Deep Freeze Experiences

Like I said, Deepfreeze would be a better deal IF they would offer a single user PRO lic.

That is why I would pick Shadowuser.

Shadowsurfer is more like Deepfreeze.

Although If you are using PG you should be covered unforzed-thawed.

& of course Deepfreeze has it's anti executiable program that goes in compliment to Deepfreeze.

I was hoping some of those posting here that have connections with Deepfreeze would advise them to try a 1 user lic for the Pro version.

controler

 

I do think Shadowuser & Deepfreeze could give a better technical view of how their software works such as DriveVaccine does, see this quote.
One thing i wonder about, If it protects against format while vacinated, if something got corrupt in DriveVaccine, How would you ever reformat?

"In addition to explicitly protected partitions, Drive Vaccine also protects any non-file system areas (such as the partition map) on any disk drive that contains protected partitions. Drive Vaccine will also refuse a request to do a low-level format on any disk drive that contains protected volumes."

controler

 

I have an experience with this program, before pro version came out my engineering teacher challenged the class to see if they could get the computer in a de-thawed state. I was 17 at the time and I was successful. If anyone has a good deal of experience with the pro version post here, I'm looking to make a v2.0 of my FreezaBurn that'll work on the pro version. peace.

Villy

 

Heheh, I'd be successful in getting a deepfreeze frozen computer into a de-thawed state too, especially since I wouldn't have to do anything to the computer to achieve this

 

I currently use a combination of Deep Freeze, Ghost, and Symantec AntiVirus.

I'm still using the standard trial version of DF so I usually end up reimaging every 60 days. I still keep SAV around to protect the rest of my data from viral infections.

 

It doesn't matter, all of those programs are easily bypassable. Ask the Russians who wrote the DF exploit which continues to work perfectly (even though it was written for versions 3.x) for up to version 5.4 (I've tested myself). Of course it isn't a simple "point and click sploit" but within about 5 or 6 steps nonetheless and with the help of our old friend Olly you can bypass any DF installation.

Just to be fair this isn't an actual vulnerability in the DF software but a poor and unfortunately PERMENANT coding mistake in the way windows handles things. Oh well, better DF then nothing. And better nothing then Norton! hehe.

 

Links to the exploit were posted by a non-russian in various forums (including Wilders, briefly) before it appeared on the russian sites. Unlike Wilders, which removed the post almost immediately, other forums, not so ethically-minded, continue to post the exploit, which has already been patched, by the way.

Who would want to hack Deep Freeze? Hacker-wannabes, or script-kiddies of the most childish mentality, I would guess.

It was a rather crude hack, anyway, requiring physical access to the computer, practically eliminating any home threat.

Why would one want to hack a public computer, or those in a computing lab at a school? DF does not protect data. Anyone wanting to steal data, once gaining access to the computer, wouldn’t have to worry about DF. Anyway, no school labs that I am aware of store sensitive data on those computers. All that is installed is the OS and MSOffice, and maybe some graphics program.

Besides, many schools, including where I work, have remote monitors in the labs on which the lab instructor can view a real-time screenshot of all of the workstation monitors. Any one using an Olly tool to manipulate hex data wouldn’t last but a minute or two.

But suppose one is successful? What has been gained? The partition is thawed, the hacker trashes the OS. So What? It’s a 5 minute job to restore the system via an image. So, the hacker so-called has gained a few minutes of glory. Big deal.

More lasting fun for the hacker so-called would be to play with toys in a sandbox rather than hacking Deep Freeze.

So there!

-rich
________________
~~Be ALERT!!! ~~

 

Really? Let's see, ProcessGuard "locks" (and can be set not to allow 'new and changed' applications), ditto NOD32 and ShadowUser (I do have to ask why RegDefend isn't that way, thanks for reminding me).

5 or 6 steps You have to have physical access to the computer in question? What an utterly quaint scenario - and what a total non-issue for the average home user of either DeepFreeze or ShadowUser.

How sad. Pete

 

Hi everyone. I just thought I would add my two penneth on the subject of deepfreeze as I have trialled it and now purchased it. I have read others comments about losing emails, but I have two hard drives on my machine so I have selected my own folder to save the mails which is away from the main frozen drive. (an unfrozen partition would do exactly the same) so now all my mails are saved. My ISP scans all mail with AV and I still run resident Kaspersky Personal. So what about my AV updates you may ask? Well, I unfreeze every four or five days (comp switched off at night anyway so a clean boot every day) and I still leave Kaspersky updating every hour. It just means that the more days you are frozen, the bigger the update size initially on restart, then hourly as normal. That way I am still covered by an excellent AV and no permanent changes are made to any of my main drive or windows unless I want it to. I also have PG installed to protect when in the unfrozen state as well as frozen. As for Program updates, I just save them all to a folder on the unfrozen drive and install them when I do my unfrozen maintenance and updates.
Others in the family share this computer so I have found this the best compromise in security and to stop any accidental tamperings. I would not run deepfreeze without all the usual AV, FW etc as you are putting all your eggs in one basket. Nothing is 100% but this has been the best compromise that I have found to date and I must say I am impressed with DF.

Regards to all,

Rollers

 

Hi folks. This has been addressed a little bit before, but not completely, so here it goes:

Many programs write to the Windows Registry, and expect that the Registry will exist as persistant storage for configuration, state, and possibly even small amounts of data.

Given this, how could it *ever* be sensible to use Deep Freeze on a single-user machine (i.e. not in a public lab)? Doesn't a frozen registry risk your software getting into an inconsistent state?

Thanks for the advice.

 

I'm not sure what you mean by "small amounts of data," but it's true that there are programs that store configuration settings in the Registry, MSWord, for example. So, if you want to change, say, spelling or grammar options, DF would have to be "thawed" before the settings would stick. MSWord recent file list won't stay current, since it's stored in the Registry. All of the Windows MRU lists won't stay current, since they are also stored there. And many other examples.

The software won't get into an inconsistent state - - that is, it won't stop working properly - - the Registry just won't keep those lists current.

So, it's true, if you want these lists to stay current, then DF would be inconvenient for you.

-rich
________________
~~Be ALERT!!! ~~

 

i installed the Deep freeze enterprise on my pc and i create a Full Workstation installation. I accidentally installed the DF5Wks.exe the one i create. i want to remove the Deep freeze the one I installed and when i press Ctrl+Alt+Shift+F6, it displays "Enter password". and i don't know the password. How can i remove the deep freeze installed?
plz help me. plz

 

email me @ hawthorneheightz @ gmail . com

 

lol. remedy for me ( i dont know with the others)-->>backup all important files/data from a different HDD and reformat it. Cos there is a possibility of unstable OS if you would try to bypass it on boot and delete it manually...cos i experienced it already, and my XP OS went unstable and dumb.

 

Post by Evil Genius removed pending Admin review.

Blackspear

LowWaterMark - The post in question will remain removed since it was discussing software exploiting or hacking methods, which is against forum TOS.

 

Deep Freeze has lots of problems. In our school's network we have over 500 workstations at about 12 different schools. We installed Deep Freeze on about 275 computers to see how robust it was and whether it lived up to its claims. Students crashed some of them even with Deep Freeze installed. One of the students told us how too. People were using the Recovery Console which appears as a choice in the OS Choices menu on some systems. Apparently, whenever you use the Recovery Console, Windows automatically adds it as a choice in the boot.ini file. And if that choice is made, the user has access to the computer before Deep Freeze loads.

Also, there is a small program students are apparently using to change the state of Deep Freeze without the password. They use it to thaw the machines without a password. One of the computer science students said it is easily found by those who look for it.

I would not trust Deep Freeze to protect a network of computers. It might be good at home to protect your own system, but not on a network. It's just not secure.

And I would read discussions and comments regarding Deep Freeze on other forums too, ones that are not heavily censored like this one is. Forums like governmentsecurity.org or hackinthebox.org or antionline.com or rohitab.

 

Sorry to hear about your problems - I would suggest getting a more knowledgeable systems admin to straighten things out. We've had DF installed in more than 800 computers in our schools for several years, and have no problems.

regards,

-rich
________________
~~Be ALERT!!! ~~

 

Yeah, I agree with Marc. There's not much any admin can do, regardless his or her experience to prevent an unknown vulnerability from being exploited. Especially when not even the vendor is addressing the issue very proactively. It's been at least six months since the technique (now program) has been available to students to thaw Deep Freeze without a password. That's pitiful. Faronics should have long ago come out with an invulnerable version. But they haven't.

Faronics tells customers, "Yes, Deep Freeze will protect computers while administrators are logged on." This is simply not true. Administrators have total control of the machine: access to all directories, including root and system32, every part of the registry, and the ability to grant Full Control permissions to oneself as needed, the ability to attach to running processes with debuggers, the ability to run the shell under the Local System account, among other things. This has proven too much for Deep Freeze.

I suggest that if you run Deep Freeze on your network that you restrict users to Limited accounts. This way they cannot grant themselves the Debug Programs privilege, nor can they switch to the Local System account to escalate their privileges. Expanding privileges from a regular account is better than battening them down from an administrator.

Also, if changing over to the above is not practical, then I suggest at a minimum restricting the ability to logoff and logon. Have one account, and deny logoff/logon. This way administrators cannot obtain SeDebugPrivilege because it is necessary to logoff and logon for the privilege to become part of the access token. And, for obvious reasons, restarting would not work.

 

If people are referring to the Russian exploit from 2003, that was patched at least 3 builds ago. The newer builds with the 'polar bear' icon are not vulnerable. Compare the versions listed in the article against the latest here:

http://www.faronics.com/html/support.asp

 

There was a post in this thread mentioned changing the registry so that data in My Documents, etc. will be saved by default to D drive not C (Windows) drive, thereby remain intact after reboot. Can anyone show me how to change the registry for that purpose? thanks

 

My Documents is a Shell folder; the settings are here:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

The String Value for My Documents is "Personal"

Note that you can make this and other changes easily using TweakUI - a GUI for Registry changes (see image below)

You have to first create the folder on another Drive, then make your change above. Since the change is in the Registry, it must be done with DF thawed for the change to stick.

Windows 95/98/ME/2000
http://www.microsoft.com/ntworkstation/downloads/PowerToys/Networking/NTTweakUI.asp

Windows XP
http://www.microsoft.com/windowsxp/pro/downloads/powertoys.asp



regards,

-rich
________________
~~Be ALERT!!! ~~

 

Hi there,

first of all, sorry for my poor english (I hope to be understandable anyway).

I need DF to be run on unattended computer labs on an University, so I don't mind with unfrozen folders, and so on...I'm happy with ALL partitions/disks freezed; I'm also assuming this is not a very home-oriented product, instead it is a cyber/comp lab/library oriented one (although you could manage to accomodate it onto a home desktop).

I'm new to DF but I'm very interested on it. I've read this thread entirely, and I summarized some doubts/weak points:

1) someone said there is still some problems during daylights saving date/time changing (that is, on last saturday, october).

2) also has been said that if you fill the disk entirely while in frozen, and then reboot, problems again.

3) what about XP's recovery console? may it be loaded before DF kernel driver? could it confuse DF and break it?

4) I do need an scheduled maintenance module, so for example have the desktops thawed between 1:00am an 7:00am. What what about changing time if you are an administrator in the comp. lab's PC? you cannot change time interactively, (you are missing that privilege from the system), but you may circumvent by at least two methods:

(I am not sure of telling these methods now and here, may someone "ethical-poor" could use them to defeat a DF installation). May be moderator should explain how can I publish these... or maybe if one's interested I can send them by e-mail...

Anyway, the time syncing method should be stronger, ... what if some of your PCs got unsync'ed? how can you rearrange this?

maybe someone had faced these problems before and can tell me...

thanks a lot.

 

In this case, you should use the Enterprise version of DF where as Admin you can control everything from a console. This is what we have at our University.

I've never seen a problem with Daylight Savings time changes there, or on my home version.

Your other questions are best answered by DF support who can address your particular situation.

regards,

-rich
________________
~~Be ALERT!!! ~~

 

Rmus>> I've never seen a problem with Daylight Savings time changes there, or on my home version.

Thanks for your answer, it's helpful.

Anyway, I need to be sure that I run maintenance mode during the real hours, that is, that nobody has changed system time, and I found a simple way (being Admin) that you can change the clock. And of course, in a corporate environment you need a thawed time window to do the changes..

I've contacted Faronics support and when I know a solution I'll post it.

thanks again.

Regards,

 

we use deep freeze in an internet cafe in the phillipines and on only one comouter we are having a problem when you install df and it reboots i get the blue screen of death and have to format the hd agin .
can anyone tell me what is causing thi? email me at arubinoff1@yahoo.com thanks