Freezing Snapshots

FYI, in case you didn't know this yet and to whom it may concern, because freezing doesn't seem to be very popular amongst FDISR-users.

"Freeze Snapshot" acts also as an "update" of a frozen snapshot.

For instance, if you want to change a setting in a software and you want to keep it.

1. Boot in the frozen snapshot.
2. Make the changes.
3. Freeze the snapshot again.
4. Reboot in the frozen snapshot as recommended by FDISR.
The changes are kept in the frozen snapshot.

So you don't need to "unfreeze" the frozen snapshot.

I assume that this also works for adding new softwares to a frozen snapshot.
If the new software requires a reboot right after installation, you have to "disable Pre-boot" first otherwise the new software will disappear.

 

Does disable pre-boot keep changes to a frozen snapshot, or do you have to unfreeze? I was under the impression that an unfreeze with the "Keep frozen storage" option selected was the only way to retain changes through a boot.

 

If you click on freeze, read the remarks of the first wizard screen, which clearly says and I quote :
"To temporarily prevent the frozen snapshot from being restored, disable the Pre-boot before booting."

I didn't test all of it, I only changed a software setting, not a complete install of a new software, but it must be easy for you to verify this.
If it isn't true tell me and I will test it myself, but it seems logical to me that it is true.

 

cthorpe,

I un-installed three software with this method.
Two reboots (with disabled Pre-boot) were required to uninstall two of these softwares.
Then I freezed the snapshot again and all three softwares are uninstalled.

If it works for uninstalling, it also works for installing and I didn't do any unfreezing.
So this method works properly as I assumed from the beginning.

 

try to learn about FD ISR,is it possible to do the same thing as Erik did by next booting into a different snapshot and than copy/update the revised snapshot,than there is no need to freeze at all.or i am missing something ?
huupi

 

No there is no difference, the final result is exactly the same.
Except that you have to do this manually each day, if you want a clean snapshot.

A frozen snapshot doesn't require any work, but you have to wait a little longer during the reboot. The cleaning is automatically.
In my case it's 90 seconds to reboot in a frozen snapshot, not that bad.

I'm working on a new security setup and a frozen snapshot fits in my plans.
I'm also very lazy and avoid any use of my keyboard, if a mouse can do it. I even count my mouse-clicks.

 

I hope Nuance's Dragon Natural Speaking can read my lips, so I won't need my vocal cords.

 

I just want to add that I recently incorporated the frozen snapshot method into my system setup and I like it. Basically, I have three snapshots: Gaming, Primary, Surfing.

The Gaming snapshot is optimized for playing games. Everything else has been stripped off.

The Primary snapshot is my normal system for everyday use.

The Surfing snapshot is the frozen snapshot. It is designed for security with FD-ISR acting as a "sandboxing" application.

So far, things are working very well. My thinking is that under the Surfing snapshot I will be able to contain almost any nasty that I encounter while surfing the web and upon the next reboot it will be snuffed out.

Raxco is my favorite software company!!!

 

I have a similar frozen snapshot and yes all threats will be removed during the next reboot, much better and faster than any existing scanner or group of scanners.

Although the removal is complete, a frozen snapshot doesn't stop the execution of possible threats, installed in the snapshot during wild surfing.

That's why I installed Faronics "Anti-Executable" (AE) in my frozen snapshot.
AE creates a whitelist of all your good executable objects and those keep on working. Any not-whitelisted executable object won't be able to install or execute itself.

I removed all my scanners in this frozen snapshot, because they are useless.
I just kept the firewall and removed all the rest of my security softwares.
I even think of buying it (50% reduction till 2006.09.15)

 

Why do you need an anti-executable? Wouldn't anything that executed still be confined to the current snapshot? If so, whatever was executed would be snuffed out during the next reboot. I guess if you executed something that arbitrarily started deleting data off of the hard disk, that could spell trouble. However, installing a program designed to stop all executions seems like overkill to me. Your thoughts ErikAlbert...

 

Do you have a link to 50% offer? I couldn't find it on the Faronics website.

Thanks.

 

A frozen snapshot allows malwares to install themselves on your computer, while you are surfing.
During TWO reboots malwares could be activated to do some nasty things like stealing your data (= execution).
A frozen snapshot will not stop the malware of doing its evil job and as long you don't reboot the malware keeps on stealing your data until it is removed by the next reboot.

Anti-Executable doesn't stop all executions, only the executables that are NOT whitelisted.
In other words all your legitimate applications keep on working properly, because they are whitelisted by AE.

I don't know how all these different malwares work in detail. If I was a malware expert, my knowledge would be big enough to know how to stop them. I just don't take any chances, because I'm a newbie, not an expert.

I have AE only a few days on my computer, so I have no practical experience with it.
I like the principle of this security software, because it says clearly what it does and it isn't based on a blacklist, like many other security softwares.

If you are convinced that malwares don't have any chance to do something bad between two reboots, don't use AE.

 

While rebooting a frozen Snapshot would remove all of the "baddies" that you might have accumulated, a Trojan would still be able to "phone home" your private information while you were surfing, that is, BEFORE it was removed during your reboot.

Acadia

 

Thanks for the example man !!! I know so little about malwares, that I couldn't give any practical example of this.

 

I have a question for ErikAlbert.
Why do you say two reboots? I thought that one reboot would take care of everything that was not in the snapshot when it was frozen.

I also have a question for Arcadia.
This "Surfing" snapshot that I created has everything stripped out of it. In other words, there is nothing that is in the snapshot that is of a personal nature. Unless I'm missing something (which I very well may be), wouldn't the trojan have to have specific knowledge about navigating FD-ISR to access anything of a personal nature contained on my primary snapshot? I don't care if the trojan phones home my porn surfing habbits.

 

Dallen, you are correct. IF YOU DO NO BANKING of any kind, never use your credit card, never use any passwords or user names, then yes, as far as I can understand this stuff, you would not even need to fear Trojans that will be erased at every boot. Somebody PLEASE correct me if I am wrong about this.

Acadia

 

On Monday at 09:00am you reboot your computer and frozen snapshot is clean again.
On Monday at 05:00pm you shutdown your computer.
On Tuesday at 09:00am you reboot your computer is clean again.

From "Monday 09:00am - reboot" until "Tuesday 09:am - reboot" your computer was on-line during 8 hours between two reboots.
If your computer was infected it happened during these 8 hours or between two reboots.

 

This is the original description of your Surfing Snapshot and nothing is mentioned about existing or non-existing private data.
That's why I mentioned AE, based on poor information.

 

There is the link to 50% offer :
http://www.faronics.com/news/quarterly_q2_06.asp

 

Thanks for the info here you guys.
Love the tutorial on "freezing' E-A

Is there really any definite evidence that installing a trojan/rootkit that might goes to kernel level in any snapshot would be wiped by freeze/unfreeze or delete snapshot?

be patient with my limited knowledge

@dallen

Have you gone to any of the security scan sites to check what info you are exposing in your stripped down snapshot?

Regards.

 

@E-A Thanks for the link. Trying to make last minute decision if it's useful in my setup. Discounted price is right!

Rob

 

I can't answer that question, only a true expert can give you an answer.
Personally, I assume that all snapshots are separated from one another and that malwares can only infect the current snapshot and not the other snapshots at the same time.

At this moment, I have 4 snapshots :
1. One snapshot without internet connection, without security softwares of any kind and without internet softwares, like email-softwares and browsers.
This snapshot is supposed to be always clean, because it has no internet connection.

2. One frozen snapshot with internet connection but only protected by a firewall (Look 'n' Stop) and Anti-Executable.
This snapshot is supposed to be clean after reboot, because it's frozen.

3. One working snapshot with my classic security setup.
There is no guarantee that this snapshot remains clean, unless I refresh it every day with a clean archived snapshot.

4. One rollback snapshot to save my working snapshot.
Same as the working snapshot.

 

I have another idea which I believed might be a better solution than freezing a snapshot. Freezing a snapshot will require extra space on the hard disk. So, instead of freezing, we can export the snapshots to another external media, say DVD. After messing with the snapshot on the hard disk, we can easily import the snapshort back, hence not requiring freezing.

Please note I did not test the above method yet, but my common sense told me it should work. I welcome any opinion about my suggestion.

 

Freezing does more than that. Freezing automatically restores your operating snapshot to the state it was frozen in each time you reboot. Many of us have noted that we often export snapshots to external hard drives. DVDs ? ? ? Brrrrrrrrr.....not until hell "freezes" over!

Once you fully understand freezing, then your common sense will make what I said obvious.