Deep Freeze Experiences

Discussion in 'other security issues & news' started by LockBox, Dec 29, 2004.

Thread Status:
Not open for further replies.
  1. YozY

    YozY Guest

    yes we are having the same problem as thriste1 describes here
    we recently purchased DeepFreeze Pro, and it doesn't install properly on our new AMD64 systems, but when i installed it at a test machine with P4 it worked fine
    any ideas on what the problem might be?
     
  2. wajinga

    wajinga Guest

    Drive security roundup

    Does anyone out there have experience with some of the different drive security products? I'm wondering if there's been a bake-off between DF, Shadowuser, Drive Vaccine, and any others that are in the market?
     
  3. d4cz7er

    d4cz7er Guest


    IMHO, on my years of experience working on universities and lab environments the answer to your question comes down to one simple asset "bandwidth". All that juicy bandwidth to be used for whatever the hack wants, from downloads to massive coordinated hack attacks. Deepfreeze and deepfreeze like programs clean the hacker’s/crackers’s tracks at reboot, thanks Deepfreeze! I am surprise on how many people failed to look at their network utilization logs (if u read it, it will show). Sure you might not see it on the local machine after reboot but meanwhile the targeted victim by your 300 zombie machines will. This also could raises a question of your liability when you failed to provide the machine(s) used in an attack in a state that can be studied by digital forensics experts. A simple example of this happened to us in X library where a user purchase items using our machines with stolen credit card numbers, and later was caught by information found on the computer; information which would have been lost with Deepfreeze at reboot. There is still no magic security solution out there, a combination of tools and an active system admin is the best bet. Just my two cent plus tax.
     
  4. controler

    controler Guest

    Microsofts Shared Computer Toolkit is ok. You are able to do alot of user restrictions is you chose. Best part is it is free at present and easy to install.
    Oh yea, it uses unallocated drive space. You leave at least 1.5 gig free when installing Windows OR, you use Terabyts drive program to reallocate space if you already have Windows installed.
    Easy stuff.
    controler
     
  5. Ryan1F

    Ryan1F Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    13
    I have use deepfreeze in My computer rent for about 4 years, and it work good :) . But we must combine it with other things too like remote monitoring program that gives real time view of the users screen. It help alot,
    coz now we can see either they use it to work normally(which i hope they do :D ) or trying to pass the security measure :ninja: that i have set there(some people try but i warn them, so they stop :mad: ). Anyway, nothing is 100% secure, human factor still required.
     
    Last edited: Dec 3, 2005
  6. Ryan1F

    Ryan1F Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    13
    :D Agree with that :D Very very much !! we cant rely only on one program :doubt: .
     
    Last edited: Dec 4, 2005
  7. Ufour20

    Ufour20 Guest

    Deep freeze is not secure because it has to be loaded on each computer and updates to the system are a multi step process. We found a new software called Persystent Enterprise that is amazing. It protects PC's by repairing at the file level, any unauthorized changes or corruption to the PC. But what makes it so different is that the repair happens pre-boot of th OS at every reboot!!!! There is nothing to load on the PC as it is a server based product designed for larger corporate environments. It truly is a breakthrough IMO. check it out www.persystent.com
     
  8. coder13

    coder13 Guest

    The persystent product above seems interesting but appears to be for networks only. Maybe I am wrong? I am a Deep Freeze user who doesn't manage public kiosks, school boxes or anything else. Just my own single solitary computer. I think for individuals who are sharp enough to act as their home IT department and can handle the Deep Freeze nuances, it is a very good product for home use. I found this forum and this long thread through a Google search and am glad I did as there is some good reading here. I think Deep Freeze or ShadowUser are both great products. I see references to ShadowSurfer but don't see the difference between that and ShadowUser. I tried Drive Vaccine and another similar product but felt that the Deep Freeze and Shadow products were clearly superior.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I've been reading this thread, not for DeepFreeze, because I'm planning to use ShadowUser (SU) in combination with a hardware/software firewall and that's ALL, but both softwares have similarities and that's why I was interested in this thread.

    I'm not a security expert, not even a PC expert. I consider myself as a less-knowledgeable user and I prefer to think like a less-knowledgeable user, even when I become a knowledgeable user, because that's the majority of users and these users need simple, not-disturbing and time-saving security solutions without too many softwares and as foolproof as possible.
    If you think that the average user loves security softwares, forget it, they consider security as BALLAST, because it isn't a part of their job. These users work with application softwares to do their job.

    AV/AS/AT/AK scanners are the most userfriendly security solutions for less-knowledgeabme users, because you don't need to be a genius to click on the scan-button and the remove-button.
    BUT as an application analyst (not a security analyst), I consider scanners as the worst solution.
    If I would fight against the bad guys, I would never collect their malwares in a definition-database, because that would be the same as following a cow and collect its droppings.
    You don't fight this way, because that's a solution for losers. You don't run AFTER the bad guys, you run FASTER than the bad guys.
    If you want to be a winner, look for smarter solutions, that are NOT based on what the bad guys do.
    I'm not going to mention the many disadvantages of scanners, because I've done this already in other posts.
    The bottom line is that these scanners don't have a future for several reasons.

    ProActive solutions are only for knowledgeable users and security experts, not for less-knowledgeable users.
    So these solutions, although they are very good, don't interest me.

    If you put all scanners and proactive softwares aside, there isn't much left for less-knowledgeable users, except softwares like DeepFreeze, SU and others.
    I don't say these softwares are the perfect security solution, but there is nothing else and I'm still waiting for a miracle to replace my favorite one : SU.
    Don't understand me wrongly, I don't love any software and once I start using SU, I will do everything to prove, that SU isn't good either, but for the moment, I consider SU as the very best security solution, until the opposite is proven by REAL FACTS.

    Of course SU has also disadvantages and the one that's bugging me the most is, how to keep the GOOD IMPORTANT changes on my harddisk without getting in trouble with OS and/or applications sooner or later.
    Paranoid2000 has given some good examples in detail in one of his posts about this problem.
    My opinion is that OS and applications never expected a software like SU/DF and their way of programming doesn't fit in SU/DF.

    Is the setup of SU userfriendly ? NO not at all, because SU requires :
    - a knowledge of partitioning your harddisk(s)
    - a knowledge of image backup, which is always necessary.
    - and above all a study of changeable objects (files, registry, ...) of EACH installed application software, which isn't easy and very important.
    But once it's done by knowledgeable people, SU is one of the most userfriendly security solutions for less-knowledgeable users, I've ever seen.

    I also admit that SU/DF has some weaknesses and the major one is the time between TWO reboots.
    In that period any malware is able to do its evil job, if it has time enough.
    Are scanners, proactive software, protection shields so much better to avoid this ? I don't think so.
    That depends on how much you believe in these softwares. Believing in something is for credulous people, I prefer facts.
    Security is an illusion and not only on computers, you only can minimize the risks.
    If members are mentioning disadvantages about SU/DF, well look at the disadvantages of scanners, HIPS first.
    I take my chances with SU and it will be the very best protection, I ever had.
    In the very end, everybody does what he wants, not what others want. :)
     
    Last edited: Dec 9, 2005
  10. Kevn

    Kevn Guest

    Anyone have any luck using Symantec Antivirus with Deepfreeze? We bought SAV 10.0 and I want to be able to update virus definitions even if the comptuer is frozen. SAV doesn't let you choose the install directory, so you're stuck w/ the defaults on the C drive. Faronics (DeepFreeze) has a whitepaper on setting it up, but I can't get it to work. Any infor woulod be greatly appreciated.
     
  11. Sheeny

    Sheeny Guest

    Kevn, I too have the same questions about my AV application; NOD32. I was speaking to NOD32 support, and unless you have an enterprise version of both the AV and Deepfreeze, your best bet might be to install your SAV (Or any AV application, fo rthat matter) to a secondary "thawed" hard drive.

    I'm tempted to try that, and according to the support guy, it didn't seem to implausible.

    On a second note: I have a dual boot configuration (XP PRo 32 "Deepfreezed"and 64 bit) and just recently I experienced the BSOD (Blue Screen of Death)- which of course led to a complete reformat (thanks Killdisk) and reinstall! : (

    I'd really like to know what may have caused the BSOD if anyone else has similar horror stories regarding deepfreeze and the dreaded BSOD?

    I have now resorted to trialling Acronis True Image, and have some concerns that if I setup my Acronis "Secure Drive" that stores my clean Acronis OS image.. can I restore it at the sysytem F11 boot prompt of will Deepfreeze lock me out at boot too? (I seem to recall that Deepfreeze relies on booting from the frozen HD and not at system boot?)

    Any clarification with this matter would be appreciated!

    Lastly.. Do I... 1.) Image my clean unfrozen OS partition, 2.) install FreezeX , and lastly 3.) install Deepfreeze and freeze the OS partition?

    Lots of questions I know, but I need to know this stuff! (and I'm scared of the BSOD monster!)

    Sheeny
     
  12. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    After imaging,

    1) Install Deep Freeze, reboot thawed

    2) Install FreezeX, configure with desired settings

    3) Reboot Frozen

    For your other questions, I think to contact their Support would give you better help for your specific setup.

    BTW - newer versions of DF work with Imaging systems-
    "Install Using Imaging
    Deep Freeze has been designed to work with all major imaging and desktop management software. Use either an Attended Install or the Silent Install System to install Deep Freeze on a master image."

    BTW2 - did you receive the Faronics newsletter? You might consider upgrading to Anti-Executable (Half-off special) - some improvements over FreezeX. White List is auto-updated after installing a new program.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  13. Sheeny

    Sheeny Guest

    Thanks rich for that very informative response. Good sound advice certainly worth adhering to!

    Highly appreciated!

    Sheeny
     
  14. Ryan1F

    Ryan1F Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    13
    Yes DeepFreeze is start locking your system at boot, they load some services call deepfreezehi and deepfreezelo. It happened before the shell programs is up, and the DF interface is on(the one that put its icon on system tray).

    If you try to disable it by :
    using boot option (pressing F8 and use command DISABLE):D , or
    renaming the filename in dos mode:D (dont delete it-ull be sorry:doubt: ),
    Then your system will not up-crashed.(:mad: ull still be sorry...:mad: )

    if you loose the password:gack: , just format it!:isay:

    or you can put a word emiliano scavuzzo in google search toolbars....:isay:

    its kinna hard to find this guy latelyo_O ....(possibly blocking,sitedown,or something)....o_O
     
  15. Ryan1F

    Ryan1F Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    13
    awesome... :) thats good idea, using FreezeX(AESTD.EXE) will make Deepfreeze security work just fine. It will make a whitelist:rolleyes: , and no unexpected program will be able to run there....! excellent!!!:D
     
  16. airjrdn

    airjrdn Registered Member

    Joined:
    Feb 21, 2005
    Posts:
    26
    Is there any way to have ShadowSurfer start automatically on startup? The app loads and exists in the system tray, but with the trial it appears you have to "start it" manually.
     
  17. yabba

    yabba Registered Member

    Joined:
    May 26, 2006
    Posts:
    2
    Location:
    Ottawa, Canada
    K. Fresh install of winbloze. All software I normally use and most that I use rarely. This includes AV and AS(anti-spyware--I use Pest Patrol).I made a list before winbloze install. Mentioning installing all winbloze updates is not necessary is it? Do ghost image. After all that. Create "data directory's on seperate harddrive(or partition). Then remap system folders (my Docs and such) to seperate harddrive(or partition). Create folder on desktop for stuff ya want to keep across reboots, but do not want to keep permanently. Create batch file to backup and restore them during reboot(one of the data folders to be used to store them across reboots). Install DF. Reboot. k. Ony thing I have to remember is to run the backup.batch file b4 rebooting. The restore file runs from startup folder. One thing I found extremely annoying, and had to fix, is: I use Outlook. and forgot to map the pst file to a different partition. After four days of downloading the same spam with each day passing I got more of it, I finally thawed and fixed that up...

    I have purposely infected my system from known sites that deliver spyware/virus's(disabled AV and AS) and rebooted. BAck to normal. Ahhhhhhh, I LOVE this program, who cares about the initial work to set it up? Once it is done, thats it!

    J
     
  18. yabba

    yabba Registered Member

    Joined:
    May 26, 2006
    Posts:
    2
    Location:
    Ottawa, Canada
    oh--one more thing. Installed a registry monitoring tool so I could detect changes that setup programs do during install. If I have to reboot I export the reg files to an unthawed partition, then re-import after reboot. If I decide to keep the program, unthaw, reboot, import reg, set frozen, reboot..Done. If one use's linux all this rebooting gets annoying but, come on, even winbloze XP needs to be rebooted at least once per month...Once my kids are gone(another 10 years or so:-( I will go linux all the way....screw winbloze...AND there IS hope, my 16year old son asked me for my SlaxLiveCD the other day...wants to learn how to use Linux:) so proud of him...!
     
  19. djxtreme

    djxtreme Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    23
    Deep Freeze is an excellent program, however take the following steps before creating an image (cloning) a drive with Deep Freeze installed:
    1. Run the Deep Freeze program, and fully uninstall Deep Freeze
    2. Reboot and ensure the program is not only thawed but does not have Deep Freeze installed (run Deep Freeze installation, and if it says 'Install' then exit - you do not currently have Deep Freeze installed).
    3. Clone drive
    4. Reinstall Deep Freeze

    If you accidentally attempt to clone the drive with Deep Freeze installed, simply repeat the steps above then clone again. Otherwise, if you do clone a drive with Deep Freeze installed, you will need to uninstall it by using the recovery console.

    Deep Freeze is not 100% guaranteed to prevent hacking, as I can easily remove Deep Freeze. No details will be provided so please don't ask.

    I use Deep Freeze Enterprise and could not imaging NOT using it! It's a necessity.
     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The function is a necessity, not DeepFreeze. Other softwares can do the same function : FirstDefense-ISR, RollbackRx, ShadowUser, ...
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Are you saying to image the drive you HAVE to uninstall Deep Freeze. If so this aren't a great solution. As Erik pointed out there are other solutions, that accomplish the same thing without this pain for imaging.
     
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Are not u conflicting urself?
     
  23. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    479
    In order to image/clone a drive with Deep Freeze installed you need to thaw and then set the clone flag. You then have to reboot with something like a Bart disc to create the image/clone. I got this information from Faronics support.

    A bit of information about it here: http://www.faronics.com/whitepapers/DF_RapidDeployment.pdf
     
  24. miditman89

    miditman89 Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    8
    Having used this software on my own home pc's and at school pc labs. It is an extremely efficient method of securing a workstation. As many pros as it may have it also does contain many cons.

    System takes longer to boot and after boot it does retain a abnormal level of lagging. If this software is to be run on your pc it is suggested that the computer have at least 512mb of ram or considerably higher to help fight the latency.

    Also it maybe nice to have it secured but it is not in any way bullet proof. If you can find out what the system files and registry keys that were written in among installation it is very much possible to reverse engineer this software. I came particularly close to this goal but in the end it lead to a system crash and I re-installed the missing file with a NTFS Dos Boot Program. The other whole is the OTP tokens, which can have passwords generated by the admin consle, the only stipulation for OTP tokens is they must be generated by an admin consle with the same activation code, which is designated on the install of deepfreeze.

    The pro version has some nice tools where you can schedule thawed boots or when the computer turns itself off at the end of the day, and it does have a thawspace but the thawspace is limited to a very small 2 gigs.

    Overall the program gets the security job done but when it comes time to the system running smoothly, only the constant maintenance reboots and latency that kills my overall satisfaction with this software. My suggestion, if you format before install, make a seperate larger partition for storing your files and installing programs. The only thing this program should freeze is the windows platform itself, or in its essence, the fixed C: drive. Upon install you can if desired choose any other partitions you wish to freeze as well.
     
  25. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    I recently did a comparison responding to a thread in the Poll forum and with DF frozen, my computer takes 30 seconds longer to boot up. Is your time longer than this? This doesn't seem like a huge amount.

    This seems strange. DF requirements are the same as the OS. SO, if you have the recommended amount of RAM that your OS requires, DF shouldn't drag your system. I've just now been watching the task manager, and the DF process uses 3.8MB of memory. In doing routine operations I don't see any increase in memory usage, and have never noticed any latency problems.

    It's already been done, but since the hack requires physical access to the computer, it's a moot point for the home user. System admins by now have implemented measures to prevent it in institutional environments.

    If someone were to gain unauthorized access to an admin console, that admin should be replaced. In the two educational environments I'm familiar with, this occurence could not happen.

    This is probably why the thawspace feature is not implemented in the Standard (Home) edition, since as you suggest, the user should format to have at least two partitions.

    The thawspace (virtual) partition is designed for institutional environments where users - such as educational faculty - have some storage space for data and power point files, for example.

    I'm not sure why you have constant maintenance reboots. It is true that if a user makes many frequent changes to the system, DF is probably not the ideal program.

    Can you post your system specs? Just curious why you have this latency problem.

    regards,

    -rich
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.