "near-complete protection"?

Nick

-{ Quote: "Hi Gerard Morentzy,

Aren't you contradicting yourself? Why shoud Deep Freeze need any companions to offer "near-complete protection"?

Nick" }-
No he is really not. I have used Deep Freeze and am familiar with it's thawed and frozen states. In a frozen state he's really right. Whatever happens happens and it's no big deal. Reboot and it's a perfect system. When a system is thawed for the short time to update apps or install/uninstall, that is when theoretically something could execute. Process Guard would make a perfect companion as he called it. Freeze X is much like Process Guard and it's sold by the Deep Freeze people to protect during a thawed state. I used Deep Freeze as a system admin for 100-125 workstations and was impressed. I also agree it would work fine for home users. Gerard, I've never heard of Shadowuser is it like Deep Freeze? No need to answer, I'll just google.

Well what if your hard drive fails? How would the program work then? Anyone? .....that's what I thought.

What if the program becomes more popular, will hackers figure out a way to disable the program..... or have they already? ;)

IMO it's still better to backup to an external drive (or dvd) for maximum security.

It's not a backup program. We always used Drive Image and imaged our systems, which included Deep Freeze, on the image. Backing up data is not an issue as all data is configured to save to another drive or partition. We only put the C drive in Deep Freeze. As for its popularity, "the Freeze" as many kids call it at schools, is used at thousands of schools all over the world already, it's already very popular and in many corporate environments as well. It's pretty damn stout.

Gerard, when do you need your testimonies? I can write a good one. I was very impressed with Deep Freeze when I worked with it. I just downloaded the latest version and have been playing with it for an hour or so. They've made some quality improvements that make it even better. I never really thought of it for home use either, but the new $29.95 for a single license changes all that. Used to be like $80.00 and you had to buy at least 5 or something of the sort.

Deep Freeze does seem like a good product, I am interested in hearing some user reports as well... however my interest is from the angle of having lots of people's computers to take care of and not having the time to take care of every problem that arises, and not having to teach someone how to use imaging software. This would be great for setting up someone's machine and not having to worry about it again until the next major service pack comes out. However I would NOT trust this to be the sole line of defense in a security setup. I wouldn't treat this as anything other than another imaging program, in terms of security.

Yes, it's great to be able to clean the infection with a simple reboot, but by then the damage may already be done. Since this WOULD protect against system corruption, it would mean that the user would probably not need to reboot as often, leaving a greater window of time open for these things to work. If you got something that took over your system, or continually reinfected you, you could be in even more trouble if you relied on this as your sole means of security. As Gavin stated, you would also probably continue to spread email borne malware, keeping you as part of the problem rather than the solution. Malware isn't just a nuisance anymore, some are made to steal your identity and these things are getting nastier all the time... it may only take one login to your online banking or one online purchase for the damage to be done, rebooting won't erase that data from the attacker's machine.

I have no doubt that this is a great product, and I may even get this for someone like my mom and my most recent client, but you gotta keep things in perspective. Nothing is 100%, and it's dangerous to promote it as such. It may be a fantastic alternative for imaging software, but not security and not backups (as wilhacku stated.) The bottom line is that you still need to prevent infection in the first place.

That said, can anyone give some insight to using this thing? A few questions that come to my mind are:
-How much drive space is necessary?
-Does any part of it run resident? If so, how much resources are require?
-How much time does it add to Windows start?
-What is involved in keeping it from deleting your email and downloads and how well does it deal with things like your AV updates. Does it allow for updates while protecting it from being modified otherwise?
-What about Windows Updates?

Oh boy! I knew I shouldn't have made that first response post as I would get involved in the give and take. My real intention was to lay out my thoughts in the article that I will post here at Wilders after receiving feedback. But, I see that it is probably near impossible to not answer a few questions prior to that.

Nick....securityuser already answered your question correctly but I will elaborate a bit. I intend to show in my article that Deep Freeze can be run on a home computer and keep one safe while running only one other companion program. The DF people offer FreezeX which is a program based on a whitelist concept that detects close to 100 different executable file types. Keep in mind, this program is protection mostly while the system is in the password-protected "thawed state" which is not very often. This is the state when new programs can be installed, Windows updates applied and other maintenance procedures conducted. The "thawed state" is simply the main drive running as normal without Deep Freeze protection, like most of us run our computers each day. During these thawed times FreezeX will not allow any of the close to 100 executable file types to execute. In fact, it only allows what you have given specific permission to run. That's the whitelist concept. I looked at Process Guard mentioned by a poster and can see the benefit in that program as well as opposed to FreezeX. The difference is the latter has the whitelist protection. FreezeX also would not allow any keyloggers to run at any time - thawed or frozen.

securityuser...You asked about Shadowuser. It is a good program that is similar to Deep Freeze. There are major differences though that make Deep Freeze a far better security solution. I would like feedback within a couple of weeks. I have written most of my article but wanted to include user experiences and thoughts, specifically from a security viewpoint. Thanks for your offer, it sounds like you have had good luck with the program as a system administrator.

Notok....You would love Deep Freeze for the computers you must care for. It's most well known for use in these environments.
-{ Quote: "If you got something that took over your system, or continually reinfected you, you could be in even more trouble if you relied on this as your sole means of security. As Gavin stated, you would also probably continue to spread email borne malware, keeping you as part of the problem rather than the solution. Malware isn't just a nuisance anymore, some are made to steal your identity and these things are getting nastier all the time... it may only take one login to your online banking or one online purchase for the damage to be done, rebooting won't erase that data from the attacker's machine." }-
This is where the companion program comes in. FreezeX will not allow anything to run on a system that it specifically does not permit. Rather than a blacklist-style signature database type of protection which must be updated, FreezeX is the opposite, it disallows everything unless you have said it's ok to run. No keylogger could execute as it is unknown to FreezeX which is sophisticated and goes by more than just file names.
-{ Quote: "Nothing is 100%, and it's dangerous to promote it as such. It may be a fantastic alternative for imaging software, but not security and not backups (as wilhacku stated.) The bottom line is that you still need to prevent infection in the first place." }-
I understand your thinking as I thought just as you at one time. One thing - it is not imaging software and it is not a backup utility. It is used everyday by millions for "perfect state on reboot", and in that respect it is like an image. But, it is far more than that. Now, here is where minds start spinning as it sounds so heretical: With the security plan that I will write about you really don't need to prevent infection (!!!). The only real threat is the one you mentioned and that is keyloggers that could steal personal identifying information. I have already addressed that with the companion program (FreezeX) a keylogger cannot run on a whitelisted, frozen, protected Deep Freeze system. As for viruses using email, that is a vulnerability that I will address in the article. Keep in mind that nothing would keep you from running an AV if a person felt more comfortable doing so. Any AV can be run if it is frozen as part of the system.

Notok, as for your technical questions I would refer you to the Deep Freeze home page at http://www.faronics.com/html/DFStd.asp and an extremely good resource at their FAQ site at http://www.faronics.net/faq/ ...they have sections for general and enterprise use at the faq site, which notice is at faronics.net and not the main site.

Thank you so far for the feedback and I would love to hear more. With this product you must keep an open mind as it can be a revolutionary product, not to just let kids tinker and then everything is perfect on reboot, but far more than that for the individual home user.

Gerard Morentzy

Here's a good read on the program http://www.dslreports.com/forum/remark,7058164?hilite=deep+freeze
No program is unbeatable and anyone who relies on just this program without much much more research is a nut imo.

I won't be giving up my regular security apps any time soon, though I've known about DF (and others like Shadowuser, GoBack, Restore it ect..) for some time now, but still would not rely on only DF because it is still possible to beat the program.

Anyone who thinks this program is the holy grail of security programs should think twice before giving up their more trusted and proven security apps. It may be a useful addition to ones line up, but I simply wouldn't rely on just this program for all my security needs. It still best to rely on more proven techniques and programs before you jump on the DF bandwagon and assume it's the "cure all" of computer security/malware problems.

iwillhacku, Deep Freeze is NOT like Go Back. That thread is FULL of misinformation. I have a suspicion you have a reason to be afraid of Deep Freeze and its impact on security product sales. Nothing is 100%. We might both die tonight! Who knows? No such thing as 100% in ANYTHING. The attacks against Deep Freeze would require someone targeting you specifically, getting thru your router, knowing EXACTLY what to do and more. I think your objections are far off base and are based on misreading Gerard's posts. You CAN run anything you want in addition to Deep Freeze though I agree with Gerard that it's probably unnecessary. It just wouldn't be as much fun would it? It would also dent some pocketbooks of those selling apps that would be useless if Deep Freeze or Shadowuser caught on. ehh? To Gerard, I will write something for you and email it to you but I can't get your email as I am not registered. Could you send your email address to secuser54 at yahoo dot com?

Ahhh...Life is too short to get all upset about something like this.

I have a New Year's Eve party to attend so I have to make this short.

I read the old DSL thread and had, in fact, read it and archived it in preparation of my article. Actually, the criticisms were valid in several of those posts. However, most of the messages in that thread were over 2 years old and much has changed. Namely - the addition of FreezeX to the Deep Freeze family. Until FreezeX, it was a legitimate concern about what may happen before reboot. I would encourage you to read about FreezeX and see how it works on the whitelist concept.
http://www.faronics.com/html/Freezex.asp
Trojans, Virii, etc. could NOT execute within Deep Freeze with FreezeX running. secrityuser already mentioned that this is not another "Go Back" program.

It is important to remember that Deep Freeze should only be configured on a pristine Windows XP with all updates, etc. The frozen state should be configured after AV programs are run, AT programs are run, etc. Once that perfect state is configured, with all your programs, it is "frozen." I simply fail to see how the program cannot protect you with DF and FreezeX running. It is my understanding from my communications with the company (Faronics) that there was some consideration to rolling FreezeX into the Deep Freeze program. But, to keep security high, the programs are still separate. No trojans can be executed between boots as FreezeX will not allow their execution.

As I said, some of the criticisms of DF in that old DSL Reports thread were valid. Deep Freeze now has FreezeX which has quieted the criticism.

securityuser, I have sent an email to your posted email account. Thanks again for your help in relating your experiences. I look forward to receiving your testimony.

I have to go ring in 2005. See you....uh....next year!
Best to all and HAPPY NEW YEAR!

Gerard Morentzy

securityuser: Why not post at least some feedback here so that everyone else here can learn a bit more about using the program?

I have nothing but great things to say about Deep Freeze. We use it all over the district and the security is incredible. The kids download anything and everything and upon reboot, it is gone. I have wondered for a long time why they haven't offered this heavily to the home market. We also run with Freeze-X and together I would pit them head to head against anyone with 15 different security programs running. Freeze-X keeps anything and everything from executing when we're in maintenance mode at which time I usually will run several other tools to make sure the 'clean freeze' is nothing put a perfect and secure setup of Windows XP and programs. The kids are allowed to keep data files on (depending on grade) floppy, USB Flash Drives and even on a data-only server with password-enabled folders. I use Deep Freeze at home and it is very simple. Once you get the hang of it, it's a breeze. I like being able to try new programs on the fly and if I don't like it, it's gone on the next reboot with no sign of it ever having been on my system. It's great to try shareware and things I would otherwise be very careful with. I purchased my Deep Freeze home licensed for 29.95 and then Freeze-X for I think about the same price. If you do all maintenance offline, Freeze-X is optional. I feel secure with Deep Freeze and oh, I should tell you, I have had many kids tell me upfront that they have tried hacking the Freeze with no luck. The tricks on the Internet don't work with the latest release and Faronics is quick to fix any problems at all. It's such a simple concept that it seems too good to be true. One of the members wrote in a post above warning that trusting Deep Freeze is nuts. No more so than trusting the tons of software listed in your signature. To the man who started the thread here, feel free to use my testimonial in any way you like and I look forward to reading your article. I have a feeling you will say what I have been saying for a long time. The Freeze could make the dozens and dozens of security tools used to protect systems quaint reminders of what it used to be. Some don't believe it and that's fine, but try it yourself. I just looked and the trial is a full sixty days.

First off I would like to say at no time did I say that the program wasn't good, I was just trying to say that I don't trust a program that is not backed by the top computer security experts. I'm not just going to drop all my proven security programs because some guy (sorry, no offense Gerard) (or a website) says you should. It's always better to layer your security apps than to just rely on a single program imo. Because if the program is hacked what do you have then?

Now, the program has been around for quite some time and most of the computer security forums and security experts are still recommending the AV/AT/AS + firewall route. Now if this program is really so great why isn't everyone raving about it all over the internet? I haven't seen one positive review of the program by any security experts or even many positive sounding posts about the program at any of the major security forums other than here. You would think there would be more positive talk about a program that is as revolutionary and fabulous as your saying DF is.

Some may say, well all the security experts and security forums are profit driven (or down right paid off to give a certain point of view) and I may agree with you to a certain extent, but there really should and WOULD be more postive feedback for a program that is supposed to be such a fantastic and nearly fool-proof security program.

So my question is, where are all the reviews saying this program is the end to all the other proven ways to secure your system? I'm looking for trusted expert reviews, not just some persons opinion, who may very well work for Faronics (or being PAID to post a positive review) and just here to push their own product, which is VERY VERY common on this site.

I used a PC in a hotel set up for kiosk browsing with Deep Freeze. Despite many efforts to screw it up, the machine would revert to its config after each reboot. Good for a PC used by kids or for kiosk browsing. Not useful for one's own PC, provided the user has any kind of security awareness.

-{ Quote: "Not useful for one's own PC, provided the user has any kind of security awareness." }-
I wish Gerard would come back and answer this. Diver, could you explain why it wouldn't be good for a home user? If it stands up to attempted abuse at hotels, kiosks, schools, libraries and every other place where the kitchen sink is thrown at it, why would it somehow be "not useful" for the home user? This line of reasoning makes no sense to me.

I think one of the main items that hasn't been brought up is the ability of programs such as ShadowSurfer/ShadowUser or DeepFreeze to protect you against zero-day exploits (you know the ones that your average A/V, A/T or firewall won't protect you from if you're one of the un-lucky first ones hit with something totally new).

But I also believe it's necessary to stress that you really shouldn't run in either ShadowMode or "Frozen" for long periods of time, for the reasons given above (you could conceivably be running with an infected computer for a long period of time, with all the "infection of others" and "loss of private info" concerns noted).

IOW, booting should be done at least twice daily.

I'd also note that Gerard's touting of the "FreezeX" technology (while poo-poo'ing every other form of resident protection and claiming they're all obsolete) results in nothing more than trashing one set of defensive tools (your own) for another - FreezeX. (Quite profitable for the DeepFreeze people, I'm sure).

FreezeX itself sounds like something you'd have to deal with constantly if you relied on it - and it pre-supposes that whoever the other operators of the computer are will know how to deal with it, also. (I'll take resident protection of the programs that I already have on-board and that other people can't screw with, thank you).

Not sure anyone's really touched on the fact that if DeepFreeze does catch on wildly in the private sector, it'll certainly come under attack just like any other defensive program. Exploits will be found, especially if the program is weak at any point during the switch from "Frozen" to "Un-Frozen".

I've never used DeepFreeze, but glancing at the literature, it seems a lot more difficult to set-up and use - and it sounds like you have to deal with FreezeX constantly (although I may be wrong).

I use and like ShadowUser (although ShadowSurfer's just as good for the average user) and both of those programs are a lot simpler to deal with.

Just my .02 Pete

I will wait to address the home user vs. schools and libraries user discussion until my article, suffice to say the argument is full of contradictions.

I did want to mention that I in no way have anything to do with Faronics. I am hoping maybe someone with that company might come here and offer some thoughts. That kind of accusation gets old on forums when someone finds benefits from a program and has good things to say about it.

Pete, I agree about zero day exploits. Thanks for bringing this up. Deep Freeze, btw, isn't really any harder at all than ShadowUser. Though I would argue the same basic premise for both products. Also Pete, the only reason I mentioned FreezeX is that it is the sole program I know of that works on a 100% whitelist principle. I mentioned Process Guard in one of my posts and said that could be used instead of FreezeX. Considering the unique nature of the product, I don't consider it "trashing" other products to mention FreezeX as a "safety net" program to go along with DF. Saying it could render the others obsolete is a bold statement, I admit, but is not "trashing" any other product. For example, electric lightbulbs rendered kerosene lamps for home use obsolete. That's not "trashing" kerosene lamps, but only noting the progress of new technology. Likewise with this software. And no, I am not comparing DF to the light bulb, only the context in which I wrote! I don't have a dog in the hunt, other than believing that DF can be one of the most effective programs a security-minded user can have. And yes, Pete, I do believe that spending hundreds of dollars on multiple "security programs" could be rendered obsolete by the use of Deep Freeze and other like technology. So called "layered protection" sounds good, but talk about "lining pockets!!", that's what many of these programs do for their makers, even though they would be totally unnecessary if running Deep Freeze. Like I said in a post above, I will address the "all eggs in one basket" argument in my article.

I appreciate all of the feedback. It helps to hear the pros, cons, and questions from some who do not know of Deep Freeze.

Thanks again,
Gerard Morentzy

Hi Gerard Morentzy,

I see in the FreezeX FAQ that Faronics recommends the use of an AV: Do I need FreezeX if I have an antivirus program? (http://www.faronics.net/faq/index.php?sid=12984&lang=en&action=artikel&cat=2&id=97&artlang=en). I also see that SanDiegoSchools (post #14) refers to the use of "tools" to verify a "secure setup" before freezing. What do you consider necessary to ensure that you are not "freezing" a compromised system? If you freeze a compromised system, are there any other rescue options available besides relying on the use of imaging software?

Nick

What do you guys think of Winrollback? (http://www.datapol.de/dpe/prod/winrollback/)-{ Quote: "ATTENTION: WINRollBack offers the novel facility to deactivate the protective effect during operating time in order to permanently define modifications without prior restart." }-

Not really. Have you?

Here's how someone might set up Deep Freeze for XP:

After 35 passes with DBAN, create 3 partitions: format C, D, E drives with fat32. Next install an nLite version of the devils own, and configure Windows appearance to preference. After using WWDC and XPantichrist come machine-specific registry mods, then disable remaining services. Next install few essential programs, among them software firewall and other than "blue-e" to surf with. Now is time to configure those programs that allow to backup files to D drive. After that a person mite create an internet connection but NOT yet connect to the internet. Finally, its possible to place the DF installation executable in My Documents folder and defrag the C drive. You could even use Drive Image 5 to create the Image of C drive, which could be saved to D drive (for later "burning" to CD/DVD). Shutdown Restart, install DF Standard Edition choosing to "freeze" drive C ONLY, leaving drives D,-n- E "thawed".

Seen not to rely "solely' on Deep Freeze. One weakness in that approach mite be *potential* viral licking of secret files on "thawed" drive(s) to temporary reinfect the C drive when accessed. Certain approach to this concern is 1. save projects+reboot before connecting to internet (mabeeeeeee,eeeeeee,wheeeeeeee,wheeeee same procedure for demo software: reboot before connecting to internet).2. attach+ZorIt all "thawed" everything to existing large mb files too big for sublime upload.

Correct? Spyware lifespan on Deep Freeze protected computer would be duration of each surf session till reboot. In other words nternet Explorer welcomes spyware into your computer but deep freeze gets rid of it not until you restart.


Experience:
___________


"Deep Freeze protects newbies from snafu!"

I surf wherever i want download whatever i want open whatever i want. It don't matter. Sometimes i show off and delete Windows folder like for fun!


"Deep Freeze is fun for entire family!"

No more objection to spyware games on My Computer, but play offline. And turn it off when you're done. Thanks. F'n great to not hear hard feelings and everyone smiles! My guests, please surf drive-thru resources. Yes.


"Deep Freeze stops threats from where sites!"

One time generated #'s with a program found on a internet. Run program wrote # then Shutown/Restart (remove program traces) shift_ctrl_alt_f6 enter password, boot thawed next time. Enter #, Restart frozen.


"Deep Freeze maintains user privacy!"

"This one guy i used to know was surfing porn on somebody elses computer and they come in so i just restarted and all traces was gone."


"Deep Freeze prevents anxiety!"

Suspect that last outgoing packet? Reboot.


"Deep Freeze dramatically extends many program trial period!"

"I saved thousands in software purchases over the last 24 months. Thanks Deep Freeze!"


"Deep Freeze inhibits the growth of government information databases"

Big brother spyware wont stick if you have Deep Freeze on your computer first. Using Deep Freeze guarantees the expense of skilled forensic examiners.


0ther:
_____________

Today, i drove MicrosoftAntiSpywareInstall.exe. It found 0. Yet another stillborn software due to superior concept of Deep Freeze. Imagine MS resources on Deep Freeze/ShadowUser foundation! Something new on machines? Yes!

Hey!

Deep Freeze+software Firewall+Ssm or ProcessGuard or Abtusion Protector

Backup program+Integrity Checker Utility to verify all content @ startup.

Don't use Outlook E-Mail or nternet Explorer unless forced! This gets security level high.

Anti virus, Anti trojan, Anti Spyware, Privacy cleaners, Maintenance tools: obsolete.

-{ Quote: "What do you guys think of Winrollback? (http://www.datapol.de/dpe/prod/winrollback/)" }-

It's obsolete.

j/k

-{ Quote: " Not sure anyone's really touched on the fact that if DeepFreeze does catch on wildly in the private sector, it'll certainly come under attack just like any other defensive program. Exploits will be found, especially if the program is weak at any point during the switch from "Frozen" to "Un-Frozen"." }-


I agree, and a point that should not be overlooked. I would think the same thing should also apply to FreezeX. A good move perhaps would be to keep some (or all) of your regular security programs for a back up if you do decide to use DeepFreeze/FreezeX. Many of these programs are free anyway and if they aren't you can usually find free versions of firewalls/antivirus/antispyware that you could use as a backup along with DeepFreeze. It really couldn't hurt to have these programs for a backup plan that you may wish you had down the road if new ways are found to beat the programs.

MagicLanternTM - I realize that your post was tongue-in-cheek, but let's not give people the wrong impression, okay?

To the best of my (admittedly limited) knowledge, both DeepFreeze and the "Shadow" programs simply allocate and then utilise an unused section of your HD's free-space to create a virtual volume - but neither program is simply running in RAM. (Oh, would that they were!)

When you either "UNFreeze" or come out of ShadowMode, as the case may be, all that happens is that the information on the section of the HD that was being used is deleted - not erased.

Unless you run an erasing program's "Free Space" wipe after coming back into regular operating mode, all the info contained in your session is still recoverable, forensically...

Nor can you delete your actual Windows folder - the copy running in the virtual volume - maybe (haven't tried it, myself).

Anyway, it's good to see some humor about the subject. Pete

I must say Deep Freeze is a great program no matter how you guys look at it I understand diffrent people's opinions deep freeze may or may not be for everyone but it is one of the best program i ever used so far the fact that i hate to do reinstall/formatting for every system glitch that happens down the road deep freeze will actually prevent this unless you have a hard drive faliure thats another story lol. And as for thaw/frozen mode states whenever you are in thawed mode i would peronally do the updates offline (meaning disconnect the comp from the internet and would want to do this before you go to thaw state) that way you know that your system stays super clean Plus there are ways to update your system without internet connection can be tricky but its possible been doing it this way. Using deep freeze is really not that bad despite how some users say its to much work. Work is when you have to keep reimaging for every single minor update just to keep your image file up to date now thats work lol but deep freeze its really is worth it i been using deep freeze for some time now havent had a reinstall since then.

Hope this post will help some DF users out there

Thanks BMJP! That's very good advice! For maximum security, one should thaw offline. Thanks for your thoughts.
GM

Hmm...an interesting thread but one which does raise the following questions - if anyone here would care to humour a security cynic like myself... ;)-{ Quote: "Trojans, Virii, etc. could NOT execute within Deep Freeze with FreezeX running. secrityuser already mentioned that this is not another "Go Back" program." }-Since trojans are normally hidden in "useful" programs, how could Deep Freeze/FreezeX prevent one from executing if it was hidden in a software package that you wished to install (and would presumably authorise FreezeX to run)?-{ Quote: "Not useful for one's own PC, provided the user has any kind of security awareness." }-One weakness of the Deep Freeze approach for home users is the need for more frequent reboots. If you want to install software, you have to reboot to get into thawed mode and install (accoring to Faronic's FAQ (http://www.faronics.net/faq/index.php?sid=&lang=en&action=artikel&cat=382256&id=70&artlang=en)).

The other issue is the need to segregate all data (e.g. emails, documents, pictures) onto a separate non-frozen folder or drive to avoid it being lost on reboot. This then raises the possibility of them being infected by macro viruses if you do not run an anti-virus scanner.

Program settings files also need to be segregated to avoid having to reconfigure everything after a reboot. This is less of an issue for enterprise users with large numbers of PCs using a few programs with a standardised configuration - but a home user has to take the time to study each piece of software they install to identify any parts (configuration files, working data) that need to be preserved across reboots and then move them to an unfrozen folder.

Programs that store their configuration data in the Windows Registry would appear to pose a real problem here since this data would presumably be reset to installation defaults on reboot with no easy way to preserve it.

-{ Quote: "Since trojans are normally hidden in "useful" programs, how could Deep Freeze/FreezeX prevent one from executing if it was hidden in a software package that you wished to install (and would presumably authorise FreezeX to run)?" }-

Like I said, I'm not familiar with FreezeX, but the bottom line there is it doesn't matter - the image would more than likely get infected. If personal valuable data is available in the image, then it could be gotten - whether through in-attention or ignorance of the user in regard to what they were "allowing".

The only method I know of for sure to block such an occurrence is to do what I do, anyway, which is to make sure that my normal defensive programs are running within the "image", too (speaking about ShadowUser here - everything I've got is on "C" drive, so if it runs when I'm out of ShadowMode, it runs while I'm in ShadowMode, too).



-{ Quote: "One weakness of the Deep Freeze approach for home users is the need for more frequent reboots." }-

I don't really see that as a weakness, unless you've got different people jumping on and off the computer every five minutes day and night - and not even then, really. For instance, here, I have the computer during the day (normally NOT in ShadowMode). When I get ready to leave for work (after having done "backing out" scans with a bunch of stuff like AA and SBS&D, among others, plus full scans with whatever of my defensive programs has updated that day), I set the computer to go into ShadowMode the next time it starts. So my family uses it while I'm gone. As soon as I come home, I set ShadowUser to turn OFF ShadowMode and re-start the computer - everything they've done is gone and I'm back to my original "clean" state.

-{ Quote: "If you want to install software, you have to reboot to get into thawed mode and install (accoring to Faronic's FAQ (http://www.faronics.net/faq/index.php?sid=&lang=en&action=artikel&cat=382256&id=70&artlang=en))." }-

That isn't the case with ShadowUser - if you want to really keep something you've gotten while in ShadowMode, you simply "commit" it to disk - remember - all my defensive programs run in SM, and whatever it was has been scanned and thoroughly examined before "commit"'ing.

-{ Quote: "The other issue is the need to segregate all data (e.g. emails, documents, pictures) onto a separate non-frozen folder or drive to avoid it being lost on reboot. This then raises the possibility of them being infected by macro viruses if you do not run an anti-virus scanner." }-

True. Not applicable here for two reasons, though - one, I have scanners running in the image and two - I don't let anyone keep anything on here without my seeing it first (web mail doesn't get lost, BTW - email to something like OE does). Documents, pictures, songs and stuff that they d/l - if they want to keep them, they leave me a note for when I get home.

-{ Quote: "Program settings files also need to be segregated to avoid having to reconfigure everything after a reboot. This is less of an issue for enterprise users with large numbers of PCs using a few programs with a standardised configuration - but a home user has to take the time to study each piece of software they install to identify any parts (configuration files, working data) that need to be preserved across reboots and then move them to an unfrozen folder." }-

I'm not really sure where you're coming from with this. Why would you be messing with your program settings to start with while either "frozen" or in ShadowMode? Also, as long as you set up a program while un-frozen or out of ShadowMode, the settings are going to stick at the re-boot. I can see why part of that might be a problem if, as you say, you can't commit a program back to disk with DeepFreeze like you can with ShadowMode, but even then, at most, you'd only have to re-set them once after you un-froze or whatever - after that, they'd stick every time you re-started and they'd stay like that even if you then went into the frozen state.

-{ Quote: "Programs that store their configuration data in the Windows Registry would appear to pose a real problem here since this data would presumably be reset to installation defaults on reboot with no easy way to preserve it." }-

The same applies to that as what I just wrote above.

The long and the short of it is that neither SU or DF are the total answer - but neither program can be beat for getting you back to a clean state in a hurry.

I've got, I guess, about $3000 or so invested in this set-up - if some think I'm being too harsh with the other users here because of the limitations I put on them when using this computer - think again. To me, programs like SU and DF are absolutely ideal for preventing damage to your computer by other users' whom you can't watch that use your machine.

And now I'm going to bed. Night all! Pete

-{ Quote: "I'm not really sure where you're coming from with this. Why would you be messing with your program settings to start with while either "frozen" or in ShadowMode? Also, as long as you set up a program while un-frozen or out of ShadowMode, the settings are going to stick at the re-boot. I can see why part of that might be a problem if, as you say, you can't commit a program back to disk with DeepFreeze like you can with ShadowMode, but even then, at most, you'd only have to re-set them once after you un-froze or whatever - after that, they'd stick every time you re-started and they'd stay like that even if you then went into the frozen state." }-My comment was aimed at DeepFreeze rather than ShadowMode - I've not used either so am basing my comments on statements made in this thread and Faronic's website.

The program configuration issue comes down to what software you run and how you use it. For example, I use the GetRight download manager which is chock-full of options and I do sometimes need to change them on-the-fly to get a download from a specific website (an FTP site may need a password, a website may require a specific cookie, etc). These changes could not be retained with DeepFreeze since I would, according to their FAQ, have to reboot to get into thawed mode, then make the change and then revert back to frozen mode. If you can get your software ideally configured first time for every situation then this problem need never arise true, but in reality how likely is this?

Small but frequent changes (e.g. browser website bookmarks, re-arranging the Start menu, adding a shortcut to the desktop) would seem to pose a particular problem. Even if you can "thaw and refreeze" to pick up such changes, you then have the possibility of adding malware alterations to your frozen configuration. Basically, you have to be highly disciplined and restrict any alterations to specific periods, ruling out spontaneous changes and making troubleshooting much harder.-{ Quote: "The same applies to that as what I just wrote above." }-With one difference - some programs continually amend their registry entries and may not work properly if these get out of sync with other aspects of their configuration.-{ Quote: "The long and the short of it is that neither SU or DF are the total answer - but neither program can be beat for getting you back to a clean state in a hurry." }-I have to confess that I think a full image backup could be better since it would avoid any possible configuration consistency issues. However doing this often would require more time and disk space.

It's late and I'm tired, but I wanted to respond to a couple of things real quick and more later.
-{ Quote: "The program configuration issue comes down to what software you run and how you use it. For example, I use the GetRight download manager which is chock-full of options and I do sometimes need to change them on-the-fly to get a download from a specific website (an FTP site may need a password, a website may require a specific cookie, etc). These changes could not be retained with DeepFreeze since I would, according to their FAQ, have to reboot to get into thawed mode, then make the change and then revert back to frozen mode. If you can get your software ideally configured first time for every situation then this problem need never arise true, but in reality how likely is this?" }-
You can make any changes you want on-the-fly with GetRight or any other program. Yes, if you want a default setting to stick then you need to configure in a "thawed" state. But running the Freeze in it's normal "frozen" state you can change whatever you want anytime you want. This would include running trials of any programs and seeing if it's what you want before ever actually committing to a true install, which would be done thawed. Keep in mind, the purpose of DF in the first place was to allow students to do what they want on the PC and not be tied down to restrictive software. You can change options or do whatever and run them however you need to. Rebooting only brings it back to it's default state with your optimized original configuration. But that does not keep you from making changes on-the-fly.
-{ Quote: "Small but frequent changes (e.g. browser website bookmarks, re-arranging the Start menu, adding a shortcut to the desktop) would seem to pose a particular problem. Even if you can "thaw and refreeze" to pick up such changes, you then have the possibility of adding malware alterations to your frozen configuration. Basically, you have to be highly disciplined and restrict any alterations to specific periods, ruling out spontaneous changes and making troubleshooting much harder.
" }-
That's one way of looking at it. I know that Faronics thinks this is a positive. It is what keeps the "frozen" state bullet-proof. It prevents nickle and diming the system to an insecure state and allows you to work in a secure environment at all times. Does it make it a little harder when you want to add, remove or make permanent changes to the configuration? Yes, it does. It's much easier though than keeping a dozen programs updated, running "on-demand" scans for all types of malware and numerous housekeeping tasks that Deep Freeze renders unnecessary.

I know that Faronics does recommend the use of an antivirus, and supports and encourages the use of imaging software. You can image a thawed Deep Freeze drive. If there are any problems, simply put the good image back on and reboot in a "frozen" state and you're good to go. But imaging is unnecessary to get back to a perfect state if there are no problems, as this is done each and every time you reboot.

Data. Most every program allows you to place application data in a custom path. I have all application data in another partition and this includes "My Documents", all "Documents and Settings" configurations including Outlook Express (though I no longer use that program). The only thing that is frozen is my C: drive which has only the OS and applications, which enables a perfect state upon reboot.

There's more I would like to cover, but it's very late and it will all be covered in the main article I am working on. As I said, I will post that article here at Wilders as well.

Have a good day.

Gerard Morentzy

-{ Quote: "Keep in mind, the purpose of DF in the first place was to allow students to do what they want on the PC and not be tied down to restrictive software." }-I would agree - but home use (where people do make ad hoc changes that they want to keep) does look to be more of a problem.-{ Quote: "Data. Most every program allows you to place application data in a custom path. I have all application data in another partition and this includes "My Documents", all "Documents and Settings" configurations including Outlook Express (though I no longer use that program). The only thing that is frozen is my C: drive which has only the OS and applications, which enables a perfect state upon reboot." }-Well, let's look at a few examples:

GetRight 5.2a:
Configuration held in registry (HKCU\Software\Headlight\GetRight). No option to change this.

Opera (6.xx):
Bookmarks held in opera6.adr file, configuration in opera6.ini, search options in search.ini - all in Opera program folder. Opera does offer the option of having separate settings for each user though and selecting this on install would probably relocate these files to the appropriate user Application Data folder (not tested).

Outpost Firewall:
Configuration held in .cfg file with plugin details in an .ini file. As long as the two files are in the same location, they can be stored anywhere. Registry information is held in HKLM\SOFTWARE\Agnitum\Outpost Firewall and includes static (e.g. licence key) information but some configuration details also (window sizes, trashcan transparency, update settings, configuration filename).

Process Guard:
Pghash.dat and pguard.dat files located in WINNT\System32 folder - no option to change this. Frequently updated registry data held at HKLM\SOFTWARE\Diamond Computer Systems\ProcessGuard v3.0.

Proxomitron:
Configuration held in .cfg file in program folder - no option to change this. Blocklists held in Lists subfolder.

Based on the above, trying to set things up so that changes can be made without having to reboot/thaw/change/freeze would seem rather hit and miss (Process Guard in particular could pose a problem if the encrypted file contents got out of sync with the Registry - ever noticed anything when running it?) and does require at least good familiarity with the software concerned.

Device installations are another problem area - while it may be a fairly simple and obvious step to thaw a system before adding a new item, how many people are going to be aware that USB peripherals will need to be plugged into every available socket in turn to ensure that no further driver installations are needed?-{ Quote: "There's more I would like to cover, but it's very late and it will all be covered in the main article I am working on. As I said, I will post that article here at Wilders as well." }-I look forward to seeing it - this is the sort of thing that brings out some interesting debates. :)

XPro, Deep Freeze, FreezeX installed:

Erasing disk free space while frozen -still- fatally crashes a DF protected system. I see no solution short of the DF program itself intercepting the wiping process, which is the purpose of FreezeX.

I used DCS APT to disable 'High' setting of FreezeX protection, but all files I chose to delete were again restored by DF after reboot.

Note: The erasing utility and APT are imaged into my system and were therefore allowed by FX to function. They are useful to me and I will not remove them. IMO, ProcessGuard is currently the best choice to compliment DF protection.

bye.

I've been following this thread with interest, and for many appications, particularily home use it seems to me that Raxco's First Defense offers the same protection but maybe much simpler.

I use the primary snapshot which is the original system, and one Secondary snapshot I've created. I start the day with them identical. If at the end of the day I want to reset my computer to like it was in the morning I can by doing a 2 to 3 minute copy from secondary to primary. On the other hand if I want to keep todays activity permenantly but have the same choices tomorrow I just to the copy from Primary to secondary. Then I start tomorrow like I ended today, and have the same options tomorrow. No freezing and thawing involved.

-{ Quote: "XPro, Deep Freeze, FreezeX installed:

Erasing disk free space while frozen -still- fatally crashes a DF protected system. I see no solution short of the DF program itself intercepting the wiping process, which is the purpose of FreezeX." }-

Yes, it does the same thing if you try to defrag or run Disk Maintenance in XP with ShadowSurfer/ShadowUser, too. ShadowUser's knowledgebase states the following:

""Should I defrag my disk while in ShadowMode?"
A. No. Defragging a system changes the sectors. While in ShadowMode, ShadowUser is tracking all the changed sectors and re-directing them to another location on the disk. It is not recommended to defrag the disk while in ShadowMode."

But why would you be trying to do those things in either "frozen" or ShadowMode, anyway?? Or are you trying to point that out as a possible attack mechanism, or what? It simply doesn't make sense to defrag a temporary image on your HD - or to attempt Disk Maintenance while in that state.

-{ Quote: "I used DCS APT to disable 'High' setting of FreezeX protection, but all files I chose to delete were again restored by DF after reboot." }-

Are you talking about files created or d/l'ed while in the frozen state? Or system files? Because you couldn't have erased anything but the copies of the system files that were being run in the temporary zone during a frozen state.

-{ Quote: "Note: The erasing utility and APT are imaged into my system and were therefore allowed by FX to function. They are useful to me and I will not remove them. IMO, ProcessGuard is currently the best choice to compliment DF protection.bye." }-

I won't be removing any of my programs here, either. And, yes, I quite agree that PG compliment's both DF and SU's protection. (Everyone's OS-compatible computer in the world should have PG on it, actually). Running your erasing utility while in the frozen state doesn't make a whole lot of sense to me, either - if you're really trying to get rid of any information obtained during a frozen session, the safest way to make sure of doing so would be to run your erasing utility after going back into "un-frozen" mode - because all the information's still there, just marked as ready for over-writing on whatever portion of the disk was used.

We're getting much too esoteric here, I think. And I'm out of time for today, anyway. Good discussion, though. Pete

Regarding defrag: Maybe this app has a different approach?

-{ Quote: "WINRollBack protects and eliminates:





All modifications of programs and operating system


Adding and deleting files and folders


Editing files and folders


All – also unrecognised – contamination with viruses, Trojans and malware of all kind


Effected formatting of the hard drive


Effected fragmenting/defragmenting of the hard drive


All manipulation of the partitioning charts


All manipulation of the boot sector


Possible check disk (CHKDSK) or scan disk procedures" }-

I imagine it locks a sector that it's on so that even running defrag will not affect it? (or are they saying there is no need to defragment)

I agree with spy1 when deep freeze is frozen its is frozen period even erase unused space wouldnt matter DF is using a bizzare method of tracking your data the only way to get around DF is for windows not to be running at all DF is a kernel driver which basically means any attempts to uninstall df manually in thawed mode u will get a blue screen of death cuz i tried it myself as a part of the test so save yourself the trouble and uninstall it the right way cuz u will screw yourself if you try to uninstall it manually this just show how well it installs kind of like intergrating with windows once windows has loaded in frozen mode thats it windows cant be altered its only temporary changes untill it is thawed mode or windows not running (bootable options).

let me know what you guys think Thanks

-{ Quote: "I agree with spy1 when deep freeze is frozen its is frozen period" }-I will say again, depending on your viewpoint, this could be it's most appealing aspect. You are quite right, it is frozen. Any permanent changes must be made in the password-protected "thawed" state.
-{ Quote: "DF is using a bizzare method of tracking your data" }-
Huh? You lost me. How does Deep Freeze track your data? It doesn't at all. Choose your words carefully!

As for uninstalling, the whole idea is for it to be very difficult to tamper with. It will cause hell attempting to uninstall the wrong way in a thawed state. Of course, DF is uninstall-proof in it's "frozen" state. It has never been hacked by any student anywhere as far as I know, and needless to say, many have tried. The correct way to uninstall is to run in the password-protected "thawed" state, run the Deep Freeze install program again, which will ask for password once more and then, and only then, are you given the uninstall option.
-{ Quote: "let me know what you guys think
" }-About what? You didn't really offer any observation except that you should uninstall correctly. If you mean the "tracking data" comment. That made no sense at all, could you elaborate?

-{ Quote: "Yes, it does the same thing if you try to defrag or run Disk Maintenance in XP with ShadowSurfer/ShadowUser, too. ShadowUser's knowledgebase states the following:

""Should I defrag my disk while in ShadowMode?"
A. No. Defragging a system changes the sectors. While in ShadowMode, ShadowUser is tracking all the changed sectors and re-directing them to another location on the disk. It is not recommended to defrag the disk while in ShadowMode."

But why would you be trying to do those things in either "frozen" or ShadowMode, anyway?? Or are you trying to point that out as a possible attack mechanism, or what? It simply doesn't make sense to defrag a temporary image on your HD - or to attempt Disk Maintenance while in that state.



Are you talking about files created or d/l'ed while in the frozen state? Or system files? Because you couldn't have erased anything but the copies of the system files that were being run in the temporary zone during a frozen state.



I won't be removing any of my programs here, either. And, yes, I quite agree that PG compliment's both DF and SU's protection. (Everyone's OS-compatible computer in the world should have PG on it, actually). Running your erasing utility while in the frozen state doesn't make a whole lot of sense to me, either - if you're really trying to get rid of any information obtained during a frozen session, the safest way to make sure of doing so would be to run your erasing utility after going back into "un-frozen" mode - because all the information's still there, just marked as ready for over-writing on whatever portion of the disk was used.

We're getting much too esoteric here, I think. And I'm out of time for today, anyway. Good discussion, though. Pete" }-

Pete/Spy 1,

You have made some excellent points regarding Deep Freeze and ShadowUser as well. I agree completely about the erasing of files on a frozen drive (and defragmenting) as it does no good at all. At reboot, you're back to exactly what you "froze" byte for byte. I also agree, and said in an earlier post, that Process Guard is an incredible security tool. Nobody can go wrong using it. Thanks for your input, great stuff!
Gerard

-{ Quote: "Hi Gerard Morentzy,

I see in the FreezeX FAQ that Faronics recommends the use of an AV: Do I need FreezeX if I have an antivirus program? (http://www.faronics.net/faq/index.php?sid=12984&lang=en&action=artikel&cat=2&id=97&artlang=en). I also see that SanDiegoSchools (post #14) refers to the use of "tools" to verify a "secure setup" before freezing. What do you consider necessary to ensure that you are not "freezing" a compromised system? If you freeze a compromised system, are there any other rescue options available besides relying on the use of imaging software?
Nick" }-

The single most critical thing you do when Deep Freeze is first installed is to ensure a clean machine. That means running a complete security wash of your PC. Antivirus, AT, anti-spyware, safer XP configurations, the whole ball of wax. After that, and offline, Deep Freeze should be installed along with all other programs. Everything should be configured to its perfect day-to-day state and then in "thawed" mode, an image should be made. Deep Freeze supports all major imaging programs (Ghost, True Image, older and better Drive Image, all of them.) That perfect system image with Deep Freeze installed becomes your master in the event of a hard drive failure, etc. It is also used by some individuals as the last safety net, as you know that the master image is as clean as one can make their PC. Deep Freeze will keep it that way upon each and every reboot.

sorry for the misunderstanding what i mean by tracking is how does deep freeze works in order to restore your system upon reboot thats what i meant deep freeze has to know what you have on your hard drive First kind of like data comparison before and after kind of thing for example take norton ghost for instance in order for ghost to restore your comp ghost has to read off a ghost image file first and whatever the condition of the image file is thats how your hard drive will be exact identical from that image now problem with images is that they can take a great deal of space unless u have external drive for dedicated backups (for those that only have a single very large drive would have to partion the drive in order to save your ghost image) but the point to all this that deep freeze doesnt take up hardly any space in fact only space is being used is what you actually have on your hard drive i closely monitored the drive space before i installed DF and after installed you wouldnt even notice a slight change even in thaw mode or frozen mode only space being used up is your stuff and of course windows and programs but nothing extra nothing hidden even and if they were hidden somewhere your drive still has to register total space usage by the drive's properties (unless ntfs security user accounts are placed that prevents displaying the drive info for some security reason) if windows doesnt register then it will be overwritten basically as it will be marked as deleted data waiting to get overwritten and i doubt it that it uses a hidden partition cuz you find yourself that c drive will get smaller and smaller as you add more programs in thaw mode meaning its not just your programs that are takin up space but the hidden DF partition is being updated since df doesnt know how much stuff you be adding thats like 2x the space usage. 1 for your installed programs 2 to update df partition if its true that is and that would not be cool at all lol. So basically deep freeze is using some kind of bizzare method of keeping track of your data but hardly takes up any space what so ever so to restore your comp to a clean state on every restart. Hey something must give one way or the other it just cant magically restore your comp without needing whatever deep freeze needs to restore your comp lol

NOTE:Norton Ghost and Deep Freeze are totally Diffrent programs but both have diffrent ways of restoring your system Norton Ghost relys on imaging
deep freeze its kind of like what ghost does but doesnt rely on images just a simple restart

well hope this wasnt too long for most people =) it was fun posting this info and i am open for any opinions and thoughts and hope you guys enjoy reading this as much as i enjoy typing this lol

-{ Quote: "Pete/Spy 1,

You have made some excellent points regarding Deep Freeze and ShadowUser as well. I agree completely about the erasing of files on a frozen drive (and defragmenting) as it does no good at all. At reboot, you're back to exactly what you "froze" byte for byte. I also agree, and said in an earlier post, that Process Guard is an incredible security tool. Nobody can go wrong using it. Thanks for your input, great stuff!
Gerard" }-

Gerard - You're quite welcome. I was "on fire" about ShadowSurfer/ShadowUser when I first stumbled across it, too. As time went on, though, I found that the four main problems with any type of program like this were:

(1) lack-of-interest on the public's part. I can't even tell you how many sites I posted on about SU - and the deafening silence I received in return in all but a few cases.

(2) user confusion about what the given program actually is, does and how to properly implement it.

(3) User inability/un-willingness to properly set up the computer beforehand for most effective use of either progam.

(4) User irritation with the limitations that automatically come with using programs like DF and SU - having to go through more steps to save something actually wanted/having to re-boot - in DF's case, having to deal with FreezeX - leading to either improper technique in utilizing the programs, or their complete abandonment.

To sum it up, at least for me, programs like DF or S/U are oversight programs, excellent for those who need to prevent damage caused by other users' of their computers. They require attention, fine-tuning and as complete an understanding of what the programs are actually doing and capable of as is possible for effective use.

If either program does catch on wildly, they'll be attacked - probably at the point where the "un-freeze" occurs in some fashion so that something can get passed back to actual system files. Having a bunch of high-school or college students attempting to crack a program is one thing - having all the highly-paid and motivated programmers of the scumware-makers' involved - or actual hackers/malware-writers' - is liable to present new challenges, to say the least.

In a way running such programs isn't a threat to a lot malware/spyware-makers'. After all, the programs don't block pop-ups, they allow information to be stolen even if "only" during a "frozen" session, etc.

I wish these kinds of programs were the answer - but in their current state, I really don't see that as being the case. Pete

That i do agree with spy1 was mentioning when it comes to identiy theft credit cards, personal info thats a diffrent story didnt say that deep freeze will protect you from these kind of attacks but will however minimize the threats dramatically since all spywares and viruses will be gone upon reboot faster than you can launch ad aware personal se additional to that scan your system for viruses while your add it and update and configure it properly and probably requires 1 or 2 reboots or more to successfully remove all spywares and viruses. Now if someone was trying to hack you or out to get you i would take this threat seriously during that windows session. Personally when it comes to personal data stored on your computer i would be very concered i would rather have them on a secure hard drive or on removable media such as cd's/dvd's etc and put them in a very safe place in your house. Save all personal data thats valued to you else where. and also make sure where you going to store your personal info that it is reliable.


And as for hacking Deep Freeze or shadowuser (not to sure with shadowuser never used it so i just stay with deep freeze cuz deep freeze is the only one I use) only thing i can come out with is someone knowing your password not hacking the password. Deep freeze is not going to make this any easy what so ever if anyone dares to temper with it while its in use (Installed). It is almost of saying hey lets hack into this computer and steal the windows login password. Well good luck on that one lol. The thing is hackers can only do so much hacking while windows is running to truly hack the windows login password you would physically have to be on the computer so you can boot up windows xp cd to the recovery console or using other bootable programs lol. guess what i am trying to point out is even if your the best hacker out there and know your way ins and out you just cant access files that are being in used by windows and i am pretty sure the windows login password is stored on a sam file somwhere in windows folder thats always in use while windows is running of course and its access denied. pretty sure thats how deep freeze is setup the persi0.sys file is always in use and its hands off which is located on C:\ (persi0.sys this is where deep freeze password is stored and what state is it in thaw or frozen) and since deep freeze is a kernel program any forced attacks on it or if it ever happens has been disabled other than running deep freeze diallog box and type in your password and thaw it pretty much windows is screwed lol (unless you boot off a bootable xp cd or a os cd (if your drive is ntfs better use xp or win2k cd lol any early version of dos cant see ntfs volumes) and then you can copy the persi0.sy file but who wants to go thru all that trouble anyways lol not to mention might have to configure your bios to get it to boot not getting into details about this part you know how this bios thing goes. so hackers wont even bother trying to hack it instead they hack your info instead cuz its more easier than hacking deep freeze lol as long as you dont restart yes i can see this can happen so to combat this i use adware for spyware and house call trend micro for viruses which is a online virus scanning web based most likely you be using adware more frequently good thing deep freeze allows you to have thaw drives which is where ad aware is kept as it doesnt rely no registry entries=)and that my friend security at its best lol

hope you guys find this interesting

-{ Quote: "hope you guys find this interesting" }-

I hate to be the one to say it, but I'd find your remarks a lot more intelligible (and interesting) if you'd try exercising things like correct spelling, punctuation, etc., instead of two-hundred-word mongrelly-worded sentences.

You sound intelligent enough to manage that if you'd simply put your mind to it - and it would make it a LOT more interesting if people didn't have to decipher what you're saying on-the-fly. Pete

Are you talking about files created or d/l'ed while in the frozen state? Or system files? Because you couldn't have erased anything but the copies of the system files that were being run in the temporary zone during a frozen state.

It's currently possible to shut down the highest level of FreezeX protection. Then you can access or delete any previously protected exe, ocx, dll, etc...(those not in use). For example, once FX is disabled it's possible to run WinHex against the not-so-free space. Enough? The free space is not being protected or restored byte for byte, evidenced by the corruption of the hidden(?) DF info by the disk wiping utility. Today I can 'undelete' yesterdays content, including DF files that were inaccessible in yesterdays C:\*.* directories.

well sorry about that i am new to posting forums and i do know how to spell just that i got used to how people type that way once again I am sorry. I try better next time.


Hope you guys find my posts interesting=)

I agree with Pete. Just so you know, I don't think it's the spelling as much as it is the total lack of punctuation. Periods, commas, question marks and basics like that. Being new to the forums shouldn't have anything to do with that as it's just basic writing. I agree with Pete that you have a lot to offer here. BUT, I also agree that it's hard to read your posts. Nothing personal, you have some good thoughts.

What exactly is freezex?

-{ Quote: "What exactly is freezex?" }-Hi bjmp24,

Take a look at these links: FreezeX (http://www.faronics.com/html/Freezex.asp) and FreezeX FAQ (http://www.faronics.net/faq/index.php?sid=13949&lang=en&action=show&cat=2).

Nick

http://www.faronics.com/html/Freezex.asp

Hmm - it looks like a stand-alone program, separate from DeepFreeze?

(I don't know why, but I was under the impression that they came together). FreezeX is apparently for use on the computer when it's in its' UN-frozen state.

According to "do tell" (depending on how much credence you want to impute to an anonymous poster) FreezeX can be hacked and dis-abled, allowing your so-called "clean" state to become - well - DIRTY! <g>

Looks like PG stands head-and-shoulders above that one. Pete

-{ Quote: "According to "do tell" (depending on how much credence you want to impute to an anonymous poster) FreezeX can be hacked and dis-abled, allowing your so-called "clean" state to become - well - DIRTY! <g>" }-Search on Security Tracker, you will find that there are a few bugs.. I'm at work right now and don't have time to provide links, but it's easy enough to find yourself :)

So.. basically freezeX is optional?

This is a very interesting thread. It still surprises me the amount of fear people have when told of something new/revolutionary. I like the idea of DeepFreeze and I will look into it more.

I first became interested in safety net backup type programs with WindowsME and System Restore. I liked the fact that you could roll back the computer to a time when the computer was still running. It was imperfect at best, but was better than nothing. I found a program called Powerquest Second Chance. This was a much more polished and robust version of System Restore, I used it for years with no problems.

When switching to WindowsXP I was determined to find a good safety net, something better than System Restore. GoBack! is great but it constantly works in the background accessing the hard disk. I also heard of Raxco's First Defense and it sounds good but I decided to go with Farstone's RestoreIT! It makes a separate partition and the entire system can be saved as well as incremential updates to the system. Don't like a program you just intalled? RestoreIT! Want your system just the way you firrst installed it with drivers, updates and all? RestoreIT!

My experience with DeepFreeze is limited. I was working as a computer assistant for my local employment office and wondered, who takes care of all of these computers? Why aren't they all messed up? DeepFreeze. Every computer worked flawlessly. No viruses. No trojans. Nothing. Just perfect working computers. In the words of Seinfeld, it was "breathtaking". :D

Imaging while impractical for everyday use, it still has it's place. Imagine home users backing up 40gb of information every day? 9 DVD's? A box of CD's?

I have seen the future and the future is DeepFreeze (and similar programs).
But one thing concerns me. I was wondering how you can keep from losing:

*Daily email
*Added favorites
*Windows updates
*Virus updates

...and any other daily updates.

-{ Quote: "But one thing concerns me. I was wondering how you can keep from losing:

*Daily email
*Added favorites
*Windows updates
*Virus updates

...and any other daily updates." }-

That might be a problem using DeepFreeze (I'm not sure, I don't use it) but it's not a problem (with the exception of "Daily Email" ) when using ShadowUser. The ShadowStor people recommend leaving a copy of the email on the server for two or three days - this works fine on a home PC - so that if there're emails you want kept, you can simply get it off the server again when you're not in ShadowMode. I preview all my stuff with MailWasher on the server, anyway, so this isn't really an issue - I know when I go back out of SM, the mail I wanted will still be there - and the stuff I didn't will still be gone.

Since everything I've got is on my "C" drive (which is a really terrible way to do things - I wouldn't recommend that to anyone), I simply placed all the folders I wanted "Excluded" into SU's "Exclusion List". These consist of all the folders for my defensive programs, so that I can update them while in SM (and have the changes "stick").

I've never tried doing a Windows Update in ShadowMode, although there have been instances where that really would have been the intelligent thing to do, given M$'s proclivity for screwing things up in a major way with some of their more disasterous "fixes" - especially the un-installable ones.

I imagine it could be done, though, by finding out if the "patch" or fix was actually doing its' job correctly, then coming out of ShadowMode and re-getting it (the same applies to DF).

Or, you could simply commit the whole session to disk (although that could be risky if you picked up something "extra" along the way). You can do that with SU.

The important thing to remember here is that you absolutely must come out of either SM or the "Frozen" state on a regular basis on a SOHO computer - you're defeating the purpose of having a "clean" state if you don't return to it regularly - and since you have to anyway, that's the time to do all the things that are easier to do while not in SM or "frozen".

bjmp24 - Yes, FreezeX is a completely separate program which you must purchase separately from DeepFreeze (at least in regard to the "non-profit" versions). That would kick your initial investment up to around $50 for both programs. Pete

I have the newer version of GoBack 4.0 (got it with NSW) and it's fantastic! It's not like it used to be. It now has additional new features, along with it's regular go back abilities, that make it very similar to Deep Freeze in some ways.

It's auto revert feature allows you to revert the drive back to a previous state just like Deep Freeze at every restart.

Plus some other very nice features, like it's "safe try mode" that allows you to test new programs, that make it superior to Deep Freeze in my opinion.

Also allows you to restore just the files or folders you need, or an entire drive.

I'm still learning how to use it, but so far it seems like an excellent program. Much more to this version than older versions. Very easy to use and seems very much aimed at the home user too. Doesn't seem to slow my system one bit. It's definitely better than the older versions and far more flexible.

I have been using Deep Freeze for quite some time and I can say it has been the best experience ever since I configured my computer to work with it, I have 2 hardrives and I have configured them like this: c windows partition d program files partition e temp partition and f that's my big partition where I have my documents, opera (bookmarks, wand logins etc). I only freeze c and d and I haven't had any problems, plus I have an image of my C partition so should a system disaster occur I can recover in about 3 minutes because I only have to restore the C partition program files remains untouched. I don't use an antivirus nor a firewall and I haven't needed them for more than a year, besides I can make all kinds of changes and experiment with windows settings to the max without worrying something will go wrong. My computer stays real fast (786MB of RAM) and no system resources are leaked or wasted in antivirus "protection".

If there are any other users taking advantage of deep freeze please post it.

Hi Auron

I can't comment on DF (as haven't tried it yet), but your set up looks interesting. Though I personally wouldn't forgo my security apps, esp as my background apps are fairly lean, eg nod32, LnS f/w...
I would have thought a fw is essential, unless u have a h/w router, but even then you wouldn't know if a rougue/trojan app is connecting to the net

Sorry if a bit OT & newbie, but in terms of installing prog files on a separate partition (d) from the OS (c), does this lead to any potential problems? Is there something specific you would have take into account or be aware of when doing this. (Been thinking of doing this for a while)

Also, when installing s/w which adds to the registry, I'm assuming this gets written to the c drive? And does application data get written to c or d?
Just wondering if when you do recover the c drive, how everything works in relation to the prog files on d drive

thanks
jag

Yes, when I install software the registry settings go to my c drive and the program files themselves go to d, I have to do this in the thawed mode, then if I create a backup of my C drive and have to use it the registry settings on c will match the way things are set up on D because they were frozen thus protected all the time. As of how to do this you just have to change the program files path on windows registry and all new apps will go to that partition by default. Unfortunately when I have tried to change the application data path in windows registry for some reason it seems to revert back to it's original configuration but changing this would allow even further dynamic changes on settings that take a boot to change at times.

I have a router and it has a built in firewall, my browsing experience has been the best with opera installed on my D program files and the opera.ini file with all it's settings on a thawed drive, that way I get all the flexibility I need to add new bookmarks or wand logins and at the same time keep Opera protected from any potencial problems.

When I have restored my C drive from an image (3 minutes or less with Norton Ghost) everything stays the way it was because there is concordance between C and D.

Hope that helps.
Thanks.

Hi, I have a small problem with deep freeze, if anyone is able to suggest a solution, I will appreciate it.
I have started using deep freeze since 4-5 months, and it works amazing. But recently i bought an external hard drive, and reinstalled deep freeze with the option that it _should not_ freeze the external hdd. however, it still freezes the external hdd. I have tried to reinstall deep freeze several time with different options. But right now the only working solution is to reboot in thawed mode, transfer my backup to external hdd, and then reboot in frozen state.

is there any simpler way?
Thanks,
Harsh

Hi Harsh, I once had a similar problem with Deep Freeze, what version are you using? If you are using 5.2 and creating your own installer try to check the frozen drives section. Otherwise you can contact faronics directly.

By the way just a question I assume you don't use an antivirus right?

The problem....which has'nt realy been answered...is say... when in the "frozen
state".. you become infected...true the next reboot you won't be....but when
you think you're so protected....you do your online banking ...or pay your
credit card bills......ain't you sold the ranch?... THE DAMAGE WILL BE DONE!!!!

deep freeze is crap it takes all the fun out but i can bet u backdating the system will kill deepfreeze

-{ Quote: "The problem....which has'nt realy been answered...is say... when in the "frozen
state".. you become infected...true the next reboot you won't be....but when
you think you're so protected....you do your online banking ...or pay your
credit card bills......ain't you sold the ranch?... THE DAMAGE WILL BE DONE!!!!" }-

No it wont. Reboot to remove all traces of previous surfing, THEN do your online banking from a clean system. When you're done, reboot to clear out history of banking transactions. Then go surf whatever again.

What hasn't been made clear is the need to protect files on **thawed** drives from (re)infecting the **frozen** drive. This is one reason FreezeX was developed. But I suggest to use PG or SSM instead. For now, lol.

-{ Quote: "deep freeze is crap it takes all the fun out but i can bet u backdating the system will kill deepfreeze" }-

You must have configured Professional version to allow such things. In DF Standard version "You do not have the proper priviledge level to change the System Time."

The above quote is true - unless you have a bootdisk! In that case you can work a small wonder by resizing the boot partition! :D

The point I was trying to make.....who knows when a zero day exploit is going
to happen....it just may happen after you make a fresh reboot...and when
going to your online banking and the sign-in procedure

Faronics recomends using an anti-virus....hence things can happen.

I still dont believe it's fool proof....and to put total trust in it...without back-up security apts....seems foolish to me. So then you have the cost of
all your apts....plus cost of Deep Freeze. I admit it would be great for
schools, libraries, internet cafes....but for the average home user it is
a huge pain in the gluteus maximus....They should make a special home
addition...So if you have younger kids or teenagers. they can play all they
want...and you have still have your regular pc...for every day chores. without
a flashing RED X....very irritating. and without jumping thru hoops to do
anything



P.S. you can crash it ....I found out the hard way and had to do a reformat

ugh ugh ugh

P.P.S. Shadow user seems more user friendly for the average Joe Doaks

Shadow user isn't even comparable to Deep Freeze. DF uses a kernell mode driver thus it can't be exploited or crashed unless you change your CMOS configuration, and it's not that hard to configure one's machine to have documents and other important folders on thawed partitions. Having a hardware firewall solves my security issues and doesn't waste any RAM.
The only product remotely comparable is Clean Slate, but after installing it CS can take 10 minutes for each boot. and leaving thawed parts on the same partition is not a good idea.

The point I was trying to make.....who knows when a zero day exploit is going
to happen....it just may happen after you make a fresh reboot...and when
going to your online banking and the sign-in procedure


You still havent answered this

Read what is say......Just dont defend the product.

The object of this thread was to discuss the pros and cons of DF

I did not say they were in the same league...just mentioned shadow user
was far more user friendly...for an average family....


and yes DF crashed my system....dont tell me it can't

If you care to ask ....I can tell you with hotmail addy..so not to give
the junior hackers an idea how to do it

I'll answer it. I am following this thread and several people have already said that you run FreezeX, PG or SSM to protect against ZDE. Any one of these would seem to be perfect to run with Deep Freeze.

-{ Quote: "

Why the big secret? Just fill your HD till you are out of disk space, then reboot.

Heres another one for Gerard's notebook:

I created an image of the boot drive while in the frozen state. Then I repartitioned the drive from 2 GB to 5 GB. When I restored the frozen image, DF wouldn't recognize the larger size and Windows failed to load.

For the record I do have a frozen image matching the current partition and it can be restored with no problems. Just something to keep in mind before you decide to resize your disk(s)...

BTW, where IS Gerard?

-{ Quote: "Hi Harsh, I once had a similar problem with Deep Freeze, what version are you using? If you are using 5.2 and creating your own installer try to check the frozen drives section. Otherwise you can contact faronics directly.

By the way just a question I assume you don't use an antivirus right?" }-


Thanks Auron, yes I am using 5.2, and creating my own installer. I use Norton AV 2004. I have two partitions in my laptop hdd c & d, and one external drive f. During installation i check only c:\ and unceck d: and f: drives. I'm not sure whether i can change this option after installing. so according to your suggestion i uninstalled and then reinstalled with the said options, however, the problem remains.

I emailed faronics, but they don't provide support on trial version.

-{ Quote: "I created an image of the boot drive while in the frozen state. Then I repartitioned the drive from 2 GB to 5 GB. When I restored the frozen image, DF wouldn't recognize the larger size and Windows failed to load.

BTW, where IS Gerard?" }-
I just looked up on the deep freeze site and it says clearly to only image thawed partitions or drives, never image a frozen partition. I will say this about the company, and that's that they have one hell of a good support site, it is loaded. If only more would take notice and offer that kind of online support. BTW, I just read where Gerard posted the other day and said he didn't have any time schedule. What's the problem Pete? The discussion can go on and it seems to be just fine. Let the guy gather his information and we'll see what comes out! I have to admit to being a little interested in this deep freeze.

1st A question.......would all advocates for or against DF .....have just
1 apt for your total security.....such as Freeze-X, Process guard or SSM????

Well that is basicly .....all you would have...1 apt to keep your system secure
I'm sure that the makers of Process Guard would not say that is all you need

When you are on line Frozen or not Frozen...your machine can catch a "bug"
As many of you know.....it just takes a second. So even with a fresh reboot,
you would be taking a risk...hoping you to make it to your on-line
banking, paypal etc...hoping you would'nt be infected... all your
trust in PG or Freeze X. That is really a lot to assume.

I see no where at Faronics page ......that Freeze X stops all Malware.
When they put it writing...that they would guarantee all my loses
Then maybe....just maybe ..... I'd Be a "TRUE BELIEVER", or maybe loses
up to $500.00 like the reward they offer hackers.

Then all i have to do....either get my friends to download all
sorts of antispyware...AT free demos, make sure my machine is SUPER-DUPER
clean, buy Freeze X CD. via phone. install....and for 25 bucks will be all I have
to spend for security...with optional Deep Freeze or Shadowuser..maybe free
demo of PG...Id be set for total on-line security for 25-50 bucks then I'll be
safe to face the perils of the internet....with a very minimal investment

Deep Freeze doesn't need any companions, as a matter of fact the use of an antivirus is totally irrelevant unless you get to map your AppData folder from the registry to a different location (when you do that windows automatically reverts it to the original settings) because that's where most antivirus updates are stored not the program files path. As for Freeze X I haven't tried that one but DF is rock solid. Something else provided by software like DF is the freedom to install anything anytime, modifiying the registry, etc. As a user I think that let's you get to know your computer a lot more that being afraid of editting the registry or backing it up every time you do it.

Being safe online isn't Deep Freeze's responsibility, for that I use Ghostsurf 2K 5 which hides my real ip address using annonymous hubs and encrypts sent and received data at a 128 SSL level.

Auron.....Yes i know when you reboot...your machine is "fresh"
but it can get infected.....both thawed and unthawed....do you think you are
protected then???? If you dont use your p.c. for business, or do not do any
sort of online banking or paypal.....then you are perfectly fine.


Gerand at the start of this thread seemed to think all the protection you needed
was from DF and Freeze X. He wanted the pros and cons for an article to get
ideas....I myself think his idea is flawed...in its present state...mainly the using
of Freeze X for total protection.

Hi,

pardon me if I havn't understood this, but it seems to me that anybody relying on such a program will be risking any hacker getting hold of any data on their PC?

Disaster Scenario:-

Relying on Deep Freeze, go onto bank not realizing that a key logger has already been installed into your system just before you logged onto your bank. Hey the hacker has got your money!! Doesn't make a cent's worth of difference if your PC is put back as it was when you reboot!!

So it seems that using Deep Freeze is only useful if you actually restrict your own internet usage to things where security isn't required anyway! and that you musn't have any personal or valuable data on your system that you don't wnat others to have.

It seems to me then that for many users the program will be useless?? I'll stick with my tried and tested "buffet" of security!

Regards Jo M

In my case that's not entirely true Jo M, I use a hardware firewall for that, among other things it features stealth ports, intrusion detection and some other neat features that protect me in that way, as for identity theft and online paypal or bank usage Ghostsurf detects keyloggers, tunnels your requests through secure hubs, so even if I do online shopping I don't worry about that, using Freeze X when the computer is thawed seems reasonable but I haven't required it. Now here is the point, if a disaster should crash my system (very hard, almos an imposible worst case scenario) I use Norton Ghost to restore my C partition and I can be back on 3 minutes, reinstall Deep Freeze and I am on again. You are all probably right in the fact that there is no ultimate security tool on a standalone version, but for me this combination has worked to date and I don't need to keep any definitions, service packs, updates, etc. It's always solid. But some people just love to have an antivirus and they feel safe and comfortable using it and all that stuff. If a virus affects a thawed partition (most viruses target your c partition and the windows folder itself) I also have that backed up so I gues I 'm not worried at the moment.

I see there has been some questions as to where I am(?). Quite simply, I am working, up north in British Columbia today. I really don't have time to participate like I would like in this thread, but the ideas and thoughts have been invaluable! I said in my second post that I was not wanting to be pulled into the back and forth of this thread, that I merely wanted to open the discussion to gather information. My non-participation hasn't been entirely successful, but that's fine too.

Before I go any further, let me say that I truly would not use Deep Freeze without an anti-virus, firewall, and FreezeX. But that's all, and honestly, the AV is only needed for certain data configurations. I know that Faronics blanketly recommends using an AV with Deep Freeze, but if the data folders are configured properly, even that is not necessary. However, a good firewall and FreezeX (or something similar) are must haves with Deep Freeze.

There seem to be many questions concerning Deep Freeze and the possibility of a keylogger being placed on the computer immediately after a reboot and into a "frozen" state. First of all, let's be honest about the improbable odds of this happening as keyloggers are most often (but not always) placed on an unsuspecting box by someone having physical access to the computer. For those that are not and are dropped by a trojan, or even an email attachment, let me explain how FreezeX works and how a keylogger simply could not execute.

FreezeX was made to be a companion program to Deep Freeze to be a watchdog program during "thawed" states, especially, but also during everyday "frozen" sessions. FreezeX is unique in its "whitelist" methodology. Simply, no program can execute unless you have explicitly told FreezeX that it is allowed to execute. The whitelist process of FreezeX allows only programs to execute that you have given prior permission to execute. Simple, simple.

Scenario: As some have suggested, you boot into a perfect state with Deep Freeze and the computer is immediately hit with a keylogging program. For that program to operate it must do what? Execute. However, any program trying to run simply will not run as FreezeX allows only the execution of programs that you have given prior approval to do so. That also includes rogue programs attempting to use file names of programs that you have whitelisted. FreezeX knows the difference, based on checksums, etc., between the firefox.exe you have allowed to execute, and a firefox.exe that might attempt to execute as a keylogger. The result of Deep Freeze w/ FreezeX is total protection from keyloggers. That, of course, is the main concern as nothing else can do any kind of damage that can't be immediately fixed upon reboot. As someone suggested, you can remove system files, let a virus eat up system32 files, delete the Windows directory itself, anything at all can happen and it simply does not matter. It's all fixed and perfect again on reboot.

I am very interested in hearing from those posters who seem to feel they have found ways to break Deep Freeze protection. Please use PM or email and let me know what you have done that you feel has compromised Deep Freeze. To my knowledge, it has never been done. DF is on hundreds of thousands of computers all over the world in schools, libraries, Internet cafes, and yes, business and home use. Well educated students and hackers have done their best to break DF, but without success. If any of the posters have truly broken Deep Freeze protection, I would like very much to hear about it.

I wish I could write more, but I must get back to work. Again, thank you for all of the great feedback as much of it has been very useful.

Regards to all,
Gerard Morentzy

Well I have heard horrible stories about FreezeX http://www.digitalvideoediting.com/articles/viewarticle.jsp?id=28878-0 for example which has a very interesting review of the cons of that program. I'd rather use an AV instead of going through all that. Jo M it's interesting that you mention HyperOS how does that feel as opposed to DF? And Gerard from what I know the only known way to break DF is bypassing windows by making changes to your CMOS.

Hello,

I didn't read every post, but I join Notok's opinion :

-{ Quote: "
However I would NOT trust this to be the sole line of defense in a security setup. I wouldn't treat this as anything other than another imaging program, in terms of security.

Yes, it's great to be able to clean the infection with a simple reboot, but by then the damage may already be done. Since this WOULD protect against system corruption, it would mean that the user would probably not need to reboot as often, leaving a greater window of time open for these things to work. If you got something that took over your system, or continually reinfected you, you could be in even more trouble if you relied on this as your sole means of security. As Gavin stated, you would also probably continue to spread email borne malware, keeping you as part of the problem rather than the solution. Malware isn't just a nuisance anymore, some are made to steal your identity and these things are getting nastier all the time... it may only take one login to your online banking or one online purchase for the damage to be done, rebooting won't erase that data from the attacker's machine.

I have no doubt that this is a great product, and I may even get this for someone like my mom and my most recent client, but you gotta keep things in perspective. Nothing is 100%, and it's dangerous to promote it as such. It may be a fantastic alternative for imaging software, but not security and not backups (as wilhacku stated.) The bottom line is that you still need to prevent infection in the first place.
" }-

Then we comes to the fact that DF needs a companion, to block anything to launch. No matter the product which does that, it does not nullifies any security threat, it still remains one of the most powerfull one, the buffer overflow.
With it, you can make your favorite (allowed) IM program gather personal data and send them out without executing any new executable.
I may be wrong on this point, if so anyone correcting me will be appreciated, but a memory scanner and a firewall are needed anyway, you cannot rely only on a single software.

Note that I do not say it is not good to use (it's probably a wonderfull software, providing a simple and efficient solution), just that it is not good to use alone.

regards,
gkweb.

Hi,

Too many softwares with a great marketing...
But it's also great if they exist...

Pardon me gentlemen, but i don't want to transform my PC on a fortress.
Inside, i haven't the bank's account of Bill Gates, Ruppert Murdoch or Walton's brothers.
And i don't want to see my security more expensive than my PC...

To stay on the subject, there's another soft of the same kind.

***DriveVaccine:

http://www.horizondatasys.com/drivevaccine/index.html

On this site, a free utility is available:ExeVaccine (an executable filter).
This tool is the same as Trust-No-Exe:

http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm

At last, i'd rather the old method:classical and frequently back-ups on external drives.

Regards

Thanks Auron for that link on Freeze X.....That seems to be the only user
review Ive seen or could find. To me it's too much of an unknown to put
much trust in.

You are right Just Wondering there aren't any other reviews about FreezeX out there but honestly I think it's against the flexiblility provided by Deep Freeze. An interesting forum where the powers of DF are discussed is here http://listserv.utk.edu/cgi-bin/wa?A1=ind0403&L=libnt-l Then again gkweb why would I need an AV with my current set up? (you can sme of my previous posts to check it). As for online banking some AVs don't do such a good job detecting malware, spyware and things of the sort nor does a firewall, that protects you again intruders basically. And finally here is a funny forum about removing DF ~snip~ , some lamers actually trying to remove it from windows. If you look for the crack you will realize of how hard it really is to break, booting from something like Caldera gives you a chance to look at the Persi0.sys file and may get the encrypted password, not using some regedit command. However this link is mentioned and you may find it interesting ~snip~ , this anti freeze app may work though I haven't tried it being based on a dos boot it gets more credibility.

Regards, Auron.

Auron

Yes ;D
another Ghostsurf fan

I was wondering about globle hooks and the such with deepfreeze?
It seesm to me it is a program that allows anything to happen but then restores the drive.
Am I wrong?

What happenes before you reboot if you have a nasty?
It seems like it does not detect anything but relys on a reboot to restore everything.

Bruce

With all the respect controler but isn't it kinda late to be asking those questions I think the main topic now has reached more complex questions by now, but just in case you missed all the last posts yes deep freeze is a tool that allows you to "freeze" your hardrive so all changes are undone when you reboot so no "nasties" will affect you even the worst viruses out there.It is a kernell32 driver which means it doesn't rely on any imaging technology thus making it real fast. Hope that makes it clearer. And yes we are both Ghostsurf fans. This link ~snip~ was also obtained from the forum I posted recently and it is an interesting point of view over DF's passwords you can also check it, altough at this point I would like to know if anyone else uses some sort of protection beyond antiviruses and firewalls like hyperos (got to know that one because of someone in this forum) clean slate, drive vaccine or anything of the sort.

Regards, Auron.

We have used Deep Freeze in our school district in an area where children are that can't learn in a regular environment and usually are known for getting into trouble for over a year. The calls for problems have virtually disappeared. We are now implementing Deep Freeze throughout the district and looking into FreezeX for Administrative pcs.

We don't have enough manpower to keep up with all the spyware, IE problems and mischief and this solution is working really well for us. We have over 8300 pcs and close to 50 servers with about 30 full time/part time people trying to keep up with them.

Hey everyone here is some neat stuff on DF ~snip~ and this ~snip~ please go ahead and check them as they further explore DF's file deleting "capabilities" and they talk about a true hack (from windows itself) for DF ~snipped hack info~, really interesting.

Hi Auron,

Welcome to the forum. :)

No offence intended, but I am afraid I had to remove a few of the links you posted since our forum's Policy/TOS prohibits the posting of links to cracks and/or hacking information. We do appreciate your contribution to this thread, and also realize you were only replying in response to Gerard Morentzy's post #78 wherein he said: "If any of the posters have truly broken Deep Freeze protection, I would like very much to hear about it.", but unfortunately, we cannot allow such links.

Regards,

snap

Unless "FreezeX" seals off the PC while you're running it, the program does NOTHING to protect your computer from trojans, keyloggers, etc. between reboots. It's fine if you don't want extra stuff continually being added to the system, but it's completely defenseless against virii, trojans, etc. because all it does is restore the system. Furthermore, if you have a thawed section of your HD, there is absolutely NOTHING that prevents a trojan, virus, etc. from hiding there until the next reboot, thereby reinfecting the system.

Therefore, in order to be truly protected, you would STILL need to run AV, Spyware, firewall software to protect the PC while you're using it. Those people who swear by this as a replacement for other security programs are seriously deluding themselves. IMHO, any claim that AV software is not necessary if "the data folders are configured properly" is wholly irresponsible.

It seems that you haven't understood the point of DF cenobyte2k4, by protecting windows folders and mostly "C" drive stuff you avoid the pain of all the malware and spyware you can ever imagine. Spyware's target is rarely on a different partition, the same goes for malware and all, you name it. Sometimes just to prove that point I install ad aware and run a full system scan and guess what I have no spyware, adware or anything! sometimes I even install Norton AVs or Panda Titanium just to find out I have no viruses (luckily when I restart these softs are gone) I have been with this set up for more than a year, as the faronics slogan says "Protect your computers today against the unknown threats of tomorrow". Now calling someone irresponsible without even having tried that setup is something even more... well I guess you know what I am talking about. It was never my intention to say my set up is perfect or to offend people who use AVs, it's just the fact that I don't like AVs software and I haven't had any need for them.You can believe what you want just be respectful because I am here to insult other users or do any of that.

Regards, Auron

Hello, I'm new here. :)

Prior to reading this thread, I'd never heard of Deep Freeze, WinRollback, Drive Vaccine, or Shadow User. They do seem like necessary evils however in some applications (schools, coffee shops, etc.).

I'm wondering how one of these could be implemented for example, on my Mother's PC. She's VERY computer illiterate. Her computing usage consists of surfing, email, and a few games (offline).

I downloaded the Deep Freeze trial, and will be checking out WinRollback since the only limitation on it's trial version is that there's no password for the admin user interface.

What I've done in the past is create images of her machine (Ghost/Drive Image/Acronis True Image). One image upon initial XP install, another with drivers loaded, and a third when completely finished. I burn these to CD/DVD, yet also leave them on her data drive (2nd partition, only one HD).

If she has issues, I typically restore the complete image unless it's been long enough there are probably a lot of new versions of her apps available. If it's been even longer than that, I may restore the bare XP image and redo it all.

This has meant that I store her emails, etc. on her data partition, or back them up periodically. In the past, I've used a free utility (syncback) that I can set a schedule on to do the syncing of the data.

I was curious though, about how these applications would work with My Documents, etc. This lead me to the following Microsoft URL:

Combining Folder Redirection with Roaming User Profiles (http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_wtje.asp) - scroll down for "Default Behavior of Profile Folders"

She's obviously not in a situtation where I can apply group policy rules, so how are you (the current users of these applications) maintaining your ever changing user data such as favorites/bookmarks, emails, desktop wallpaper/icons/files, etc.?

I read where one of the applications (Shadow User?) allowed folders to be excluded from the "frozen" state. That might work. Is that the best way to handle these folders?

-{ Quote: "sometimes I even install Norton AVs or Panda Titanium just to find out I have no viruses (luckily when I restart these softs are gone)" }-

What if the app requires a restart to function?

Sorry for replying to my own reply, but I need to post this.

I downloaded and installed WinRollback this evening. The install was a no-brainer, just required a reboot.

The website warns of a nag screen, but this isn't your typical nag screen...and that's not the worst part.

Upon bootup, I was presented with a nag screen that not only made me wait about 30 seconds, but also took over the entire desktop. Nothing would kill it or bypass it. Ctrl-Alt-Del did nothing, Shift-Ctrl-Esc wouldn't pull up the task manager, nada.

Ok, 30 seconds pass, and it goes away. Ok not "too" bad I think. I try opening the admin screen and it gives me a message telling me that the driver isn't loaded. Bear in mind, there's an icon in my systray. The GUI loads fine via the Start Menu but attempting to turn the software on/off gives the same "driver not loaded" error message.

During this time, the nag screen would reappear out of nowhere, whether I was messing w/the application or not. I'd be working on something, then all of a sudden the entire desktop is gone and here's their nag screen...30 seconds of it. At that point I was ready to strangle the developers...but wait, it gets better.

It won't let me uninstall it..why? Because the driver isn't loaded!!!

Their documentation lists the locations it puts files. Cool, I'll just delete (or move) them, and delete the two registry keys it added. So, I did.

Reboot....uh...reboot....reboot?

That was the cycle, continuous reboots.

I booted to Acronis, and made an image. I then restored an image from a little less than a week ago. I booted up into it, and restored data out of my "bad image", and here I am.

If you aren't getting the message here, stay AWAY from WINROLLBACK.

Hello everyone it's nice to see some activity in the forum again, ok airjrdn. I’ll start with your question about maintaining changes on my documents, bookmarks, etc. Well for this you'll have to map those folders to a different thawed partition. You can do this by using windows xp powertoy tweak ui or via the registry, that way changes will remain after every boot. Also I have worked a lot on configuring programs like opera, edonkey, limewire to have them on a totally different hardrive increasing their performance. Now regarding your question about the anti virus apps that may require a restart in my case logging off has been enough and then logging on again. Another killer feature that we are forgetting about DF is that hard drives remain defragmented all the time, no need to maintain or defrag them, this is really useful since I have a different partition for temp files and it’s always fast since all the files are contiguous and it stays on top performance. Another recommendation is if you are going to create an image file uninstall DF create your image file and then reinstall it, otherwise you could have a corrupt install when recovering from that image.

Thanks for the reply.

Last night I installed (reluctantly) ShadowUser Pro (the trial). One thing I liked was that you could exclude folders (email, fav's, etc.). That's a nice feature. Unfortunately, it's around $70. I won't spend that much on it. $30 would be doable, but at $70, I'll just use Acronis True Image and have it create incremental images each night. With that, I don't have to continually be aware of whether or not the software is on, or off, or reboot to turn it on or off, etc. That's a little cumbersome.

The price may be a little steep but ShadowUser Pro is an excellent program and for around 30 dollars you can get ShadowSurfer which pretty much the same thing except with no folder exclusions or commit.

Thanks,

Chris

I got fed up having a million security programs running in memory so I wanted to find 1 program to do the lot.

I run Deep Freeze on a partitioned HD, 1 for OS and programs (frozen), the other for documents (unfrozen).

I also thought that running Deep Freeze and Process Guard was the ultimate defence (and only 2 programs in memory) assuming XP firewall is on to stop incoming. While surfing the internet, any malware would be stopped from running or connecting to the internet by Process Guard and when I rebooted, all traces of the malware would be gone. I wouldn't need any AV or AS scans which take longer than a reboot.

The only flaw I could find was for e-mail. Lets say a friend e-mails a small game for me to play. Neither of us are aware that this game contains malware and I save it on the unfrozen partition. I run the game and Process Guard pops up to tell me it's trying to run. I say OK, and its runs the game which I play. At the same time, the supposed game is also sending personal information over the internet (or some other unwanted activity of which there are many). The only way to actually get rid of the malware is to run AV and AS scans and I need to get rid because it will run every time I play the game.

So my conclusion was that I still need AV/AS software but at least I don't need to have it running in memory.

Well, a good firewall (sygate) would take care of a portion of that as it will alert you to outgoing traffic.

What if the malware (on your non-frozen partition) decided to simply do a delete of all of the data on the drive it's on though? In that instance, only a backup will suffice I guess.

I have been reading this thread with interest. I had also looked at the deepfreeze site and documentation there.

As I understand it the original theme of this thread related to the use of deepfreeze on home PCs. I'd like to point out that most home users do not have the knowledge or understanding to use such a sophisticated piece of software.
Deepfreeze would have to be made much easier to use before it would be likely to appeal to most home users.

For example, the vast majority of home users get their PCs with a single hard drive and just one partition (as far as I know, most PCs are sold that way). If I have understood correctly, deepfreeze requires data and other personal files to be kept on a separate partition or hard drive to avoid its being lost on a reboot, if changes are made in a frozen state (the whole point being that that would be the normal state)?
If so, few home users would know how to go about creating additional partitions (for which they would need some third party software, in itself not without risk of being used incorrectly). Maybe deepfreeze could add a facility to automatically create such a partition and move all the personal folders to it (also making the necessary path changes in apps and registry) during its installation? Not easy since people could have all sorts of apps installed, some of which could be rather particular about where files are placed.

Also, for most home users, the simple daily things mentioned in some of the posts that people do (download email, files and music, creating or editing documents, adding bookmarks as they surf, etc.): if these get lost on reboot, I think that the net result with many home users is that to save themselves the trouble, they would end up running in thawed state most of the time, defeating the object.

Then the question of the use of automatic updates by most software, which is usually recommended to be used on home PCs (often the default option for apps which home users would not change): that would need to be taken care of to avoid losing the updates on reboot, if, as intended the system is normally used in frozen state. Many home users using auomatic updates don't even realise when some update has been downloaded.

While of course the savvy user would know how to set up the system and how to operate it frozen/thawed as needed, I doubt that this is more than a small minority of home users.

So my conclusion is that in its present state deepfreeze really is not suitable for the vast majority of home users. This is not a criticism of deepreeze, as it has so far been targeted at markets that would be expected to be managed by an IT administrator, and for those situations its concept has impressed me greatly (albeit I have had no occasion to try it out, but I always believe everything I read :-)). It's just that I think the home user market is on a completely different level of the knowledge and ability that software can expect its users to possess. If you start off by telling them that they must first partition their hard drive or install a second one, then make all the necessary changes in all the apps to move their data files to the separate partition, they will not even try, or if they do, they are very likely to end up disastrously.

A free-for-home use version of freezeX would be good, exe vaccine offers a free version, but I think freezeX is better for the home user as on install it automatically adds all already installed executables to its white list, whereas from a brief look at exe vaccine, I got the impression that it requires careful setting up on first install.

-{ Quote: "As I understand it the original theme of this thread related to the use of deepfreeze on home PCs. I'd like to point out that most home users do not have the knowledge or understanding to use such a sophisticated piece of software. Deepfreeze would have to be made much easier to use before it would be likely to appeal to most home users.
" }-
JRosenfeld's points are well taken. We have the Enterprise version of DF at the college district where I work; this version installs a virtual "Thawed" drive for use by instructors as data storage. This was not intended to be a regular partition for installing applications, for instance, and would not be suitable for such on a home system. That might be the reason why the Standard version of DF doesn't install this virtual drive.

I spent about two weeks re-configuring my home computer before taking the plunge with DF. As JRosenfeld writes, you need at least two partitions or hard drives.

There are other issues, many of which have been addressed in the DF FAQ on the Faronics web site. For instance, those who still use IE and OE would have to remap the cache and stored mail to another partition - easy to do with the newer versions. (Those who still use IE and OE would have to keep up with Windows Updates to patch those leaky vessels)

Those who use My Documents and its subfolders would have to remap those folders also - easily done with TweakUI which lets you move various Shell User folders via a GUI rather than going to the Registry.

Anything that writes to the Registry while the system is in a frozen state will go away on reboot. This is a problem if you use MRU lists - at Start|Run, for instance. Some programs, like MSWord, store recent file lists in the Registry. Some programs store their configuration settings in the Registry. Any changes made to these settings would have to be done in a thawed state. All of my programs except Word use *.ini files which are stored in their program folder on a separate partition, so this is not an issue with me.

So, there are many considerations, but well-worth the effort to work them out. I use DF just for the purpose of locking down C:\. In poking around the other forums, I notice that those who use Deep Freeze add one or more other protective layers, depending on their level of paranoia.

I use a firewall, and MS WordViewer for opening *doc email attachments (WordViewer does not run any code.) That's all I have, and have been very satisified to not have worry about constantly updating AV and all of that stuff.

-{ Quote: " Deepfreeze would have to be made much easier to use before it would be likely to appeal to most home users." }-
I agree, but I don't envision Faronics making DF any easier to use - it would compromise the level of security it provides.

-Rmus

If you are worried about using Deep Freeze with an anti-virus program in a professional setting, all you really need to do is read the DF documentation. It clearly says that you can configure your antivirus to auto-update at, for example, 3:30 PM, and then set DF to go into maintenance mode (thawed) at 3:30 PM, so you would be able to receive updates. Also, on another note, keyboard, mouse, speakers, and only allowed applications can be ran during maintenance mode. You can configure this with your Deep Freeze Administrator Console in the Program Files folder.

JRosenfed

mentioned deepfreeze& partitioning?
Shadowuser recommends using partition magic to keep system files on and another partition for data also. I have one HP laptop that included both the restore CD's andc a seperate OS CD. On this one I could partition but on my other laptop, I only got the restore Cd's when I purchased it.
So I am limited on my second laptop with only one partition.
Is there any big difference between shadowuser & Shadowsurfer?

Bruce

-{ Quote: "
Is there any big difference between shadowuser & Shadowsurfer?
Bruce" }-ShadowUser has more features, one of which is that users can select the files or folders that they want to automatically save to disk or save upon a PC reboot. See here for Data Sheets and White Papers:

http://www.shadowstor.com/ServiceSupport/ProductResources/

Edit: also here for features comparison:

http://www.shadowstor.com/products/ItemPage.aspx?ItemID=49&ProductID=18

-Rmus

Thanks Rmus


So if I am using Shadowsurfer and playing a game and wanted to save my way point, I would have to be playing out of shadow mode. If I wanted to install software as permenant, I would have to be out of shadow mode.
If I wanted to just test an application, I could use shadowmode and the app
would be gone on reboot.

If I am using ShadowUser, I could allow changed while in shadow mode such as saving game way points ect. Since I only have the restore cd's with my one laptop, I would need a external drive to save files, folders, ect?

I think I got it now LOL

Bruce

I'm not Rmus but hope I can help.

-{ Quote: "So if I am using Shadowsurfer and playing a game and wanted to save my way point, I would have to be playing out of shadow mode. If I wanted to install software as permenant, I would have to be out of shadow mode. If I wanted to just test an application, I could use shadowmode and the app would be gone on reboot." }-
Correct

-{ Quote: "If I am using ShadowUser, I could allow changed while in shadow mode such as saving game way points ect. Since I only have the restore cd's with my one laptop, I would need a external drive to save files, folders, ect?" }-
Yes you could allow changes even in shadowmode. No you would not need any other media besides your hard drive. ShadowUser will allow the changes to a specific folder or file on the drive they reside on. It is really great.

Hope this helps and please ask if you need more info.,

Chris

Thank You Chris


I can only see a few security problems but the good outweigh the bad here.

Using Shadowsurfer and wanting to keep e-mail you would need to be out of shadowmode which leaves you unprotected unless you have an AV to monitor mail, which most do now. You are still left open if your AV doesn't cover the nasty at the time. This would go for Shadowuser also if you saved changes but this is true if you are using shadowuser-surfer or not.

Just from what I see so far it is wise to use a good firewall while in shadowmode and also use an AV if you plan on saving e-mails.
I can also see a product such as PG is not needed while in Shadow mode but IS needed anytime you are out of Shadow mode and are installing new software. Unless you are using shadowuser and want to save PG changes while in Shadowmode.
I am guessing most home usersa would be ok with Shadowsurfer & an good Firewall and AV.
I am thinking for people that are software junkies such as me, Shadowuser would be the best choice.

It is fun to use it as a magic trick. You are infront of someone and you say , hey watch this. You then delete all the desktop icons & empty the recycle bin. They look at you sideways witha startled loo. You then reboot and there everything is again. ;D

I think software such as this is a must need for testers ;)

I suppose they don't have a curreent beta running ?

Bruce

-{ Quote: "
I can also see a product such as PG is not needed while in Shadow mode but IS needed anytime you are out of Shadow mode and are installing new software." }-

Not correct.

You still need PG running in SM due to the fact that if your Shadow Volume were to have a successful malware infection/penetration during the session, you'd still be vulnerable to data theft of anything that was running within the session (and possibly to having your machine used as a spam-bot if your email program's running or as an attack bot against someone else while within the infected Shadow session - although that's reaching).

I run PG within SU sessions specifically to prevent that possibility - with PG set to "Block new and changed applications" and "Locked" (for other users).

Needless to say, you can run it without PG that way (and would actually have to if you were simply trying out new programs), and I just change out of blocked/locked as needed if I'm running an SU session on my profile.

Or at least, that's the way I see it. If you have PG, there's certainly no reason not to run it "cocked and locked" in SM, performance-wise, and the whole session is better-protected that way. Pete

-{ Quote: " It clearly says that you can configure your antivirus to auto-update at, for example, 3:30 PM, and then set DF to go into maintenance mode (thawed) at 3:30 PM, so you would be able to receive updates." }-

Any way you cut that, it's still a dis-advantage of using DF instead of SU. I don't know about your A/V-A/T programs, but mine update when they feel like it in the case of NOD32 and EWIDO (and probably others).

I want that update as soon as it happens - and with SU (when your defensive programs are running within the Shadow session) I get them right then because my defensive programs are all in SU's "Exclusions" list - those changes do get written back to the actual files right then.

There's no use whatsoever in having A/V - A/T programs that "push" updates (and thus protect you better from the most-recent threats) if those programs can't update automatically whenever they need to - which is exactly the situation you're outlining with the use of DF.


-{ Quote: "Also, on another note, keyboard, mouse, speakers, and only allowed applications can be ran during maintenance mode. You can configure this with your Deep Freeze Administrator Console in the Program Files folder." }-

You've lost me there - what in the world are you talking about? Pete

Hi Pete

I was wondering when you would show up :)

This is my first day trialing Shadowsurfer so I am still trying to get a handle on things.

I was thinking if using Shadowsurfer, not Shadouser, I would have to do all my security app updates out of shadow mode. My understanding was
I could use PG with Shadowuser. I am not sure what I will try with my machines as far as apps go but was thinking of trying either Spysweeper
or Ghost Surf with it too. I have TDS-3, Wormguard, Port Explorer by DCS.
I have Regdefend, Bo-Clean, Spysweeper & Ghostsurf that are paid for.
At present I have no AV or Firewall paid versions, just my router.
The HP laptop I just reformated last night has Shadowsurfer on right now with no other security apps.
One thing I noticed was after comming back from uptown, my laptop was hibernating and wouldn't come out of it. Since I am not sure this was a problem before installing Shadowsurfer, I can't tell if this is a common problem with Shadowsurfer or not yet.

Have you heard of any trouble using Shadowsurfer comming back from hibernation?

Bruce

I was thinking of using shadowsurfer to test some new security suites but if I can't come out of hibernation with out shutting down, I would lose the install :-[

I am thinking this is a pretty cool App Pete ;)


Thanks for bringing it to my attention



Bruce

I'm not reading anything about problems coming out of hibernation, Bruce. I don't use the hibernation feature, myself, here.

I'll BBL - gotta go look at a dog. Pete

-{ Quote: "One thing I noticed was after comming back from uptown, my laptop was hibernating and wouldn't come out of it." }-Based on my experiences with Deep Freeze, I'm assuming you can't hibernate.

When the system hibernates, it saves RAM to the HD in the hyberfil.sys file.

In ShadowMode, nothing can be written to the HD, so the system can't create the hyberfil.sys file.

Deep Freeze has the same limitation; although it works in a different manner than ShadowUser/Surfer, nothing can be written to the HD while in the frozen state.

---
Rmus

Bruce - I turned in a support question on it to be sure. I also just now discovered that they have their own user-forum: http://forums.shadowstor.com/Forums/ , so that should help, too. Pete

* http://forums.shadowstor.com/Forums/ShowPost.aspx?PostID=11

Hey Pete

I was at the lake all weekend and now am back in the big city.
Thanks for the forum link. I am sure I will join.
Must be a new froum the way it looks.

What kind of Dog are you looking at?

I would love to get a good Pheasent puppy.

My latest purchase is a 50 Cal. Desert Eagle. This is my new deer hunting pistol. I got the titanium gold. This past fall I shot a nice 9 point buck with my savage 260 pistol.

Bruce

-{ Quote: "Have you heard of any trouble using Shadowsurfer comming back from hibernation?" }-
I just tried to hibernate a bit ago with SU 2.5 and had no problem with XP Home SP2. I'm not sure why this is possible but it worked for me. Maybe Petes question in the SU forum will provide an answer.

Hope this helps,

Chris

Actualy I am not sure now what happened.

My son complained about the monitor going black while doing school work.
I thought a format and fresh install would maybe help & for sure count out
nasties or a bad sys file. I did see the screen go almost black once last night. It lost almost all of it's brightness. I think it is the inverter but upgraded the video driver just to make sure. It only happened once in 4 hours of continuious use so it isn't a biggy.

Now for the Hibernation thing. I didn't think I was gone long enough for hibernation to kick in. I was gone maybe 2 hours max.


with AC attached my power options are as follows.

turn off monitor after 15 min.
turn off hard disk after 30 min
system standby after 20 min
system hibernation after 3 hours

I will leave it on while going to work today and see if it happens again.
This time I will know if it is a hardwear issue or a power option for sure.

Is Shadowstor a new company or is the forum just new? OR does the product work so well nobody posts there? LOL


Bruce

-{ Quote: "Now for the Hibernation thing. I didn't think I was gone long enough for hibernation to kick in. I was gone maybe 2 hours max." }-
I'm not a hibernation type guy so someone correct me if I am wrong. I think you are talking about 2 different things. Hibernation you setup in display properties as well as standby but you have to manually go into hibernation.

Here are some links:

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdc_mcc_jiox.asp

http://www.activewin.com/winxp/tips/shutdown/2.shtml

Hope this helps,

Chris

Yes Chris You can either go to proterties or control panel & click power options. WIndows always has a million ways to do the same thing LOL

I usualy turn off Hibernate also but when I am testing mode, I like to leave things default ;) This is usualy how most home users operate their computers.

Now as far as Hibernate goes, yes you can do it manualy or after your time setting it auto does it. In my last post, my Hinernate kicks in after 3 hours.

As you mentioned it can be set when closing lid ect.

Bruce

Well I was using the product on a WinXP Sp1 machine and then one day the machine would not reboot. There was no way to get the product uninstalled so I spent the next two days reinstalling XP and the associated apps on the computer. :(

-{ Quote: "Well I was using the product on a WinXP Sp1 machine and then one day the machine would not reboot. There was no way to get the product uninstalled so I spent the next two days reinstalling XP and the associated apps on the computer. :(" }-

That's a bummer. I've made it happen on purpose (MIHOP) several times but I also know how to avoid it. There are several things you can't do while in frozen state, and there is a wrong way to uninstall. If you look over this topic I'm sure you'll find the reason!

It took you two days to reinstall XP? Wow. You have GOT to get some kind of backup program. Using Drive Image I can restore XP in under 10 minutes!

-{ Quote: "Well I was using the product on a WinXP Sp1 machine and then one day the machine would not reboot. There was no way to get the product uninstalled so I spent the next two days reinstalling XP and the associated apps on the computer. :(" }-

enduser999 - Which program are you referring to - Shadow or DF? Was there some reason that you specifically suspected whichever program it was of being the cause of the failure to re-boot? Pete

I have seen many virus that continually reinfected in deep freeze computers.

Does it allow for updates while protecting it from being modified otherwise no it has to be turned off.

I find computer start to run slower and the network becouse the information is still there so it can be recouverd.
Most of the probliems thet the compeny say can't happen I have seen happen.
and someone will find a weakness.
I like get antivirus the most.

ABSOLUTELY TERRIBLE!!! I have been using Deep Freeze Standard for weeks on a setup where only the C drive was frozen and the rest of other drives and partitions were not frozen. I was happy with it and recommended it to many people about this amazing software, until I hit a MAJOR snag. I was in the process of moving important files from a unfrozen partition to an external firewire drive, when I LOST ALL MY FILES because Deep Freeze Standard for some odd reason decided on its own to freeze even my unfrozen external firewire drive. Heck, I LOST EVERYTHING!!! The worst part is that you have to pay again to get an update! ARRRRHHK!!! >:( >:( >:(

Was considering DeepFreeze and ShadowUser. If I had 2 HDD's I would have gone with Deepfreeze, frozen C, and used D for my apps that needed frequent updating, and file saving, and computer games. But as it is, SU seemed a lot more userfriendly to me, and as I could use a single drive for it, I knew that PrevX and PG would secure the 'exclusions list' folders <which I knew PrevX couldn't do on D:> ... so I went with ShadowUser :)

The way I see it, both programs work very well for keeping your system in working order.

The weaknesses to me, are as follows :

1. What's protecting you from infection when you are out of frozen/shadow mode to install a application/fix a program setting ? Nothing...unless you have other security apps.

2. You have to save your 'save as'/update/games data to a separate HDD or Partition (or in SU's case an exclusion folder)...therefore you need security to prevent that HDD/Partition/Exclusion folder from becoming infected.

3. Nothing protects your computer from infection while frozen/shadowed. This is only temporary (until reboot), so you should do your internet banking straight after a reboot.

It's major benefit is :

1. Keeps your machine working as good as the day you finished setting it up
2. Reboot and the problems gone (with the prossible exeptions of the above 3 weaknesses).

The more I think about DeepFreeze the more I'm inclined to think it's really only good for public computers or computers basically being used as terminals. I was thinking about it for some of the less savvy users I know and do work for, but the problem is that even they want to do things like install scanners and such. In the longrun this would only make things more complicated for them. For myself, I'd prefer to just stick with my Acronis True Image.

-{ Quote: "I have seen many virus that continually reinfected in deep freeze computers." }-I've seen this as well.

Don't get me wrong, I am in no way bashing this product or trying to turn people away from it, but I think anyone considering it should really think about it for a good long while before jumping on it.

Like I said, Deepfreeze would be a better deal IF they would offer a single user PRO lic.

That is why I would pick Shadowuser.

Shadowsurfer is more like Deepfreeze.

Although If you are using PG you should be covered unforzed-thawed.

& of course Deepfreeze has it's anti executiable program that goes in compliment to Deepfreeze.

I was hoping some of those posting here that have connections with Deepfreeze would advise them to try a 1 user lic for the Pro version.

controler

I do think Shadowuser & Deepfreeze could give a better technical view of how their software works such as DriveVaccine does, see this quote.
One thing i wonder about, If it protects against format while vacinated, if something got corrupt in DriveVaccine, How would you ever reformat?

"In addition to explicitly protected partitions, Drive Vaccine also protects any non-file system areas (such as the partition map) on any disk drive that contains protected partitions. Drive Vaccine will also refuse a request to do a low-level format on any disk drive that contains protected volumes."

controler

I have an experience with this program, before pro version came out my engineering teacher challenged the class to see if they could get the computer in a de-thawed state. I was 17 at the time and I was successful. If anyone has a good deal of experience with the pro version post here, I'm looking to make a v2.0 of my FreezaBurn that'll work on the pro version. peace.

Villy

Heheh, I'd be successful in getting a deepfreeze frozen computer into a de-thawed state too, especially since I wouldn't have to do anything to the computer to achieve this :D

I currently use a combination of Deep Freeze, Ghost, and Symantec AntiVirus.

I'm still using the standard trial version of DF so I usually end up reimaging every 60 days. I still keep SAV around to protect the rest of my data from viral infections.

-{ Quote: "I do think Shadowuser & Deepfreeze could give a better technical view of how their software works such as DriveVaccine does, see this quote.
One thing i wonder about, If it protects against format while vacinated, if something got corrupt in DriveVaccine, How would you ever reformat?

"In addition to explicitly protected partitions, Drive Vaccine also protects any non-file system areas (such as the partition map) on any disk drive that contains protected partitions. Drive Vaccine will also refuse a request to do a low-level format on any disk drive that contains protected volumes."

controler" }-

It doesn't matter, all of those programs are easily bypassable. Ask the Russians who wrote the DF exploit which continues to work perfectly (even though it was written for versions 3.x) for up to version 5.4 (I've tested myself). Of course it isn't a simple "point and click sploit" but within about 5 or 6 steps nonetheless and with the help of our old friend Olly you can bypass any DF installation.

Just to be fair this isn't an actual vulnerability in the DF software but a poor and unfortunately PERMENANT coding mistake in the way windows handles things. Oh well, better DF then nothing. And better nothing then Norton! hehe.

-{ Quote: "It doesn't matter, all of those programs are easily bypassable. Ask the Russians who wrote the DF exploit which continues to work perfectly ..." }-Links to the exploit were posted by a non-russian in various forums (including Wilders, briefly) before it appeared on the russian sites. Unlike Wilders, which removed the post almost immediately, other forums, not so ethically-minded, continue to post the exploit, which has already been patched, by the way.

Who would want to hack Deep Freeze? Hacker-wannabes, or script-kiddies of the most childish mentality, I would guess.

It was a rather crude hack, anyway, requiring physical access to the computer, practically eliminating any home threat.

Why would one want to hack a public computer, or those in a computing lab at a school? DF does not protect data. Anyone wanting to steal data, once gaining access to the computer, wouldn’t have to worry about DF. Anyway, no school labs that I am aware of store sensitive data on those computers. All that is installed is the OS and MSOffice, and maybe some graphics program.

Besides, many schools, including where I work, have remote monitors in the labs on which the lab instructor can view a real-time screenshot of all of the workstation monitors. Any one using an Olly tool to manipulate hex data wouldn’t last but a minute or two.

But suppose one is successful? What has been gained? The partition is thawed, the hacker trashes the OS. So What? It’s a 5 minute job to restore the system via an image. So, the hacker so-called has gained a few minutes of glory. Big deal. :-\

More lasting fun for the hacker so-called would be to play with toys in a sandbox rather than hacking Deep Freeze.

So there! :-*

-rich
________________
~~Be ALERT!!! ~~

-{ Quote: "It doesn't matter, all of those programs are easily bypassable." }-

Really? Let's see, ProcessGuard "locks" (and can be set not to allow 'new and changed' applications), ditto NOD32 and ShadowUser (I do have to ask why RegDefend isn't that way, thanks for reminding me).

-{ Quote: "Of course it isn't a simple "point and click sploit" but within about 5 or 6 steps nonetheless and with the help of our old friend Olly you can bypass any DF installation." }-

5 or 6 steps ??? You have to have physical access to the computer in question? What an utterly quaint scenario - and what a total non-issue for the average home user of either DeepFreeze or ShadowUser.

How sad. Pete

Hi everyone. I just thought I would add my two penneth on the subject of deepfreeze as I have trialled it and now purchased it. I have read others comments about losing emails, but I have two hard drives on my machine so I have selected my own folder to save the mails which is away from the main frozen drive. (an unfrozen partition would do exactly the same) so now all my mails are saved. My ISP scans all mail with AV and I still run resident Kaspersky Personal. So what about my AV updates you may ask? Well, I unfreeze every four or five days (comp switched off at night anyway so a clean boot every day) and I still leave Kaspersky updating every hour. It just means that the more days you are frozen, the bigger the update size initially on restart, then hourly as normal. That way I am still covered by an excellent AV and no permanent changes are made to any of my main drive or windows unless I want it to. I also have PG installed to protect when in the unfrozen state as well as frozen. As for Program updates, I just save them all to a folder on the unfrozen drive and install them when I do my unfrozen maintenance and updates.
Others in the family share this computer so I have found this the best compromise in security and to stop any accidental tamperings. I would not run deepfreeze without all the usual AV, FW etc as you are putting all your eggs in one basket. Nothing is 100% but this has been the best compromise that I have found to date and I must say I am impressed with DF.

Regards to all,

Rollers

Hi folks. This has been addressed a little bit before, but not completely, so here it goes:

Many programs write to the Windows Registry, and expect that the Registry will exist as persistant storage for configuration, state, and possibly even small amounts of data.

Given this, how could it *ever* be sensible to use Deep Freeze on a single-user machine (i.e. not in a public lab)? Doesn't a frozen registry risk your software getting into an inconsistent state?

Thanks for the advice.

-{ Quote: "Many programs write to the Windows Registry, and expect that the Registry will exist as persistant storage for configuration, state, and possibly even small amounts of data.

Given this, how could it *ever* be sensible to use Deep Freeze on a single-user machine (i.e. not in a public lab)? Doesn't a frozen registry risk your software getting into an inconsistent state?" }-I'm not sure what you mean by "small amounts of data," but it's true that there are programs that store configuration settings in the Registry, MSWord, for example. So, if you want to change, say, spelling or grammar options, DF would have to be "thawed" before the settings would stick. MSWord recent file list won't stay current, since it's stored in the Registry. All of the Windows MRU lists won't stay current, since they are also stored there. And many other examples.

The software won't get into an inconsistent state - - that is, it won't stop working properly - - the Registry just won't keep those lists current.

So, it's true, if you want these lists to stay current, then DF would be inconvenient for you.

-rich
________________
~~Be ALERT!!! ~~

i installed the Deep freeze enterprise on my pc and i create a Full Workstation installation. I accidentally installed the DF5Wks.exe the one i create. i want to remove the Deep freeze the one I installed and when i press Ctrl+Alt+Shift+F6, it displays "Enter password". and i don't know the password. How can i remove the deep freeze installed?
plz help me. plz

-{ Quote: "i installed the Deep freeze enterprise on my pc and i create a Full Workstation installation. I accidentally installed the DF5Wks.exe the one i create. i want to remove the Deep freeze the one I installed and when i press Ctrl+Alt+Shift+F6, it displays "Enter password". and i don't know the password. How can i remove the deep freeze installed?
plz help me. plz" }-

email me @ hawthorneheightz @ gmail . com

-{ Quote: "i installed the Deep freeze enterprise on my pc and i create a Full Workstation installation. I accidentally installed the DF5Wks.exe the one i create. i want to remove the Deep freeze the one I installed and when i press Ctrl+Alt+Shift+F6, it displays "Enter password". and i don't know the password. How can i remove the deep freeze installed?
plz help me. plz" }-


lol. remedy for me ( i dont know with the others)-->>backup all important files/data from a different HDD and reformat it. Cos there is a possibility of unstable OS if you would try to bypass it on boot and delete it manually...cos i experienced it already, and my XP OS went unstable and dumb.

Post by Evil Genius removed pending Admin review.

Blackspear

LowWaterMark - The post in question will remain removed since it was discussing software exploiting or hacking methods, which is against forum TOS.

Deep Freeze has lots of problems. In our school's network we have over 500 workstations at about 12 different schools. We installed Deep Freeze on about 275 computers to see how robust it was and whether it lived up to its claims. Students crashed some of them even with Deep Freeze installed. One of the students told us how too. People were using the Recovery Console which appears as a choice in the OS Choices menu on some systems. Apparently, whenever you use the Recovery Console, Windows automatically adds it as a choice in the boot.ini file. And if that choice is made, the user has access to the computer before Deep Freeze loads.

Also, there is a small program students are apparently using to change the state of Deep Freeze without the password. They use it to thaw the machines without a password. One of the computer science students said it is easily found by those who look for it.

I would not trust Deep Freeze to protect a network of computers. It might be good at home to protect your own system, but not on a network. It's just not secure.

And I would read discussions and comments regarding Deep Freeze on other forums too, ones that are not heavily censored like this one is. Forums like governmentsecurity.org or hackinthebox.org or antionline.com or rohitab.

-{ Quote: "Deep Freeze has lots of problems... I would not trust Deep Freeze to protect a network of computers. It might be good at home to protect your own system, but not on a network. It's just not secure." }-Sorry to hear about your problems - I would suggest getting a more knowledgeable systems admin to straighten things out. We've had DF installed in more than 800 computers in our schools for several years, and have no problems.

regards,

-rich
________________
~~Be ALERT!!! ~~

Yeah, I agree with Marc. There's not much any admin can do, regardless his or her experience to prevent an unknown vulnerability from being exploited. Especially when not even the vendor is addressing the issue very proactively. It's been at least six months since the technique (now program) has been available to students to thaw Deep Freeze without a password. That's pitiful. Faronics should have long ago come out with an invulnerable version. But they haven't.

Faronics tells customers, "Yes, Deep Freeze will protect computers while administrators are logged on." This is simply not true. Administrators have total control of the machine: access to all directories, including root and system32, every part of the registry, and the ability to grant Full Control permissions to oneself as needed, the ability to attach to running processes with debuggers, the ability to run the shell under the Local System account, among other things. This has proven too much for Deep Freeze.

I suggest that if you run Deep Freeze on your network that you restrict users to Limited accounts. This way they cannot grant themselves the Debug Programs privilege, nor can they switch to the Local System account to escalate their privileges. Expanding privileges from a regular account is better than battening them down from an administrator.

Also, if changing over to the above is not practical, then I suggest at a minimum restricting the ability to logoff and logon. Have one account, and deny logoff/logon. This way administrators cannot obtain SeDebugPrivilege because it is necessary to logoff and logon for the privilege to become part of the access token. And, for obvious reasons, restarting would not work.

If people are referring to the Russian exploit from 2003, that was patched at least 3 builds ago. The newer builds with the 'polar bear' icon are not vulnerable. Compare the versions listed in the article against the latest here:

http://www.faronics.com/html/support.asp

There was a post in this thread mentioned changing the registry so that data in My Documents, etc. will be saved by default to D drive not C (Windows) drive, thereby remain intact after reboot. Can anyone show me how to change the registry for that purpose? thanks

My Documents is a Shell folder; the settings are here:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

The String Value for My Documents is "Personal"

Note that you can make this and other changes easily using TweakUI - a GUI for Registry changes (see image below)

You have to first create the folder on another Drive, then make your change above. Since the change is in the Registry, it must be done with DF thawed for the change to stick.

Windows 95/98/ME/2000
http://www.microsoft.com/ntworkstation/downloads/PowerToys/Networking/NTTweakUI.asp

Windows XP
http://www.microsoft.com/windowsxp/pro/downloads/powertoys.asp



regards,

-rich
________________
~~Be ALERT!!! ~~

Hi there,

first of all, sorry for my poor english (I hope to be understandable anyway).

I need DF to be run on unattended computer labs on an University, so I don't mind with unfrozen folders, and so on...I'm happy with ALL partitions/disks freezed; I'm also assuming this is not a very home-oriented product, instead it is a cyber/comp lab/library oriented one (although you could manage to accomodate it onto a home desktop).

I'm new to DF but I'm very interested on it. I've read this thread entirely, and I summarized some doubts/weak points:

1) someone said there is still some problems during daylights saving date/time changing (that is, on last saturday, october).

2) also has been said that if you fill the disk entirely while in frozen, and then reboot, problems again.

3) what about XP's recovery console? may it be loaded before DF kernel driver? could it confuse DF and break it?

4) I do need an scheduled maintenance module, so for example have the desktops thawed between 1:00am an 7:00am. What what about changing time if you are an administrator in the comp. lab's PC? you cannot change time interactively, (you are missing that privilege from the system), but you may circumvent by at least two methods:

(I am not sure of telling these methods now and here, may someone "ethical-poor" could use them to defeat a DF installation). May be moderator should explain how can I publish these... or maybe if one's interested I can send them by e-mail...

Anyway, the time syncing method should be stronger, ... what if some of your PCs got unsync'ed? how can you rearrange this?

maybe someone had faced these problems before and can tell me...

thanks a lot.

-{ Quote: "I need DF to be run on unattended computer labs on an University, so I don't mind with unfrozen folders, and so on..." }-In this case, you should use the Enterprise version of DF where as Admin you can control everything from a console. This is what we have at our University.

I've never seen a problem with Daylight Savings time changes there, or on my home version.

Your other questions are best answered by DF support who can address your particular situation.

regards,

-rich
________________
~~Be ALERT!!! ~~

Rmus>> I've never seen a problem with Daylight Savings time changes there, or on my home version.

Thanks for your answer, it's helpful.

Anyway, I need to be sure that I run maintenance mode during the real hours, that is, that nobody has changed system time, and I found a simple way (being Admin) that you can change the clock. And of course, in a corporate environment you need a thawed time window to do the changes..

I've contacted Faronics support and when I know a solution I'll post it.

thanks again.

Regards,

we use deep freeze in an internet cafe in the phillipines and on only one comouter we are having a problem when you install df and it reboots i get the blue screen of death and have to format the hd agin .
can anyone tell me what is causing thi? email me at arubinoff1@yahoo.com thanks

yes we are having the same problem as thriste1 describes here
we recently purchased DeepFreeze Pro, and it doesn't install properly on our new AMD64 systems, but when i installed it at a test machine with P4 it worked fine
any ideas on what the problem might be?

Does anyone out there have experience with some of the different drive security products? I'm wondering if there's been a bake-off between DF, Shadowuser, Drive Vaccine, and any others that are in the market?

-{ Quote: "Links to the exploit were posted by a non-russian in various forums (including Wilders, briefly) before it appeared on the russian sites. Unlike Wilders, which removed the post almost immediately, other forums, not so ethically-minded, continue to post the exploit, which has already been patched, by the way.

Who would want to hack Deep Freeze? Hacker-wannabes, or script-kiddies of the most childish mentality, I would guess...
" }-


IMHO, on my years of experience working on universities and lab environments the answer to your question comes down to one simple asset "bandwidth". All that juicy bandwidth to be used for whatever the hack wants, from downloads to massive coordinated hack attacks. Deepfreeze and deepfreeze like programs clean the hacker’s/crackers’s tracks at reboot, thanks Deepfreeze! I am surprise on how many people failed to look at their network utilization logs (if u read it, it will show). Sure you might not see it on the local machine after reboot but meanwhile the targeted victim by your 300 zombie machines will. This also could raises a question of your liability when you failed to provide the machine(s) used in an attack in a state that can be studied by digital forensics experts. A simple example of this happened to us in X library where a user purchase items using our machines with stolen credit card numbers, and later was caught by information found on the computer; information which would have been lost with Deepfreeze at reboot. There is still no magic security solution out there, a combination of tools and an active system admin is the best bet. Just my two cent plus tax.

Microsofts Shared Computer Toolkit is ok. You are able to do alot of user restrictions is you chose. Best part is it is free at present and easy to install.
Oh yea, it uses unallocated drive space. You leave at least 1.5 gig free when installing Windows OR, you use Terabyts drive program to reallocate space if you already have Windows installed.
Easy stuff.
controler

I have use deepfreeze in My computer rent for about 4 years, and it work good :) . But we must combine it with other things too like remote monitoring program that gives real time view of the users screen. It help alot,
coz now we can see either they use it to work normally(which i hope they do ;D ) or trying to pass the security measure :lurking: that i have set there(some people try but i warn them, so they stop >:( ). Anyway, nothing is 100% secure, human factor still required.

-{ Quote: "There is still no magic security solution out there, a combination of tools and an active system admin is the best bet. Just my two cent plus tax." }-

;D Agree with that ;D Very very much !! we cant rely only on one program :-\ .

Deep freeze is not secure because it has to be loaded on each computer and updates to the system are a multi step process. We found a new software called Persystent Enterprise that is amazing. It protects PC's by repairing at the file level, any unauthorized changes or corruption to the PC. But what makes it so different is that the repair happens pre-boot of th OS at every reboot!!!! There is nothing to load on the PC as it is a server based product designed for larger corporate environments. It truly is a breakthrough IMO. check it out www.persystent.com

The persystent product above seems interesting but appears to be for networks only. Maybe I am wrong? I am a Deep Freeze user who doesn't manage public kiosks, school boxes or anything else. Just my own single solitary computer. I think for individuals who are sharp enough to act as their home IT department and can handle the Deep Freeze nuances, it is a very good product for home use. I found this forum and this long thread through a Google search and am glad I did as there is some good reading here. I think Deep Freeze or ShadowUser are both great products. I see references to ShadowSurfer but don't see the difference between that and ShadowUser. I tried Drive Vaccine and another similar product but felt that the Deep Freeze and Shadow products were clearly superior.

I've been reading this thread, not for DeepFreeze, because I'm planning to use ShadowUser (SU) in combination with a hardware/software firewall and that's ALL, but both softwares have similarities and that's why I was interested in this thread.

I'm not a security expert, not even a PC expert. I consider myself as a less-knowledgeable user and I prefer to think like a less-knowledgeable user, even when I become a knowledgeable user, because that's the majority of users and these users need simple, not-disturbing and time-saving security solutions without too many softwares and as foolproof as possible.
If you think that the average user loves security softwares, forget it, they consider security as BALLAST, because it isn't a part of their job. These users work with application softwares to do their job.

AV/AS/AT/AK scanners are the most userfriendly security solutions for less-knowledgeabme users, because you don't need to be a genius to click on the scan-button and the remove-button.
BUT as an application analyst (not a security analyst), I consider scanners as the worst solution.
If I would fight against the bad guys, I would never collect their malwares in a definition-database, because that would be the same as following a cow and collect its droppings.
You don't fight this way, because that's a solution for losers. You don't run AFTER the bad guys, you run FASTER than the bad guys.
If you want to be a winner, look for smarter solutions, that are NOT based on what the bad guys do.
I'm not going to mention the many disadvantages of scanners, because I've done this already in other posts.
The bottom line is that these scanners don't have a future for several reasons.

ProActive solutions are only for knowledgeable users and security experts, not for less-knowledgeable users.
So these solutions, although they are very good, don't interest me.

If you put all scanners and proactive softwares aside, there isn't much left for less-knowledgeable users, except softwares like DeepFreeze, SU and others.
I don't say these softwares are the perfect security solution, but there is nothing else and I'm still waiting for a miracle to replace my favorite one : SU.
Don't understand me wrongly, I don't love any software and once I start using SU, I will do everything to prove, that SU isn't good either, but for the moment, I consider SU as the very best security solution, until the opposite is proven by REAL FACTS.

Of course SU has also disadvantages and the one that's bugging me the most is, how to keep the GOOD IMPORTANT changes on my harddisk without getting in trouble with OS and/or applications sooner or later.
Paranoid2000 has given some good examples in detail in one of his posts about this problem.
My opinion is that OS and applications never expected a software like SU/DF and their way of programming doesn't fit in SU/DF.

Is the setup of SU userfriendly ? NO not at all, because SU requires :
- a knowledge of partitioning your harddisk(s)
- a knowledge of image backup, which is always necessary.
- and above all a study of changeable objects (files, registry, ...) of EACH installed application software, which isn't easy and very important.
But once it's done by knowledgeable people, SU is one of the most userfriendly security solutions for less-knowledgeable users, I've ever seen.

I also admit that SU/DF has some weaknesses and the major one is the time between TWO reboots.
In that period any malware is able to do its evil job, if it has time enough.
Are scanners, proactive software, protection shields so much better to avoid this ? I don't think so.
That depends on how much you believe in these softwares. Believing in something is for credulous people, I prefer facts.
Security is an illusion and not only on computers, you only can minimize the risks.
If members are mentioning disadvantages about SU/DF, well look at the disadvantages of scanners, HIPS first.
I take my chances with SU and it will be the very best protection, I ever had.
In the very end, everybody does what he wants, not what others want. :)

Anyone have any luck using Symantec Antivirus with Deepfreeze? We bought SAV 10.0 and I want to be able to update virus definitions even if the comptuer is frozen. SAV doesn't let you choose the install directory, so you're stuck w/ the defaults on the C drive. Faronics (DeepFreeze) has a whitepaper on setting it up, but I can't get it to work. Any infor woulod be greatly appreciated.

Kevn, I too have the same questions about my AV application; NOD32. I was speaking to NOD32 support, and unless you have an enterprise version of both the AV and Deepfreeze, your best bet might be to install your SAV (Or any AV application, fo rthat matter) to a secondary "thawed" hard drive.

I'm tempted to try that, and according to the support guy, it didn't seem to implausible.

On a second note: I have a dual boot configuration (XP PRo 32 "Deepfreezed"and 64 bit) and just recently I experienced the BSOD (Blue Screen of Death)- which of course led to a complete reformat (thanks Killdisk) and reinstall! : (

I'd really like to know what may have caused the BSOD if anyone else has similar horror stories regarding deepfreeze and the dreaded BSOD?

I have now resorted to trialling Acronis True Image, and have some concerns that if I setup my Acronis "Secure Drive" that stores my clean Acronis OS image.. can I restore it at the sysytem F11 boot prompt of will Deepfreeze lock me out at boot too? (I seem to recall that Deepfreeze relies on booting from the frozen HD and not at system boot?)

Any clarification with this matter would be appreciated!

Lastly.. Do I... 1.) Image my clean unfrozen OS partition, 2.) install FreezeX , and lastly 3.) install Deepfreeze and freeze the OS partition?

Lots of questions I know, but I need to know this stuff! (and I'm scared of the BSOD monster!)

Sheeny

-{ Quote: "Lastly.. Do I... 1.) Image my clean unfrozen OS partition, 2.) install FreezeX , and lastly 3.) install Deepfreeze and freeze the OS partition?" }-After imaging,

1) Install Deep Freeze, reboot thawed

2) Install FreezeX, configure with desired settings

3) Reboot Frozen

For your other questions, I think to contact their Support would give you better help for your specific setup.

BTW - newer versions of DF work with Imaging systems-
"Install Using Imaging
Deep Freeze has been designed to work with all major imaging and desktop management software. Use either an Attended Install or the Silent Install System to install Deep Freeze on a master image."

BTW2 - did you receive the Faronics newsletter? You might consider upgrading to Anti-Executable (Half-off special) - some improvements over FreezeX. White List is auto-updated after installing a new program.

regards,

-rich
________________
~~Be ALERT!!! ~~

Thanks rich for that very informative response. Good sound advice certainly worth adhering to!

Highly appreciated!

Sheeny

Yes DeepFreeze is start locking your system at boot, they load some services call deepfreezehi and deepfreezelo. It happened before the shell programs is up, and the DF interface is on(the one that put its icon on system tray).

If you try to disable it by :
using boot option (pressing F8 and use command DISABLE):D , or
renaming the filename in dos mode:D (dont delete it-ull be sorry:-\ ),
Then your system will not up-crashed.(>:( ull still be sorry...>:( )

if you loose the password:gack: , just format it!:isay:

or you can put a word emiliano scavuzzo in google search toolbars....:isay:

its kinna hard to find this guy lately:wacko: ....(possibly blocking,sitedown,or something)....:wacko:

awesome... :) thats good idea, using FreezeX(AESTD.EXE) will make Deepfreeze security work just fine. It will make a whitelist::) , and no unexpected program will be able to run there....! excellent!!!;D

Is there any way to have ShadowSurfer start automatically on startup? The app loads and exists in the system tray, but with the trial it appears you have to "start it" manually.

K. Fresh install of winbloze. All software I normally use and most that I use rarely. This includes AV and AS(anti-spyware--I use Pest Patrol).I made a list before winbloze install. Mentioning installing all winbloze updates is not necessary is it? Do ghost image. After all that. Create "data directory's on seperate harddrive(or partition). Then remap system folders (my Docs and such) to seperate harddrive(or partition). Create folder on desktop for stuff ya want to keep across reboots, but do not want to keep permanently. Create batch file to backup and restore them during reboot(one of the data folders to be used to store them across reboots). Install DF. Reboot. k. Ony thing I have to remember is to run the backup.batch file b4 rebooting. The restore file runs from startup folder. One thing I found extremely annoying, and had to fix, is: I use Outlook. and forgot to map the pst file to a different partition. After four days of downloading the same spam with each day passing I got more of it, I finally thawed and fixed that up...

I have purposely infected my system from known sites that deliver spyware/virus's(disabled AV and AS) and rebooted. BAck to normal. Ahhhhhhh, I LOVE this program, who cares about the initial work to set it up? Once it is done, thats it!

J

oh--one more thing. Installed a registry monitoring tool so I could detect changes that setup programs do during install. If I have to reboot I export the reg files to an unthawed partition, then re-import after reboot. If I decide to keep the program, unthaw, reboot, import reg, set frozen, reboot..Done. If one use's linux all this rebooting gets annoying but, come on, even winbloze XP needs to be rebooted at least once per month...Once my kids are gone(another 10 years or so:-( I will go linux all the way....screw winbloze...AND there IS hope, my 16year old son asked me for my SlaxLiveCD the other day...wants to learn how to use Linux:-) so proud of him...!

Deep Freeze is an excellent program, however take the following steps before creating an image (cloning) a drive with Deep Freeze installed:
1. Run the Deep Freeze program, and fully uninstall Deep Freeze
2. Reboot and ensure the program is not only thawed but does not have Deep Freeze installed (run Deep Freeze installation, and if it says 'Install' then exit - you do not currently have Deep Freeze installed).
3. Clone drive
4. Reinstall Deep Freeze

If you accidentally attempt to clone the drive with Deep Freeze installed, simply repeat the steps above then clone again. Otherwise, if you do clone a drive with Deep Freeze installed, you will need to uninstall it by using the recovery console.

Deep Freeze is not 100% guaranteed to prevent hacking, as I can easily remove Deep Freeze. No details will be provided so please don't ask.

I use Deep Freeze Enterprise and could not imaging NOT using it! It's a necessity.

-{ Quote: "I use Deep Freeze Enterprise and could not imaging NOT using it! It's a necessity." }-
The function is a necessity, not DeepFreeze. Other softwares can do the same function : FirstDefense-ISR, RollbackRx, ShadowUser, ...

-{ Quote: "Deep Freeze is an excellent program, however take the following steps before creating an image (cloning) a drive with Deep Freeze installed:
1. Run the Deep Freeze program, and fully uninstall Deep Freeze
2. Reboot and ensure the program is not only thawed but does not have Deep Freeze installed (run Deep Freeze installation, and if it says 'Install' then exit - you do not currently have Deep Freeze installed).
3. Clone drive
4. Reinstall Deep Freeze

If you accidentally attempt to clone the drive with Deep Freeze installed, simply repeat the steps above then clone again. Otherwise, if you do clone a drive with Deep Freeze installed, you will need to uninstall it by using the recovery console.

Deep Freeze is not 100% guaranteed to prevent hacking, as I can easily remove Deep Freeze. No details will be provided so please don't ask.

I use Deep Freeze Enterprise and could not imaging NOT using it! It's a necessity." }-

Are you saying to image the drive you HAVE to uninstall Deep Freeze. If so this aren't a great solution. As Erik pointed out there are other solutions, that accomplish the same thing without this pain for imaging.

-{ Quote: "

Deep Freeze is not 100% guaranteed to prevent hacking, as I can easily remove Deep Freeze. No details will be provided so please don't ask.

I use Deep Freeze Enterprise and could not imaging NOT using it! It's a necessity." }-

Are not u conflicting urself?

-{ Quote: "Are you saying to image the drive you HAVE to uninstall Deep Freeze." }-In order to image/clone a drive with Deep Freeze installed you need to thaw and then set the clone flag. You then have to reboot with something like a Bart disc to create the image/clone. I got this information from Faronics support.

A bit of information about it here: http://www.faronics.com/whitepapers/DF_RapidDeployment.pdf

Having used this software on my own home pc's and at school pc labs. It is an extremely efficient method of securing a workstation. As many pros as it may have it also does contain many cons.

System takes longer to boot and after boot it does retain a abnormal level of lagging. If this software is to be run on your pc it is suggested that the computer have at least 512mb of ram or considerably higher to help fight the latency.

Also it maybe nice to have it secured but it is not in any way bullet proof. If you can find out what the system files and registry keys that were written in among installation it is very much possible to reverse engineer this software. I came particularly close to this goal but in the end it lead to a system crash and I re-installed the missing file with a NTFS Dos Boot Program. The other whole is the OTP tokens, which can have passwords generated by the admin consle, the only stipulation for OTP tokens is they must be generated by an admin consle with the same activation code, which is designated on the install of deepfreeze.

The pro version has some nice tools where you can schedule thawed boots or when the computer turns itself off at the end of the day, and it does have a thawspace but the thawspace is limited to a very small 2 gigs.

Overall the program gets the security job done but when it comes time to the system running smoothly, only the constant maintenance reboots and latency that kills my overall satisfaction with this software. My suggestion, if you format before install, make a seperate larger partition for storing your files and installing programs. The only thing this program should freeze is the windows platform itself, or in its essence, the fixed C: drive. Upon install you can if desired choose any other partitions you wish to freeze as well.

-{ Quote: "System takes longer to boot " }-I recently did a comparison responding to a thread in the Poll forum and with DF frozen, my computer takes 30 seconds longer to boot up. Is your time longer than this? This doesn't seem like a huge amount.

-{ Quote: "and after boot it does retain a abnormal level of lagging. If this software is to be run on your pc it is suggested that the computer have at least 512mb of ram or considerably higher to help fight the latency." }-This seems strange. DF requirements are the same as the OS. SO, if you have the recommended amount of RAM that your OS requires, DF shouldn't drag your system. I've just now been watching the task manager, and the DF process uses 3.8MB of memory. In doing routine operations I don't see any increase in memory usage, and have never noticed any latency problems.

-{ Quote: "Also it maybe nice to have it secured but it is not in any way bullet proof. If you can find out what the system files and registry keys that were written in among installation it is very much possible to reverse engineer this software. " }-It's already been done, but since the hack requires physical access to the computer, it's a moot point for the home user. System admins by now have implemented measures to prevent it in institutional environments.

-{ Quote: "The other whole is the OTP tokens, which can have passwords generated by the admin consle, the only stipulation for OTP tokens is they must be generated by an admin consle with the same activation code, which is designated on the install of deepfreeze. " }-If someone were to gain unauthorized access to an admin console, that admin should be replaced. In the two educational environments I'm familiar with, this occurence could not happen.

-{ Quote: "The pro version has some nice tools where you can schedule thawed boots or when the computer turns itself off at the end of the day, and it does have a thawspace but the thawspace is limited to a very small 2 gigs. " }-This is probably why the thawspace feature is not implemented in the Standard (Home) edition, since as you suggest, the user should format to have at least two partitions.

The thawspace (virtual) partition is designed for institutional environments where users - such as educational faculty - have some storage space for data and power point files, for example.

-{ Quote: "Overall the program gets the security job done but when it comes time to the system running smoothly, only the constant maintenance reboots" }-I'm not sure why you have constant maintenance reboots. It is true that if a user makes many frequent changes to the system, DF is probably not the ideal program.

-{ Quote: " and latency that kills my overall satisfaction with this software. " }-Can you post your system specs? Just curious why you have this latency problem.

regards,

-rich

I will do the recommended for posting the system status when I return to the lab on monday. As far as actual memory and processor speed, these computers should not lag under deep freeze, they are 2.8ghz processors with 256mb of RAM, I do think the RAM should be pushed up. I also think these computers need to be wiped out and restarted and partitioned. And as far as needing constant maintenance these computers are used for the publication of the yearbook so we constantly put on new tools, such as scanners, card readers, printers, etc... In the end of last year they installed deep freeze on these computers and the tools were obtained in intervals so the constant maintenance was required to install each.

Just a question, would it be more likely to run more securely and faster if you have one main partition for windows and all its components, then install all other programs on the second partition.

I agree, the systems you describe would seem a bit thin on RAM. But installing Deep Freeze should produce no extra drag on the system, according to Faronics, and that has been my experience also.

-{ Quote: " In the end of last year they installed deep freeze on these computers " }-I assume they were reformatted at that time. That is the only way to insure a clean, lean system. Especially the Registry.

-{ Quote: "and the tools were obtained in intervals so the constant maintenance was required to install each." }-I see now what you mean by "constant maintenance."

-{ Quote: "Just a question, would it be more likely to run more securely and faster if you have one main partition for windows and all its components, then install all other programs on the second partition." }-Would it run Faster? It has not been my experience that it would be faster; what tasks seem slow? When you Thaw, do these tasks run faster? Does this happen with all of the computers?

More securely? As long as both partitions are frozen, it won't change the security status. Both *must* be frozen or you invite trouble with people messing with your programs' files on the second partition. Only the Thawspace Drive should be accessible by users.

You mentioned the 2GB limit for the Thawspace: If you are referring to your yearbook stuff requiring a lot of space, you could

1) make a separate larger thawed partition on the computer just for that data

2) use an external USB drive as a data partition and store off hours in a secure place.

regards,

-rich

Well, I figured that they would have wiped them clean but they didn't. The computers were never on the network, therefore no internet, so they just installed deep freeze as is. They run incredibly slow on just about every level for some reason. Every computer runs slow frozen, and noticeably faster thawed. The biggest slow points are with microsoft office, picture manager, ie, and other scan programs. I think that this level of security is unneccessary as they have websense, and sophos installed on these computers. The best I think for this environment is to image them, relay the image at the end of the year. Budget is pulled tighter as new cameras, and other tedious tools were purchased, so an external drive is out of the picture for now but has been looked at, if they continue to run deep freeze it'll soon become a needed item. A 2g thawspace is nothing when all these pictures are high resolution and take up major space.

As for having two partitions, one for windows frozen, and one for smaller side programs thawed, I figure you just leave windows frozen, the other partition thawed, and as long as drives remain unshared, and the firewall in order it should be safe.

-{ Quote: "Well, I figured that they would have wiped them clean but they didn't... Every computer runs slow frozen, and noticeably faster thawed. The biggest slow points are with microsoft office, picture manager, ie, and other scan programs. " }-You might format/reinstall one just to see if there is a difference.

-{ Quote: "As for having two partitions, one for windows frozen, and one for smaller side programs thawed, I figure you just leave windows frozen, the other partition thawed, and as long as drives remain unshared, and the firewall in order it should be safe." }-This sounds workable in your situation. In a computer lab with hundreds of users daily, it would be a disaster, as the wannabe script kiddies would have a ball if they discovered an unfrozen partition.

regards,

-rich

Yes, thats what I definately am looking to try as soon as possible.

Point taken, I can definately say not in this generation but in following years it wouldn't be worth it, and assuming the district would cooperate with anything outside of their single partition format. The best method this situation is seemingly a fresh start, freezing, and a network drive for the best results lastly and if possible the bumping up of the memory.

I would be interested in what you notice different after formatting/reinstalling one machine.

You didn't say which OS you use - I'm guessing Win98 since your Thawspace has a 2GB limit.

regards,

-rich

No actually, these machines are XP, just the district is running deep freeze 4 pro, so its quite a different story, I myself have been testing the enterprise edition 5 at home, but am on a different system at the lab. And I will be sure to post back the results come time to the end of the production.

In that case, unless there is a limit in the older versions of DF:

"Workstations running Windows 2000 or XP can host a maximum ThawSpace of 1 TB when using the NTFS file system or 4GB when using the FAT32 file system. "


(Win 98/ME have a limit of 2GB)


regards,

-rich

Thats a strange issue, and oddly enough its still maxing at 2g, it must be something with how old this version is, I mentioned I was testing enterprise 5 at home and it is as you stated, and the version 4 pro, its limits seem a bit more restricting regardless of the OS.

Yes, it must be a limit of the older versions. DF is up to v.6 now.

I do like your thought about saving files to another media.

I'm going to purchase DF for my laptop which presently has just one partition. Rather than creating another partition (I would have to purchase a partitioning program), I think I'll just write files to a USB stick. Mostly word processing files, photo work, email, internet, while on the road.

regards,

-rich

look at this ~Link Removed - Ron No links to cracks allowed here on the forums~ Many people hate this software, because it makes irreversible problems in case you don´t uninstall it the way these pirates want it.

Wups, I did not see any cracks, I only read the text nothing else. The text is related to a old version of deep freeze I guess, today deep freezes simulates 2 floppy drives inject some kind of kernel sys into bios and blocks floppy from loading, so far my experiences what I´ve seen on my dos screens.

They run their bad code into cmos that creates the illusion of a second floppy and blocks all floppy drives and
you are treated like a minor citizen from this faronics company, incredible that no one actually went to lawyer
to obtain payments for the damage they do on many many systems with their cmos infiltration.

Saving to external media I think is one of the best things to do with this security style, because if deep freeze has any faults there goes your Thawspace...We already had this happen once in the lab, the problem we pinned down to the latency was by district setup fault. They run sophos anti-virus underneath the deep freeze, any common sense tells you an antivirus is needless on a frozen machine, but they had the auto update for every 2 or 3 minutes which as we all know background involved updates eat through memory. So today I thawed one, turned off the updates, then froze it back and it worked just fine. Thankfully this latency problem is fixed but its still I.M.O that this isn't the greatest possible security method for this lab.

More than likely upon reading the EULA when you install deep freeze on any computer you will see that they have somehow stated this. I haven't read it myself but usually if their going to do something with mal scripting or any other negative effect they write it in the EULA and lets face it, nearly no computer user actually reads it when they install a program. Lastly they see it fit to be a security measure, whoever installs deep freeze on a computer should be able to uninstall it, so if the computer was stolen and deep freeze mishandled its kind of like self destruction method.

Well, the latency problem is now understandable! However, you can make a case for running other security with Deep Freeze if the workstation is on a network. DF doesn't prevent the installation of malware, it just removes it on reboot. So, something could install and connect out, until the user rebooted.

However, AV is not the most practical, since it is not reliable, and needs the updates. Software restriction policies, running as limited user, and other means, would prevent the installation of an executable. These are the measures I'm familiar with in the school where I worked.

-{ Quote: "Saving to external media I think is one of the best things to do with this security style, because if deep freeze has any faults there goes your Thawspace..." }-Yes, Thawspace is not the best setup for your lab usage. In our campuses, Thawspace is used by instructors to store classroom files, presentations, etc, which each instructor, of course, backs up. No one would store important data (like your yearbook files), or grades, student information, etc.

-{ Quote: "Thankfully this latency problem is fixed but its still I.M.O that this isn't the greatest possible security method for this lab." }-I wouldn't write it off - it's still great protection in institutional environments - just write files to external media and store in a safe place.

I'm sorry - I don't understand what you are saying in your last paragraph.

regards,

-rich

Thanks, its pretty understandable after all that, but the last paragraph was about the previous post, about deep freeze leaving a kernel in the floppy drives. Which in its own was kind of confusing

Somewhere I posted a dos screen about the df kernel in floppy bootloader sector.
You recognize deepfreeze cmos infiltration when you hear a little click or clack sound with every reboot.

Beside it is impossible to reflash this protected area, the first bootblock remains unflashed, no matter how many times you reflash the bios. Probably the only method to remove this sh*t without further knowledge about the assembler technique is to insert a new cmos chip.

And now someone should tell me that bios rootkits will remain science fiction, if such a unimportant security tool is already able to overwrite and infiltrate the cmos, what will then sophisticated rootkit code be able for??

Such a shame that motherboard companies are that kind of passive concerning this high risk.

Hopefully bios will not survive the new mainboard era in future. It´s the weakest point in on board hardware.

here the screen of deep freez mess:

http://i6.tinypic.com/1zh0l00.jpg

To fully understand what happened look at this thread

LINK (http://www.wilderssecurity.com/showthread.php?t=138588)

-{ Quote: "today deep freezes simulates 2 floppy drives inject some kind of kernel sys into bios and blocks floppy from loading" }-Are you sure about that?

Why would they try to stop a floppy from loading? If they did mess with the CMOS to stop booting from floppy, why would they state the following?

-{ Quote: "
Securing the System
The CMOS should be configured to prevent booting from the floppy drive or CD-ROM drive (i.e. set to boot to the hard drive) and the CMOS must be password protected. This is a normal precaution for most public access computers. The Windows Registry, the computer CMOS, and the boot sector are protected by Deep Freeze from within Windows." }-

Once there must be a version that was vulnerable against floppy attacks, so they may have thought locking the whole floppy bootblock would be the right thing with fatal consequences for you as user.

-{ Quote: "The Windows Registry, the computer CMOS, and the boot sector are protected by Deep Freeze from within Windows." }-

That´s the core problem. They want to protect hardware things which is highly vulnerable (pirates or hackers thats how I call those guys, nothing more), if you manually uninstall deep freeze your cmos will likely irreversibly damaged.

Everyone should have the power to uninstall anything manually, we are no minor citizens, but faronics wants to degrade you to that kind of kid level that gets no possibility to change things by his own will. Silly and destructive methods. This is what you have to know before you play with dangerous software like this.

I remember that there was one guy who made anti-deepfreeze software and started a private fight against faronics, he always broke their latest version with a antifreeze software. So you see if you think you are secure with deep freeze you should test the anti freeze tool. It´s some time ago I don´t remember the authors name but google, maybe you will find him.

A tip for dfreezers: To manually uninstall deep freeze use multiboot environment and erase their driver from another windows.

-{ Quote: "
A tip for dfreezers: To manually uninstall deep freeze use multiboot environment and erase their driver from another windows." }-

how exactly do you do that and can it fix the blue screen of death problem if it occurs?

I know that very exact, because I already did it and followed a manual of the deepfreeze foe nr.1

Look what FProt tells about their bad methods:
(You can consider it as viral code they use to prevent cmos floppy access)

http://i14.tinypic.com/4876obd.png

-{ Quote: " today deep freezes simulates 2 floppy drives inject some kind of kernel sys into bios and blocks floppy from loading, so far my experiences what I´ve seen on my dos screens." }-I have to agree with SpikeyB on this - it doesn't make any sense that DF would do such a thing. Don't you think that if this were true, that others would have discovered it by now?

Over the years, I've noticed that disgruntled DF users fall into one of several groups.

1) those who purchase DF but don't read the Users Guide, and mess things up.

2) those who obtain a copy illegally and don't have a Users Guide, and really mess things up.

3) those in either of the above who fiddle around, deleting/attempting to modify DF files, and really, really mess things up.

4) those at schools who get angry because they can't use the school computer as if it were their own.


-{ Quote: "Everyone should have the power to uninstall anything manually, " }-It's pretty much accepted today that when you "buy" most software, you are really purchasing a license to use it, and must indicate that you understand the license and agree to it. If it states how the program must be uninstalled, then the person who uninstalls in a different fashion has only herself/himself to blame.

As far as cracks - they come and go. As kareldjag is fond of saying, "A piece of code can theorically be bypassed and broken by another piece of code."

The cracks you refer to don't work on the current versions. In the past, they have required physical access to the computer, which makes it a non issue (or it should) for the home user.

regards,

-rich

Fact is DF messed up my bios floppy bootblock.

I used a demo, wanted to test this horrible software, then like often I uninstalled the software manually. I could remove anything except the cmos block.

Maybe in the latest version they have solved this problem, but I doubt.

I stay on my opinion that it is a damn dangerous software that can harm your bios and kill the ability to access the floppy forever until you change the cmos block.

-{ Quote: "I could remove anything except the cmos block." }-

so how do you do that?
what files do you remove?

Maybe you should try d. unfreezer, I don´t want to give exact comments related to this theme. Search yourself.

I have it but it does no good when the blue screen of death comes around
(crashes with error in DepFrzLo.sys)
strange but I got this error after installing both .NET 3.0 and IE7 on 4 out of 6 machines

Hi, folks: I have DF standard for a while, lately I added .NET 3.0 and upgraed to IE7 w/o any sort of problem except one. The BSOD you encountered may not be caused by DF. Do have any other IE plugins may not sit well w/ new IE7? I used to have an adblocker type product it did cause BSOD after installing IE7, and the problem solved after removing that app. Good Luck.

its was a fresh Windows install just frozen and I decided to add IE7. I don't have any addons except for the default addons that come with IE7 (not even new version of flash)
The error is definitely with DF (though it may be windows' fault) as the BSOD states an error in DepFrzLo.sys and if I try to run the computer in Safe mode even in Safe mode with command prompt only I still get a crash when Windows is trying to load DepFrzLo.sys

Hi,folks: DF,s DepFrzlo.sys is a kernel driver. If an error was issued by it, that could indicate a conflict of driver at kernel level. Do you have some apps initiated at kernel level? BTW, you said there are other 2 of 6 machines having no problems? Do they have identical apps lineup as the troubled 4 ? If there is no errors w/ the good 2, then the integrity issue of DF is out of the way. IMO.

the six machines have absolutely identical hardware and as much of identical software as humanly possible (however they are not build from image) The only kernel software I think is Daemon Tools (actually I'm not sure it installs anything at kernel level) and it was there before installing deep freeze and everything was fine. So it's either IE7 or .NET 3.0 that caused the conflict. after I reinstalled everything I installed IE7 and .NET 3.0 and installed deep freeze after that. I have no problems for week now. I had DF on 16 machines before and they run for years with just one BSOD with the same DepFrzLo.sys error but then I think it was hard drive failure and the crashes didn't come after installation in unfrozen mode. So I was stunned when these 4 machines failed. I didn't even bother to backup or image any of them because I was so confident that no problems can possibly occur and the hardware was brand new.

We use deep freeze in our college library comptuter lab. It works well with one problem that has persisted. It results because students are not the best at making backups (incredible revelation, right?). Word can be configured to save autorecover backups which will save your butt when you haven't backed up that 10 page report that you have worked on for three hours. But the autorecover is of limited use in Deep Freeze.

If the students responds when facing a system lockup by rebooting the computer, all timed basckups made to the hard drive are eliminated. Deep-Freeze dutifully restores the computer like Cinderella's godmother to the condition it was at midnight the night before. Back to the ashes for the student.

Each student in our college DOES have a novell folder for file storage. If you logon to Novell with username n0007832 you will have a folder on the public server called "n0007832". That data does not get eliminated. Logicaly the timed backups should be stored in these folders.

However, word can only be configured to save autorecover files to ONE location which is set in Tools--Options--File locations. If we set the "autorecover files" to go to folder.../n0007832 then that would be of no applicability for student n0003232 etc.

I have been told that if we leave a folder on the hard drive "thawed" then the purpose of deep-freeze has been defeated. Also we would allow new students on a machine the option of reading backups from a previous user.

Does anyone see a way around this conundrom?

Jim Bruce

I assume you have the Enterprise Edition installed for the lab, where a virtual Thawed drive T:\ is created upon installation on each workstation. You can point the ASD directory there.

T:\ is used here by instructors and students to store classroom presentations and files, etc. They know it's not secure, but it gives them a temporary storage place.

-{ Quote: "Each student in our college DOES have a novell folder for file storage." }-Then, standard procedure should be that the student, upon creating a new Word document, does File|SaveAS to his/her Novell folder, giving the document a file name. A Ctrl + S save should be done regularly while working on the document. Then in the worst case scenario, the document up to the last save is in the Novell folder, no matter what happens to the ASD temp file.

AutoSave/Recover is a great feature, but I wouldn't depend solely on it.

regards,

-rich

I work for a Junior college and we run DF in most of our labs. I say most, because the one department that needed DF most, the Computer Science department, hated DF even though their lab coordinator had full control of it. Sloppy work on the part of the Lab Coor led to a bad rap and DF being uninstalled. There was a complete lack of understanding about what the program did, how it worked. Although we don't manage labs, we do babysit three. Between DF, imaging, and WSUS, we literally set them and forget them. All the other lab folks love the product. Look at all the time saved since they don't have to clean up after students. The only problem we've had is if the Lab Coors don't leave their labs on at night for the update maintenance period and things get out of sync, but it's a usually easy fix of thawing and letting the pcs finish the process. I love the product, and I feel it's just another part of our security tools.

-{ Quote: "I love the product, and I feel it's just another part of our security tools." }-
DeepFreeze is a recovery tool, not a security tool. DeepFreeze doesn't see the difference between a good object and a bad object, only security tools can do that.
DF doesn't remove a bad object, because it's malware. DF removes it because it is a harddisk-change, which means that DF also removes the good changes.
That is also the reason why DF is better than all existing scanners, because it doesn't need signatures to remove malware, it considers each malware as a harddisk-change and that is the most perfect killer of malware you can get, because all infections have one weakness in common : they change your harddisk.

-{ Quote: "DeepFreeze is a recovery tool, not a security tool. DeepFreeze doesn't see the difference between a good object and a bad object, " }-Hello ErikAlbert,

Good and bad are relative terms.

In an educational environment, any changes a student makes to the Hard Disk are bad (=unwanted).

So, Reboot-to-Restore (=Recovery) removes these changes.

From the standpoint of a System Administrator, this secures (=provides security for) the workstation.

I think this is the context in which AMac was using the word security when he said,

-{ Quote: " I feel it's just another part of our security tools." }-


-rich

-{ Quote: "Hello ErikAlbert,
Good and bad are relative terms.
" }-
Sorry but I don't agree, good and bad objects are a fact and do exist.

What you decide to do with good objects is relative. Some environments don't want them, like in schools, while other environments want to keep good objects.
I just don't want recovery softwares being confused with security softwares.

If DF was a security tool, it would keep the good changes and undo the bad changes, but that doesn't happen, it undoes good and bad changes.

An interesting question is : "Do you really need the good changes, if you always boot in an unchanged harddisk ?"

-{ Quote: "I just don't want recovery softwares being confused with security softwares." }-OK, I'll describe Deep Freeze this way: it is a software which adds to the security of the workstation (=keeps it secure) by rebooting to previous good state.

How is that!

Deep Freeze denies by default the saving of any changes to the hard drive while in Frozen Mode. There is no option to commit|save any changes.

You can understand how this bullet-proof solution is ideal for educational environments where there is no option for the user to save anything.

Now, this is not so convenient for some home systems, and requires at least two partitions, one of which will stay Thawed (unfrozen) so as to permit saves to disk for user files.

And so, it's interesting to watch the development of similar products which will permit saves during the current session without requiring a reboot.

A benefit to everyone of the competiveness of the software industry is the different solutions becoming available to meet different needs.

-rich

-{ Quote: "OK, I'll describe Deep Freeze this way: it is a software which adds to the security of the workstation (=keeps it secure) by rebooting to previous good state.

How is that!" }-
Very nice explanation. Sums it up perfectly.

Thanks,

Chris

Hello Chris,

Haven't seen you around here so much lately. Are you still testing?

I wonder if people notice two products in your Sig: Viguard and Unhackme.

I remember being impressed with your results with Viguard last year when everyone (who could test) went to that strange site with the drive-by download.

With respect to Deep Freeze: somewhere buried in this long thread are some posts asking why Faronics doesn't make the Home edition of DF capable of changing to Thawed state without a reboot, or being able to commit changes while in a Frozen state.

Personally, I'm glad they haven't compromised the strategy of their program.

Also, I assume it would be difficult to do. DF does not load the partition into RAM, nor work in a snapshot. Those methods, it seems to me, make it easier to provide options to save changes, change state without reboot, etc., as are being developed in other reboot-to-restore programs

It's a solution designed originally for specific environments, and I'm glad they have provided a Home (Standard) edition for those who prefer such a solution.


regards,

-rich