Deep Freeze. (Ultimate System Restore) Anyone using here it too.

Hi,
Nice to know this.
In other words, with the presence of AE from DF's vendor, these outbreaks are virtually impossible ?

 

Any method of preventing the unauthorized installation of executables will work, including software restriction policies, limited user.

Thanks again for providing those translated pages!


----
rich

 

Deep freeze is really at its best on systems in public areas such as Libraries and internet cafe's. All of these utilities have problems in common. Special procedures are needed to retain downloaded files. Email generally will not be retained. AV updates will generally not be retained, and so forth.

 

Yes special procedures are necessary:

(1) have a data partition or second drive and then move my docs to it.
(2) move your outlook pst or whatever if you use another mail program
(3) move the firefox profile

(1) is advisable for a number of reasons and (2) & (3) are not overly complex.
As to changes - just make a note that crap cleaner needs an update and turn off DeepFreeze or Returnil on your day off, and do the updates and then turn on again.

All the user has to get used to is the idea that anything saved to C: will NOT be saved.and should therefore be saved to D: or E: or even F:

I know that the desktop can be moved to another drive but I haven't told my family and now they have to keep the desktop clean or else loose anything left there. This aspect alone makes these programs essential for me.

 

Do you see the nonsense?

What if the Rootkit is invisibly placed on D:\?
Every restart it will be back ;-) No matter if frost is on or not.

 

and precisely how will this piece of code execute, assuming the system boots from C:\, that all changes on C:\ are removed on a restart, and you're not relying on some bizarre and exceptionally improbable series of coincidences (say, you have an autostart entry referencing (for unknown reasons) an existing executable somewhere on D:\ that someone somehow knows is the precise one to replace in order to get malicious code to execute on the "frozen" system and you also haven't implemented measures to prevent the execution of unauthorized executables... or something along those lines...)?

Blue

 

No sorry I don't see the nonsense ? I have great difficulty seeing invisible and possibly imaginary things. It is difficult to take your "critiques" seriously as you seem to be in the habit of simply saying that almost everything that anyone writes is nonsense.

I should add that nothing I wrote in post #29 had anything to do with security. Your interests seem to be mainly about the extreme and remote possibilities of rootkit damage - you enjoy speculating about possibilities. I on the other hand use Returnil and Deepfreeze primarily to keep my systems running the way that I want them. I am far more likely to make an error and mess up C: than I am to suffer from a virus, malware, rootkit. I defer to your expertise on invisible and undetectable rootkits. Thanks for the tip about rootkits hardwired on to my mainboard by the manufacturer. I have taken my wirecutters and removed a few bits that look unnecessary on the board. Hope the smoke now coming from the machine doesn't mean that the little invisible undetectable hardware rootkits are getting angry ?

 

Here is another blog page maintained by a China-based netcafe chain, on the descriptions of the "robot dog - Aibo" botnet virus, specific solutions they utilized and advices ~ http://translate.google.com/transla...5%99%A8%E7%8B%97%E7%97%85%E6%AF%92&hl=en&sa=G

...happy reading!

 

See post #25 above.


----
rich

 

Bunk!

Theres not a single new or even proof of concept rootkit that stands a chance anymore on a well guarded XP, and even if by some stretch an entry could be made, there are many options to remove it and it's manions. External Utility CD's for one or FD-ISR for another, and then theres classic Images after zeroing the disk provided one keeps his images/archives updated.

What's of most danger are destructive viruses which even they anymore are a joke and waste of time, at least for the informed & experienced. FD-ISR restored an entire 200GB x 3 partitions with nothing but archives stored externally. The time consumed restoring was peanuts, and with an image it's even faster yet.

Malware simply put is nothing more than lamers & script kiddies toys but their useless against today's strategies, and that's even minus any AV's.

Sorry but the overwhelming compliment of too many Sandboxes, Virtualizers, Images, not to mention snapshot archives make malware a useless endeavor better left in the middle ages IMO.

 

I submit that the average user doesn't need "backup images, Sandboxes, or FDISR." I don't have them and the users I've helped over the years don't, and haven't been infected.

Why? Because the emphasis in these cases is on how to use email and browser safely, and obtaining programs/software from reputable sources.

The security solutions mentioned are certainly impressive, give one a secure feeling, and fun to play with. But in no way are they necessary for maintaining a secure computing environment.

"Each according to her/his needs."


----
rich

 

That statement unfortunately is spot on Pete. And is the reason i get so many calls for HELP! my computer won't boot, or i can't make this stop, etc.

I take the effort now to sit down with my customers/clients and make them (as a condition for my time ) learn basic HIPS prompts and what to look for as a prerequisite to my other demand which i always perform for them first, and thats imaging.

By the way, you guys got me involved in all this in the first place and opened my eyes which is saved myself endless wasted hours of confusion and reformatting which used to be the only alternative to turn to.

Thanks

 

I'm generally inclined to agree with Rmus - more emphasis should be put on
"how to use email and browser safely, and obtaining programs/software from reputable sources" and less on security programs.
Peter your example - "of Norton on the system, and it didn't detect it" doesn't surprise me. I am of the opinion that if I ever get a nastie on my system it will not be one of the x zillion that would have been stopped by almost any available
security program.

So I don't think (1) there is really much risk to "normal" users (2) any risk there is would not be mitigated by typical security programs anyway - no matter how many layers are worn (3) education is far more likely to be successful and (4) having images and freeze/virtualisation type programs can do little harm. It is far easier to show someone how to use Deep Freeze than it is to get them to use a HIPs program

 

Hi Pete,

I also would like to know the circumstances, especially the user/security policies in place.

At the colleges where I worked, all computers have Deep Freeze, and only the System Administrators can install programs.


----
rich

 

Explain this: (booted from external windows cd, but s could not be located in fs only via process explorer)
http://i10.tinypic.com/6x1ijdl.png
and this
http://i7.tinypic.com/6yuiscy.jpg
The stalkers told once something about third boot sector, allegedly it should survive reformat. I am really not that deep in hardware to be able to give accurate information about such things. But maybe the mess also comes from soundcard or bios so reformating and restoring would not make too much sense in this case.
Probably we should make a test by avoiding the creation of D:\ and don´t think it´d help creating a "s" directory (like av companies want to make you believe as proactive protection), rkdetector2 showed once multiple hidden "s" dirs that coexisted friendly one by one, totally paradox. This method likely bypasses any kind of detection because you are no more able to write onto the malware to get any kind of error message or hints, looks like a parallel spooky harddisk dimension. ;-) I guess it shifts the OS into some kind of virtual matrix. Maybe its blue pill, lool, because Virtual PC receives a BSOD when starting with soundcard driver.

 

SystemJunkie,

I don't do parlor tricks on demand, and I don't diagnose from vague screenshots that don't provide a complete picture of the situation. The question still stands with respect to the specific question you posed (What if the Rootkit is invisibly placed on D:\? ): precisely how will this piece of code execute?

Blue

 

Very good and hard question but I assume there must be a possibility that we actually don´t know.

 

Hi,

You guys are talking about something in this situation?

you have partition C and D and have only "C" deepfreezied, while "D" is left out in cold ?

Then, any infection in "D" is user's own making. and is entirely out of DF's mighty reach, in other words, it is not DF's business, period.

Why did have only "C" protected in the first place ?

IMO, if you have all partitions (I mean all box) deepfreezied, none of these problems would have happened. Right ?

 

Sounds interesting but you should be sure that the mainboard is clean ;-)

Mr.Stalker told me about his almighty power and even noticed my activities on a second harddisk that I unplugged when I went online with subject: 2nd data carrier detected. That was indeed the prove that he was even able to surveill activities beyond harddisk at deepest level what kind of possibilities remain?
Mainboard, Souncard, DVD Burner and Gra.card.

 

Quite correct, but the only way something retained on D: will be executed on restarting is if program "X" is resident on D:, is set to automatically run on restart, and this infection has overwritten program "X". I'm assuming a direct user launch is not done. Any fiddling with C: to cause the launch of a program stored on D: is lost since C: is frozen. An elaborate scheme could be concocted (i.e. programs installed to D:\Program Files, but launched from a C: windows system disk, etc.), but let's keep it real.

At this point it is purely a hypothetical situation.

Blue

 

'Blue' had a legitimate query on that!

...hmm, on multi-boot setup? ...same file system/dir re: OS dir?? ....yikes, gotta have a tandem bottles of PaoLiTa-B or redBull first!

 

One thing is for sure a part of stalker mania comes from Russia because several psychoid mail texts are partially copied from russian websides.

So the thing is likely loaded as kernel driver but in which manner I actually don´t know probably these are russian secrets the only things which was strange as I started a partition manager D:\ was displayed as NTFS in Fat32 but I formatted it as FAT32 to prevent those nasty streams.

So if D ´d be properly formatted (from a clean board) we could may be get rid of it. (except if it is a slow virus and all your cds/hds are infected, that would be the worst case and probably very unlikely but not impossible)

 

I like to revive this topic once more because some very serious allegations have been made and i seen not a single report via link where DEEP FREEZE is dangerous to a windows systems hardware BIOS/CMOS.

If it is, that would be foolhearty to promote a program that could inevitable render a machine component damaged, and that IMO is legal liability grounds.

Damaging hardware as in the BIOS chip surely would be grounds for some uproar, but i yet to read into any of this.

Still, as a precaution and potential customer of this app, (I already use and trust AE), i like to hear more from other users of DEEP FREEZE and their experiences be it bad or good. Let's say from version 6.30 onward.

Thanks