Your Thoughts on DeepFreeze?

Thanks. I'll keep that in mind.

Example of a site I would go to where I would be vulnerable?

Example of something I would download?

So far, no one has given a concrete answer to what Long View asked in general, or what I'm asking specifically. All I've seen is a lot of smoke and hypothetical scenarios.

I can only surmise that those responding to this have had a bad experience in the past (if so, please accept my condolences), or are just reciting the mantra included in much of what the media and security products industry puts out.

Meanwhile, absent any specific examples, it seems to me you (collectively) should make it clear that this is what you would do, and not suggest that if others don't follow suit, they might lose their music, or pictures of Aunt Millie. Mercifully, we haven't had the keylogger example.

regards,

-rich


________________________________________________________________
Just because your shoes are too tight, why should my feet hurt?

 

OK Guys, but we already know that softwares, like FirstDefense-ISR, DeepFreeze, ShadowUser, Returnil, Sandboxie, PowerShadow, ... don't protect you against the EXECUTION of any infection, but they are very good in UNDOING CHANGES.

The biggest problem is freezing the GOOD changes, without freezing the BAD changes.
I have the same problem in FDISR, each time I re-freeze my freeze storage, it can be infected.

Also the applications make it very difficult to keep my freeze storage clean.
For instance : suddenly a legitimate software informs me that an updating is required in the middle of the day.
I can install that updating, but I can't freeze it, because my actual system partition might be infected, because I'm on-line.

What is the safest moment to freeze that updating ?

 

Would this work:

1) Download update file,store on a non-frozen partition

2) Disconnect from the internet

3) Reboot Thawed

4) Install update

5) Reboot Frozen.


regards,

-rich

 

IF you really want, PM me, I'll mail you a few horsies. I'll also send you the links and exact steps to get infected with them.
Concrete enough? Ever heard of Limewire/Kazaa/IRC?


In the mean time, it merely follows from these hypothetical scenarios (the one I gave in previous posts was not hypothetical, it occured) that people who use this software should not write it off as complete security. Sure, people shouldn't be running around downloading warez, or open email attachments for that matter, when the system is in a thawed state, but that doesn't mean they wouldn't. Its that simple.

That sounds about right. But then again, may be not. As soon as you install your update, you may get horifying problems or become disgusted with the changes made thereafter. Time to bust out your old pal ATI ?

 

As long you can get the update file, this will work. I'm not sure if EACH software can be updated like this. Alot of softwares update via internet.

Another example : how to save cookies, when you meet websites during surfing.

 

For Firefox:
Search and find the file: profiles.ini, it should be found in application data/mozilla/firefox ...etc

edit the file to point to your unfrozen directory.

[General]
StartWithLastProfile=1

[Profile0]
Name=default
IsRelative=1
Path=UnfrozenPartition/FirefoxProfiles/ErikalbertsFFProfile.default

 

I used that solution, but I didn't like to have a part of Firefox in my data partition. Browsers are a source of infections, which I don't have under control.

I still have a part of Thunderbird in my data partition, because I have emails under control. I delete all my spam without opening them.

 

This is a concern for those doing that type of update. Assuming you are going directly to the software site, I would think your philosophy of trusting good sites would come into play here.

We have to start someplace in trusting!

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

You can also use Karen's Replicator by doing the following:
1. reset the FF data to C:
2. install Karens Rep.
3. Set up a replication for the whole profile to your data partition.
4. If you liked the session and want to save FF's settings, replicate it. If not, reboot.

 

Thanks, but I already have enough of those in my collection

OK, I get your point. But you do not get mine.

My question pertained to me, not what other people would do.

Your answer should have been, "I don't know what your surfing/downloading habits are, so I can't give you an example."

Which should have been the starting point for dealing with Long View's question,

They are needed if you conclude they are, after reviewing your setup and possible ways malware could get in and possibly send out over the internet during your current session.

Driveby download: most exploits are aimed at IE. If this is still a concern even if you use an alternate browser, then Execution Protection would be in order.

Email attachment. No comment should be necessary.

Concerned about infected files in downloads? AV scanner would serve you here.

and so on...

But to start out by assuming that without some other security product, the person is automatically vulnerable to trojans infesting the computer, is deceiving and misleading.

One final comment: I know two people who use Deep Freeze + Firewall + Alternate Browser
and have never had a problem with malware.

____________________________________________________________________​

Now - for some thoughts on your original question :

• Unless you write all data to an external HD you will need at least two partitions, one thawed. (I assume you know this, since you are using it, so I say this for those thinking about evaluating it)
  
  
• DF is not always convenient for home users. You have to watch what is written to the system partition: For example, MRU lists, temp files, etc - all will be gone on a reboot. Disk maintenance is a great feature of DF, but some people like the MRU and history lists, so that can be a nuisance.
  
  
• This is also a great feature if you test malware using IE: all cache files/cookies are removed on reboot, the Index.dat file never stores any data.
  
  
• Some program configuration settings are written to the Registry - MSWord for example. And, of course, DF protects the Registry, so to change any settings and have them stick requires being in a thawed state. Fortunately, MSWord Macros are stored in templates in its program directory, and this is easy to remap to another partition.
  
  
• Do you want your all of your programs installed on a frozen partition? This is the most bulletproof setup, and doesn't cause any problems in an institutional environment, but can be a nuisance in a home environment.
  
  
• You would need to look carefully at all of your programs to see what is written to C:\ -- fortunately, it's not too difficult to remap directories - IE and OE for example. I've not had a problem in setting up programs to write to another partition.

I have known a few who have evaluated DF and then decided not to keep it because of some of the above considerations. So, it's always difficult to give a Yes recommendation to DF, not knowing the person's setup and computing habits. Some products similar to DF are a bit more user friendly. Whether that makes them less secure is a matter of debate!

Please post back what you have observed. 'Pros and Cons' are relative to each person, of course, but it's always helpful to learn of other's experiences with a product.


regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

I finally got around to trying DeepFreeze. I had been testing FD-ISR with frozen snapshots. Although I now like FD-ISR Frozen re-booting to a frozen snapshot just takes too long ( 5 minutes) on an old pc and not so old laptop. No problem with dual core machines.

So I tried out DeepFreeze but didn't take the trouble to reed the book. when I clicked on the deep freeze icon ( without holding down shift) of course nothing happned. Cursing I tried to uninstall but couldn't. I then tried to restore my old Acronis image from within windows and DeepFreeze defended itself valiantly.
Finally used the Acronis Boot disk and DeepFreeze was history.

Having read the files DeepFreeze now works. Better than FD-ISR in that it takes up less space. Important on a laptop with limited hard drive size. better than FD-ISR in that boot times seem to be no slower than before. Worse than FD-ISR
in that you have to reboot to thawed mode to make changes. FD-ISR much quicker to unfreese, make the change and refreeze.

To me the answer has to be both for different machines -- but both still need Acronis for the times I mess up.

 

That last post from Rmus was excellent. I agree that DF isn't for everyone. But for one wanting the tightest ship - it's the ticket. I've tried most all of these and ended up choosing DF on my desktop. But, keep in mind the points Rmus made in his excellent post.

Genady

 

This is exactly the kind of criteria one should go about choosing a 'dedicated' virtualization program. I use 95% of the time my laptop, and ShadowUser seems to be the right choice for me, rather than FD-ISR and DP or others.

In principle I agree with Rmus and his line of thought that nothing much can go wrong using 'just' a sandbox+firewall+Opera.

In my particular case sometimes I have to write some folders to disk and an AV is the only way to check if they are infected. You might argue what if the AV doesn't detect the malware... Well like Long View says Acronis for emergencies.

 

Thanks Osaban - I had pretty much decided to use FD-ISR on one desktop and to use DeepFreeze on 2 laptops and an old desktop. Now I have to tryout
ShadowUser

 

To add to this and the original topic at hand:
1. I had some changes to my applications, so I booted thaw and made the changes. While I was at it, I decided to run disk defrag and scheduled a boot time defrag session to put the page file together. Now, at this precise moment, my wife came on to me, causing me to lose focus. I consequently called on DFz to boot frozen.
It rebooted. Then Defragged. Then booted to Windows. But before it got to Windows, DFz undone the defrag, leaving it with STILL a scheduled defrag. So it rebooted, and defragged. and on and on and on. I had to whoop out the ATI boot disk, but really, it was a worth while hour.

2. Following my own brilliant advice, I moved browser settings back on the system drive and scheduled Karen's Replicator to do the work for me instead.

3. On a similar note, I'm faced with the problem of "partially downloaded" torrent files. If I don't finish the download before reboot, I'd lose the parts downloaded.

 

Lots to learn with these programs. I keep forgetting not to leave files on the desktop.

why did you move your browser settings back to C: ?
For a long time I have run Firefox with the profile on my data drive along with Roboform data and the outlook pst. making an image of this data drive is the best way I have found to protect data and settings.

 

Well
I find that there is a fine point in which my system is at optimum operating state with all the applications I need, i.e, not needing much more changes. Deepfreeze will help protect that optimum state for me.
In layman's terms:
the recent update in FF messed up my preferences and settings because I put those settings on the data drive. It's simpler to replicate the profile and save it, then thaw the system and put it into the system ( if I like the changes ) rather than risking undesireable changes.

 

Thanks

will leave Firefox profile in data to see what happens.

Just tried to run an offline defrag with Perfect Disk 8 deepfreeze thawed and it failed.

I then realized that PD being installed before Deepfreeze might be the problem so I uninstalled PD and reinstalled. Sure enough everything worked fine - with
$persi0 being automatically excluded.

Not sure but Exec Software might be a better defrag to use in combination with
DeepFreeze ?

 

Works fine here without installation order being a problem.
Seems that Diskeeper 07 is actually much faster than the older version.