Deep Freeze Experiences

I must say Deep Freeze is a great program no matter how you guys look at it I understand diffrent people's opinions deep freeze may or may not be for everyone but it is one of the best program i ever used so far the fact that i hate to do reinstall/formatting for every system glitch that happens down the road deep freeze will actually prevent this unless you have a hard drive faliure thats another story lol. And as for thaw/frozen mode states whenever you are in thawed mode i would peronally do the updates offline (meaning disconnect the comp from the internet and would want to do this before you go to thaw state) that way you know that your system stays super clean Plus there are ways to update your system without internet connection can be tricky but its possible been doing it this way. Using deep freeze is really not that bad despite how some users say its to much work. Work is when you have to keep reimaging for every single minor update just to keep your image file up to date now thats work lol but deep freeze its really is worth it i been using deep freeze for some time now havent had a reinstall since then.

Hope this post will help some DF users out there

 

Thanks BMJP! That's very good advice! For maximum security, one should thaw offline. Thanks for your thoughts.
GM

 

Hmm...an interesting thread but one which does raise the following questions - if anyone here would care to humour a security cynic like myself...

Since trojans are normally hidden in "useful" programs, how could Deep Freeze/FreezeX prevent one from executing if it was hidden in a software package that you wished to install (and would presumably authorise FreezeX to run)?

One weakness of the Deep Freeze approach for home users is the need for more frequent reboots. If you want to install software, you have to reboot to get into thawed mode and install (accoring to Faronic's FAQ).

The other issue is the need to segregate all data (e.g. emails, documents, pictures) onto a separate non-frozen folder or drive to avoid it being lost on reboot. This then raises the possibility of them being infected by macro viruses if you do not run an anti-virus scanner.

Program settings files also need to be segregated to avoid having to reconfigure everything after a reboot. This is less of an issue for enterprise users with large numbers of PCs using a few programs with a standardised configuration - but a home user has to take the time to study each piece of software they install to identify any parts (configuration files, working data) that need to be preserved across reboots and then move them to an unfrozen folder.

Programs that store their configuration data in the Windows Registry would appear to pose a real problem here since this data would presumably be reset to installation defaults on reboot with no easy way to preserve it.

 

Like I said, I'm not familiar with FreezeX, but the bottom line there is it doesn't matter - the image would more than likely get infected. If personal valuable data is available in the image, then it could be gotten - whether through in-attention or ignorance of the user in regard to what they were "allowing".

The only method I know of for sure to block such an occurrence is to do what I do, anyway, which is to make sure that my normal defensive programs are running within the "image", too (speaking about ShadowUser here - everything I've got is on "C" drive, so if it runs when I'm out of ShadowMode, it runs while I'm in ShadowMode, too).

I don't really see that as a weakness, unless you've got different people jumping on and off the computer every five minutes day and night - and not even then, really. For instance, here, I have the computer during the day (normally NOT in ShadowMode). When I get ready to leave for work (after having done "backing out" scans with a bunch of stuff like AA and SBS&D, among others, plus full scans with whatever of my defensive programs has updated that day), I set the computer to go into ShadowMode the next time it starts. So my family uses it while I'm gone. As soon as I come home, I set ShadowUser to turn OFF ShadowMode and re-start the computer - everything they've done is gone and I'm back to my original "clean" state.

That isn't the case with ShadowUser - if you want to really keep something you've gotten while in ShadowMode, you simply "commit" it to disk - remember - all my defensive programs run in SM, and whatever it was has been scanned and thoroughly examined before "commit"'ing.

True. Not applicable here for two reasons, though - one, I have scanners running in the image and two - I don't let anyone keep anything on here without my seeing it first (web mail doesn't get lost, BTW - email to something like OE does). Documents, pictures, songs and stuff that they d/l - if they want to keep them, they leave me a note for when I get home.

I'm not really sure where you're coming from with this. Why would you be messing with your program settings to start with while either "frozen" or in ShadowMode? Also, as long as you set up a program while un-frozen or out of ShadowMode, the settings are going to stick at the re-boot. I can see why part of that might be a problem if, as you say, you can't commit a program back to disk with DeepFreeze like you can with ShadowMode, but even then, at most, you'd only have to re-set them once after you un-froze or whatever - after that, they'd stick every time you re-started and they'd stay like that even if you then went into the frozen state.

The same applies to that as what I just wrote above.

The long and the short of it is that neither SU or DF are the total answer - but neither program can be beat for getting you back to a clean state in a hurry.

I've got, I guess, about $3000 or so invested in this set-up - if some think I'm being too harsh with the other users here because of the limitations I put on them when using this computer - think again. To me, programs like SU and DF are absolutely ideal for preventing damage to your computer by other users' whom you can't watch that use your machine.

And now I'm going to bed. Night all! Pete

 

My comment was aimed at DeepFreeze rather than ShadowMode - I've not used either so am basing my comments on statements made in this thread and Faronic's website.

The program configuration issue comes down to what software you run and how you use it. For example, I use the GetRight download manager which is chock-full of options and I do sometimes need to change them on-the-fly to get a download from a specific website (an FTP site may need a password, a website may require a specific cookie, etc). These changes could not be retained with DeepFreeze since I would, according to their FAQ, have to reboot to get into thawed mode, then make the change and then revert back to frozen mode. If you can get your software ideally configured first time for every situation then this problem need never arise true, but in reality how likely is this?

Small but frequent changes (e.g. browser website bookmarks, re-arranging the Start menu, adding a shortcut to the desktop) would seem to pose a particular problem. Even if you can "thaw and refreeze" to pick up such changes, you then have the possibility of adding malware alterations to your frozen configuration. Basically, you have to be highly disciplined and restrict any alterations to specific periods, ruling out spontaneous changes and making troubleshooting much harder.

With one difference - some programs continually amend their registry entries and may not work properly if these get out of sync with other aspects of their configuration.

I have to confess that I think a full image backup could be better since it would avoid any possible configuration consistency issues. However doing this often would require more time and disk space.

 

It's late and I'm tired, but I wanted to respond to a couple of things real quick and more later.

You can make any changes you want on-the-fly with GetRight or any other program. Yes, if you want a default setting to stick then you need to configure in a "thawed" state. But running the Freeze in it's normal "frozen" state you can change whatever you want anytime you want. This would include running trials of any programs and seeing if it's what you want before ever actually committing to a true install, which would be done thawed. Keep in mind, the purpose of DF in the first place was to allow students to do what they want on the PC and not be tied down to restrictive software. You can change options or do whatever and run them however you need to. Rebooting only brings it back to it's default state with your optimized original configuration. But that does not keep you from making changes on-the-fly.

That's one way of looking at it. I know that Faronics thinks this is a positive. It is what keeps the "frozen" state bullet-proof. It prevents nickle and diming the system to an insecure state and allows you to work in a secure environment at all times. Does it make it a little harder when you want to add, remove or make permanent changes to the configuration? Yes, it does. It's much easier though than keeping a dozen programs updated, running "on-demand" scans for all types of malware and numerous housekeeping tasks that Deep Freeze renders unnecessary.

I know that Faronics does recommend the use of an antivirus, and supports and encourages the use of imaging software. You can image a thawed Deep Freeze drive. If there are any problems, simply put the good image back on and reboot in a "frozen" state and you're good to go. But imaging is unnecessary to get back to a perfect state if there are no problems, as this is done each and every time you reboot.

Data. Most every program allows you to place application data in a custom path. I have all application data in another partition and this includes "My Documents", all "Documents and Settings" configurations including Outlook Express (though I no longer use that program). The only thing that is frozen is my C: drive which has only the OS and applications, which enables a perfect state upon reboot.

There's more I would like to cover, but it's very late and it will all be covered in the main article I am working on. As I said, I will post that article here at Wilders as well.

Have a good day.

Gerard Morentzy

 

I would agree - but home use (where people do make ad hoc changes that they want to keep) does look to be more of a problem.

Well, let's look at a few examples:

GetRight 5.2a:
Configuration held in registry (HKCU\Software\Headlight\GetRight). No option to change this.

Opera (6.xx):
Bookmarks held in opera6.adr file, configuration in opera6.ini, search options in search.ini - all in Opera program folder. Opera does offer the option of having separate settings for each user though and selecting this on install would probably relocate these files to the appropriate user Application Data folder (not tested).

Outpost Firewall:
Configuration held in .cfg file with plugin details in an .ini file. As long as the two files are in the same location, they can be stored anywhere. Registry information is held in HKLM\SOFTWARE\Agnitum\Outpost Firewall and includes static (e.g. licence key) information but some configuration details also (window sizes, trashcan transparency, update settings, configuration filename).

Process Guard:
Pghash.dat and pguard.dat files located in WINNT\System32 folder - no option to change this. Frequently updated registry data held at HKLM\SOFTWARE\Diamond Computer Systems\ProcessGuard v3.0.

Proxomitron:
Configuration held in .cfg file in program folder - no option to change this. Blocklists held in Lists subfolder.

Based on the above, trying to set things up so that changes can be made without having to reboot/thaw/change/freeze would seem rather hit and miss (Process Guard in particular could pose a problem if the encrypted file contents got out of sync with the Registry - ever noticed anything when running it?) and does require at least good familiarity with the software concerned.

Device installations are another problem area - while it may be a fairly simple and obvious step to thaw a system before adding a new item, how many people are going to be aware that USB peripherals will need to be plugged into every available socket in turn to ensure that no further driver installations are needed?

I look forward to seeing it - this is the sort of thing that brings out some interesting debates.

 

XPro, Deep Freeze, FreezeX installed:

Erasing disk free space while frozen -still- fatally crashes a DF protected system. I see no solution short of the DF program itself intercepting the wiping process, which is the purpose of FreezeX.

I used DCS APT to disable 'High' setting of FreezeX protection, but all files I chose to delete were again restored by DF after reboot.

Note: The erasing utility and APT are imaged into my system and were therefore allowed by FX to function. They are useful to me and I will not remove them. IMO, ProcessGuard is currently the best choice to compliment DF protection.

bye.

 

Yes, it does the same thing if you try to defrag or run Disk Maintenance in XP with ShadowSurfer/ShadowUser, too. ShadowUser's knowledgebase states the following:

""Should I defrag my disk while in ShadowMode?"
A. No. Defragging a system changes the sectors. While in ShadowMode, ShadowUser is tracking all the changed sectors and re-directing them to another location on the disk. It is not recommended to defrag the disk while in ShadowMode."

But why would you be trying to do those things in either "frozen" or ShadowMode, anyway?? Or are you trying to point that out as a possible attack mechanism, or what? It simply doesn't make sense to defrag a temporary image on your HD - or to attempt Disk Maintenance while in that state.

Are you talking about files created or d/l'ed while in the frozen state? Or system files? Because you couldn't have erased anything but the copies of the system files that were being run in the temporary zone during a frozen state.

I won't be removing any of my programs here, either. And, yes, I quite agree that PG compliment's both DF and SU's protection. (Everyone's OS-compatible computer in the world should have PG on it, actually). Running your erasing utility while in the frozen state doesn't make a whole lot of sense to me, either - if you're really trying to get rid of any information obtained during a frozen session, the safest way to make sure of doing so would be to run your erasing utility after going back into "un-frozen" mode - because all the information's still there, just marked as ready for over-writing on whatever portion of the disk was used.

We're getting much too esoteric here, I think. And I'm out of time for today, anyway. Good discussion, though. Pete

 

Regarding defrag: Maybe this app has a different approach?

I imagine it locks a sector that it's on so that even running defrag will not affect it? (or are they saying there is no need to defragment)

 

I agree with spy1 when deep freeze is frozen its is frozen period even erase unused space wouldnt matter DF is using a bizzare method of tracking your data the only way to get around DF is for windows not to be running at all DF is a kernel driver which basically means any attempts to uninstall df manually in thawed mode u will get a blue screen of death cuz i tried it myself as a part of the test so save yourself the trouble and uninstall it the right way cuz u will screw yourself if you try to uninstall it manually this just show how well it installs kind of like intergrating with windows once windows has loaded in frozen mode thats it windows cant be altered its only temporary changes untill it is thawed mode or windows not running (bootable options).

let me know what you guys think Thanks

 

I will say again, depending on your viewpoint, this could be it's most appealing aspect. You are quite right, it is frozen. Any permanent changes must be made in the password-protected "thawed" state.

Huh? You lost me. How does Deep Freeze track your data? It doesn't at all. Choose your words carefully!

As for uninstalling, the whole idea is for it to be very difficult to tamper with. It will cause hell attempting to uninstall the wrong way in a thawed state. Of course, DF is uninstall-proof in it's "frozen" state. It has never been hacked by any student anywhere as far as I know, and needless to say, many have tried. The correct way to uninstall is to run in the password-protected "thawed" state, run the Deep Freeze install program again, which will ask for password once more and then, and only then, are you given the uninstall option.

About what? You didn't really offer any observation except that you should uninstall correctly. If you mean the "tracking data" comment. That made no sense at all, could you elaborate?

 

Pete/Spy 1,

You have made some excellent points regarding Deep Freeze and ShadowUser as well. I agree completely about the erasing of files on a frozen drive (and defragmenting) as it does no good at all. At reboot, you're back to exactly what you "froze" byte for byte. I also agree, and said in an earlier post, that Process Guard is an incredible security tool. Nobody can go wrong using it. Thanks for your input, great stuff!
Gerard

 

The single most critical thing you do when Deep Freeze is first installed is to ensure a clean machine. That means running a complete security wash of your PC. Antivirus, AT, anti-spyware, safer XP configurations, the whole ball of wax. After that, and offline, Deep Freeze should be installed along with all other programs. Everything should be configured to its perfect day-to-day state and then in "thawed" mode, an image should be made. Deep Freeze supports all major imaging programs (Ghost, True Image, older and better Drive Image, all of them.) That perfect system image with Deep Freeze installed becomes your master in the event of a hard drive failure, etc. It is also used by some individuals as the last safety net, as you know that the master image is as clean as one can make their PC. Deep Freeze will keep it that way upon each and every reboot.

 

sorry for the misunderstanding what i mean by tracking is how does deep freeze works in order to restore your system upon reboot thats what i meant deep freeze has to know what you have on your hard drive First kind of like data comparison before and after kind of thing for example take norton ghost for instance in order for ghost to restore your comp ghost has to read off a ghost image file first and whatever the condition of the image file is thats how your hard drive will be exact identical from that image now problem with images is that they can take a great deal of space unless u have external drive for dedicated backups (for those that only have a single very large drive would have to partion the drive in order to save your ghost image) but the point to all this that deep freeze doesnt take up hardly any space in fact only space is being used is what you actually have on your hard drive i closely monitored the drive space before i installed DF and after installed you wouldnt even notice a slight change even in thaw mode or frozen mode only space being used up is your stuff and of course windows and programs but nothing extra nothing hidden even and if they were hidden somewhere your drive still has to register total space usage by the drive's properties (unless ntfs security user accounts are placed that prevents displaying the drive info for some security reason) if windows doesnt register then it will be overwritten basically as it will be marked as deleted data waiting to get overwritten and i doubt it that it uses a hidden partition cuz you find yourself that c drive will get smaller and smaller as you add more programs in thaw mode meaning its not just your programs that are takin up space but the hidden DF partition is being updated since df doesnt know how much stuff you be adding thats like 2x the space usage. 1 for your installed programs 2 to update df partition if its true that is and that would not be cool at all lol. So basically deep freeze is using some kind of bizzare method of keeping track of your data but hardly takes up any space what so ever so to restore your comp to a clean state on every restart. Hey something must give one way or the other it just cant magically restore your comp without needing whatever deep freeze needs to restore your comp lol

NOTE:Norton Ghost and Deep Freeze are totally Diffrent programs but both have diffrent ways of restoring your system Norton Ghost relys on imaging
deep freeze its kind of like what ghost does but doesnt rely on images just a simple restart

well hope this wasnt too long for most people =) it was fun posting this info and i am open for any opinions and thoughts and hope you guys enjoy reading this as much as i enjoy typing this lol

 

Gerard - You're quite welcome. I was "on fire" about ShadowSurfer/ShadowUser when I first stumbled across it, too. As time went on, though, I found that the four main problems with any type of program like this were:

(1) lack-of-interest on the public's part. I can't even tell you how many sites I posted on about SU - and the deafening silence I received in return in all but a few cases.

(2) user confusion about what the given program actually is, does and how to properly implement it.

(3) User inability/un-willingness to properly set up the computer beforehand for most effective use of either progam.

(4) User irritation with the limitations that automatically come with using programs like DF and SU - having to go through more steps to save something actually wanted/having to re-boot - in DF's case, having to deal with FreezeX - leading to either improper technique in utilizing the programs, or their complete abandonment.

To sum it up, at least for me, programs like DF or S/U are oversight programs, excellent for those who need to prevent damage caused by other users' of their computers. They require attention, fine-tuning and as complete an understanding of what the programs are actually doing and capable of as is possible for effective use.

If either program does catch on wildly, they'll be attacked - probably at the point where the "un-freeze" occurs in some fashion so that something can get passed back to actual system files. Having a bunch of high-school or college students attempting to crack a program is one thing - having all the highly-paid and motivated programmers of the scumware-makers' involved - or actual hackers/malware-writers' - is liable to present new challenges, to say the least.

In a way running such programs isn't a threat to a lot malware/spyware-makers'. After all, the programs don't block pop-ups, they allow information to be stolen even if "only" during a "frozen" session, etc.

I wish these kinds of programs were the answer - but in their current state, I really don't see that as being the case. Pete

 

That i do agree with spy1 was mentioning when it comes to identiy theft credit cards, personal info thats a diffrent story didnt say that deep freeze will protect you from these kind of attacks but will however minimize the threats dramatically since all spywares and viruses will be gone upon reboot faster than you can launch ad aware personal se additional to that scan your system for viruses while your add it and update and configure it properly and probably requires 1 or 2 reboots or more to successfully remove all spywares and viruses. Now if someone was trying to hack you or out to get you i would take this threat seriously during that windows session. Personally when it comes to personal data stored on your computer i would be very concered i would rather have them on a secure hard drive or on removable media such as cd's/dvd's etc and put them in a very safe place in your house. Save all personal data thats valued to you else where. and also make sure where you going to store your personal info that it is reliable.


And as for hacking Deep Freeze or shadowuser (not to sure with shadowuser never used it so i just stay with deep freeze cuz deep freeze is the only one I use) only thing i can come out with is someone knowing your password not hacking the password. Deep freeze is not going to make this any easy what so ever if anyone dares to temper with it while its in use (Installed). It is almost of saying hey lets hack into this computer and steal the windows login password. Well good luck on that one lol. The thing is hackers can only do so much hacking while windows is running to truly hack the windows login password you would physically have to be on the computer so you can boot up windows xp cd to the recovery console or using other bootable programs lol. guess what i am trying to point out is even if your the best hacker out there and know your way ins and out you just cant access files that are being in used by windows and i am pretty sure the windows login password is stored on a sam file somwhere in windows folder thats always in use while windows is running of course and its access denied. pretty sure thats how deep freeze is setup the persi0.sys file is always in use and its hands off which is located on C:\ (persi0.sys this is where deep freeze password is stored and what state is it in thaw or frozen) and since deep freeze is a kernel program any forced attacks on it or if it ever happens has been disabled other than running deep freeze diallog box and type in your password and thaw it pretty much windows is screwed lol (unless you boot off a bootable xp cd or a os cd (if your drive is ntfs better use xp or win2k cd lol any early version of dos cant see ntfs volumes) and then you can copy the persi0.sy file but who wants to go thru all that trouble anyways lol not to mention might have to configure your bios to get it to boot not getting into details about this part you know how this bios thing goes. so hackers wont even bother trying to hack it instead they hack your info instead cuz its more easier than hacking deep freeze lol as long as you dont restart yes i can see this can happen so to combat this i use adware for spyware and house call trend micro for viruses which is a online virus scanning web based most likely you be using adware more frequently good thing deep freeze allows you to have thaw drives which is where ad aware is kept as it doesnt rely no registry entries=)and that my friend security at its best lol

hope you guys find this interesting

 

I hate to be the one to say it, but I'd find your remarks a lot more intelligible (and interesting) if you'd try exercising things like correct spelling, punctuation, etc., instead of two-hundred-word mongrelly-worded sentences.

You sound intelligent enough to manage that if you'd simply put your mind to it - and it would make it a LOT more interesting if people didn't have to decipher what you're saying on-the-fly. Pete

 

Are you talking about files created or d/l'ed while in the frozen state? Or system files? Because you couldn't have erased anything but the copies of the system files that were being run in the temporary zone during a frozen state.

It's currently possible to shut down the highest level of FreezeX protection. Then you can access or delete any previously protected exe, ocx, dll, etc...(those not in use). For example, once FX is disabled it's possible to run WinHex against the not-so-free space. Enough? The free space is not being protected or restored byte for byte, evidenced by the corruption of the hidden(?) DF info by the disk wiping utility. Today I can 'undelete' yesterdays content, including DF files that were inaccessible in yesterdays C:\*.* directories.

 

well sorry about that i am new to posting forums and i do know how to spell just that i got used to how people type that way once again I am sorry. I try better next time.


Hope you guys find my posts interesting=)

 

I agree with Pete. Just so you know, I don't think it's the spelling as much as it is the total lack of punctuation. Periods, commas, question marks and basics like that. Being new to the forums shouldn't have anything to do with that as it's just basic writing. I agree with Pete that you have a lot to offer here. BUT, I also agree that it's hard to read your posts. Nothing personal, you have some good thoughts.

 

What exactly is freezex?

 

Hi bjmp24,

Take a look at these links: FreezeX and FreezeX FAQ.

Nick

 

http://www.faronics.com/html/Freezex.asp

Hmm - it looks like a stand-alone program, separate from DeepFreeze?

(I don't know why, but I was under the impression that they came together). FreezeX is apparently for use on the computer when it's in its' UN-frozen state.

According to "do tell" (depending on how much credence you want to impute to an anonymous poster) FreezeX can be hacked and dis-abled, allowing your so-called "clean" state to become - well - DIRTY! <g>

Looks like PG stands head-and-shoulders above that one. Pete