Deep Freeze Experiences

Hi,

pardon me if I havn't understood this, but it seems to me that anybody relying on such a program will be risking any hacker getting hold of any data on their PC?

Disaster Scenario:-

Relying on Deep Freeze, go onto bank not realizing that a key logger has already been installed into your system just before you logged onto your bank. Hey the hacker has got your money!! Doesn't make a cent's worth of difference if your PC is put back as it was when you reboot!!

So it seems that using Deep Freeze is only useful if you actually restrict your own internet usage to things where security isn't required anyway! and that you musn't have any personal or valuable data on your system that you don't wnat others to have.

It seems to me then that for many users the program will be useless?? I'll stick with my tried and tested "buffet" of security!

Regards Jo M

 

In my case that's not entirely true Jo M, I use a hardware firewall for that, among other things it features stealth ports, intrusion detection and some other neat features that protect me in that way, as for identity theft and online paypal or bank usage Ghostsurf detects keyloggers, tunnels your requests through secure hubs, so even if I do online shopping I don't worry about that, using Freeze X when the computer is thawed seems reasonable but I haven't required it. Now here is the point, if a disaster should crash my system (very hard, almos an imposible worst case scenario) I use Norton Ghost to restore my C partition and I can be back on 3 minutes, reinstall Deep Freeze and I am on again. You are all probably right in the fact that there is no ultimate security tool on a standalone version, but for me this combination has worked to date and I don't need to keep any definitions, service packs, updates, etc. It's always solid. But some people just love to have an antivirus and they feel safe and comfortable using it and all that stuff. If a virus affects a thawed partition (most viruses target your c partition and the windows folder itself) I also have that backed up so I gues I 'm not worried at the moment.

 

I see there has been some questions as to where I am(?). Quite simply, I am working, up north in British Columbia today. I really don't have time to participate like I would like in this thread, but the ideas and thoughts have been invaluable! I said in my second post that I was not wanting to be pulled into the back and forth of this thread, that I merely wanted to open the discussion to gather information. My non-participation hasn't been entirely successful, but that's fine too.

Before I go any further, let me say that I truly would not use Deep Freeze without an anti-virus, firewall, and FreezeX. But that's all, and honestly, the AV is only needed for certain data configurations. I know that Faronics blanketly recommends using an AV with Deep Freeze, but if the data folders are configured properly, even that is not necessary. However, a good firewall and FreezeX (or something similar) are must haves with Deep Freeze.

There seem to be many questions concerning Deep Freeze and the possibility of a keylogger being placed on the computer immediately after a reboot and into a "frozen" state. First of all, let's be honest about the improbable odds of this happening as keyloggers are most often (but not always) placed on an unsuspecting box by someone having physical access to the computer. For those that are not and are dropped by a trojan, or even an email attachment, let me explain how FreezeX works and how a keylogger simply could not execute.

FreezeX was made to be a companion program to Deep Freeze to be a watchdog program during "thawed" states, especially, but also during everyday "frozen" sessions. FreezeX is unique in its "whitelist" methodology. Simply, no program can execute unless you have explicitly told FreezeX that it is allowed to execute. The whitelist process of FreezeX allows only programs to execute that you have given prior permission to execute. Simple, simple.

Scenario: As some have suggested, you boot into a perfect state with Deep Freeze and the computer is immediately hit with a keylogging program. For that program to operate it must do what? Execute. However, any program trying to run simply will not run as FreezeX allows only the execution of programs that you have given prior approval to do so. That also includes rogue programs attempting to use file names of programs that you have whitelisted. FreezeX knows the difference, based on checksums, etc., between the firefox.exe you have allowed to execute, and a firefox.exe that might attempt to execute as a keylogger. The result of Deep Freeze w/ FreezeX is total protection from keyloggers. That, of course, is the main concern as nothing else can do any kind of damage that can't be immediately fixed upon reboot. As someone suggested, you can remove system files, let a virus eat up system32 files, delete the Windows directory itself, anything at all can happen and it simply does not matter. It's all fixed and perfect again on reboot.

I am very interested in hearing from those posters who seem to feel they have found ways to break Deep Freeze protection. Please use PM or email and let me know what you have done that you feel has compromised Deep Freeze. To my knowledge, it has never been done. DF is on hundreds of thousands of computers all over the world in schools, libraries, Internet cafes, and yes, business and home use. Well educated students and hackers have done their best to break DF, but without success. If any of the posters have truly broken Deep Freeze protection, I would like very much to hear about it.

I wish I could write more, but I must get back to work. Again, thank you for all of the great feedback as much of it has been very useful.

Regards to all,
Gerard Morentzy

 

Well I have heard horrible stories about FreezeX http://www.digitalvideoediting.com/articles/viewarticle.jsp?id=28878-0 for example which has a very interesting review of the cons of that program. I'd rather use an AV instead of going through all that. Jo M it's interesting that you mention HyperOS how does that feel as opposed to DF? And Gerard from what I know the only known way to break DF is bypassing windows by making changes to your CMOS.

 

Hello,

I didn't read every post, but I join Notok's opinion :

Then we comes to the fact that DF needs a companion, to block anything to launch. No matter the product which does that, it does not nullifies any security threat, it still remains one of the most powerfull one, the buffer overflow.
With it, you can make your favorite (allowed) IM program gather personal data and send them out without executing any new executable.
I may be wrong on this point, if so anyone correcting me will be appreciated, but a memory scanner and a firewall are needed anyway, you cannot rely only on a single software.

Note that I do not say it is not good to use (it's probably a wonderfull software, providing a simple and efficient solution), just that it is not good to use alone.

regards,
gkweb.

 

Hi,

Too many softwares with a great marketing...
But it's also great if they exist...

Pardon me gentlemen, but i don't want to transform my PC on a fortress.
Inside, i haven't the bank's account of Bill Gates, Ruppert Murdoch or Walton's brothers.
And i don't want to see my security more expensive than my PC...

To stay on the subject, there's another soft of the same kind.

***DriveVaccine:

http://www.horizondatasys.com/drivevaccine/index.html

On this site, a free utility is available:ExeVaccine (an executable filter).
This tool is the same as Trust-No-Exe:

http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm

At last, i'd rather the old method:classical and frequently back-ups on external drives.

Regards

 

Thanks Auron for that link on Freeze X.....That seems to be the only user
review Ive seen or could find. To me it's too much of an unknown to put
much trust in.

 

You are right Just Wondering there aren't any other reviews about FreezeX out there but honestly I think it's against the flexiblility provided by Deep Freeze. An interesting forum where the powers of DF are discussed is here http://listserv.utk.edu/cgi-bin/wa?A1=ind0403&L=libnt-l Then again gkweb why would I need an AV with my current set up? (you can sme of my previous posts to check it). As for online banking some AVs don't do such a good job detecting malware, spyware and things of the sort nor does a firewall, that protects you again intruders basically. And finally here is a funny forum about removing DF ~snip~ , some lamers actually trying to remove it from windows. If you look for the crack you will realize of how hard it really is to break, booting from something like Caldera gives you a chance to look at the Persi0.sys file and may get the encrypted password, not using some regedit command. However this link is mentioned and you may find it interesting ~snip~ , this anti freeze app may work though I haven't tried it being based on a dos boot it gets more credibility.

Regards, Auron.

 

Auron

Yes
another Ghostsurf fan

I was wondering about globle hooks and the such with deepfreeze?
It seesm to me it is a program that allows anything to happen but then restores the drive.
Am I wrong?

What happenes before you reboot if you have a nasty?
It seems like it does not detect anything but relys on a reboot to restore everything.

Bruce

 

With all the respect controler but isn't it kinda late to be asking those questions I think the main topic now has reached more complex questions by now, but just in case you missed all the last posts yes deep freeze is a tool that allows you to "freeze" your hardrive so all changes are undone when you reboot so no "nasties" will affect you even the worst viruses out there.It is a kernell32 driver which means it doesn't rely on any imaging technology thus making it real fast. Hope that makes it clearer. And yes we are both Ghostsurf fans. This link ~snip~ was also obtained from the forum I posted recently and it is an interesting point of view over DF's passwords you can also check it, altough at this point I would like to know if anyone else uses some sort of protection beyond antiviruses and firewalls like hyperos (got to know that one because of someone in this forum) clean slate, drive vaccine or anything of the sort.

Regards, Auron.

 

We have used Deep Freeze in our school district in an area where children are that can't learn in a regular environment and usually are known for getting into trouble for over a year. The calls for problems have virtually disappeared. We are now implementing Deep Freeze throughout the district and looking into FreezeX for Administrative pcs.

We don't have enough manpower to keep up with all the spyware, IE problems and mischief and this solution is working really well for us. We have over 8300 pcs and close to 50 servers with about 30 full time/part time people trying to keep up with them.

 

Hey everyone here is some neat stuff on DF ~snip~ and this ~snip~ please go ahead and check them as they further explore DF's file deleting "capabilities" and they talk about a true hack (from windows itself) for DF ~snipped hack info~, really interesting.

 

Hi Auron,

Welcome to the forum.

No offence intended, but I am afraid I had to remove a few of the links you posted since our forum's Policy/TOS prohibits the posting of links to cracks and/or hacking information. We do appreciate your contribution to this thread, and also realize you were only replying in response to Gerard Morentzy's post #78 wherein he said: "If any of the posters have truly broken Deep Freeze protection, I would like very much to hear about it.", but unfortunately, we cannot allow such links.

Regards,

snap

 

Unless "FreezeX" seals off the PC while you're running it, the program does NOTHING to protect your computer from trojans, keyloggers, etc. between reboots. It's fine if you don't want extra stuff continually being added to the system, but it's completely defenseless against virii, trojans, etc. because all it does is restore the system. Furthermore, if you have a thawed section of your HD, there is absolutely NOTHING that prevents a trojan, virus, etc. from hiding there until the next reboot, thereby reinfecting the system.

Therefore, in order to be truly protected, you would STILL need to run AV, Spyware, firewall software to protect the PC while you're using it. Those people who swear by this as a replacement for other security programs are seriously deluding themselves. IMHO, any claim that AV software is not necessary if "the data folders are configured properly" is wholly irresponsible.

 

It seems that you haven't understood the point of DF cenobyte2k4, by protecting windows folders and mostly "C" drive stuff you avoid the pain of all the malware and spyware you can ever imagine. Spyware's target is rarely on a different partition, the same goes for malware and all, you name it. Sometimes just to prove that point I install ad aware and run a full system scan and guess what I have no spyware, adware or anything! sometimes I even install Norton AVs or Panda Titanium just to find out I have no viruses (luckily when I restart these softs are gone) I have been with this set up for more than a year, as the faronics slogan says "Protect your computers today against the unknown threats of tomorrow". Now calling someone irresponsible without even having tried that setup is something even more... well I guess you know what I am talking about. It was never my intention to say my set up is perfect or to offend people who use AVs, it's just the fact that I don't like AVs software and I haven't had any need for them.You can believe what you want just be respectful because I am here to insult other users or do any of that.

Regards, Auron

 

Hello, I'm new here.

Prior to reading this thread, I'd never heard of Deep Freeze, WinRollback, Drive Vaccine, or Shadow User. They do seem like necessary evils however in some applications (schools, coffee shops, etc.).

I'm wondering how one of these could be implemented for example, on my Mother's PC. She's VERY computer illiterate. Her computing usage consists of surfing, email, and a few games (offline).

I downloaded the Deep Freeze trial, and will be checking out WinRollback since the only limitation on it's trial version is that there's no password for the admin user interface.

What I've done in the past is create images of her machine (Ghost/Drive Image/Acronis True Image). One image upon initial XP install, another with drivers loaded, and a third when completely finished. I burn these to CD/DVD, yet also leave them on her data drive (2nd partition, only one HD).

If she has issues, I typically restore the complete image unless it's been long enough there are probably a lot of new versions of her apps available. If it's been even longer than that, I may restore the bare XP image and redo it all.

This has meant that I store her emails, etc. on her data partition, or back them up periodically. In the past, I've used a free utility (syncback) that I can set a schedule on to do the syncing of the data.

I was curious though, about how these applications would work with My Documents, etc. This lead me to the following Microsoft URL:

Combining Folder Redirection with Roaming User Profiles - scroll down for "Default Behavior of Profile Folders"

She's obviously not in a situtation where I can apply group policy rules, so how are you (the current users of these applications) maintaining your ever changing user data such as favorites/bookmarks, emails, desktop wallpaper/icons/files, etc.?

I read where one of the applications (Shadow User?) allowed folders to be excluded from the "frozen" state. That might work. Is that the best way to handle these folders?

 

What if the app requires a restart to function?

 

Sorry for replying to my own reply, but I need to post this.

I downloaded and installed WinRollback this evening. The install was a no-brainer, just required a reboot.

The website warns of a nag screen, but this isn't your typical nag screen...and that's not the worst part.

Upon bootup, I was presented with a nag screen that not only made me wait about 30 seconds, but also took over the entire desktop. Nothing would kill it or bypass it. Ctrl-Alt-Del did nothing, Shift-Ctrl-Esc wouldn't pull up the task manager, nada.

Ok, 30 seconds pass, and it goes away. Ok not "too" bad I think. I try opening the admin screen and it gives me a message telling me that the driver isn't loaded. Bear in mind, there's an icon in my systray. The GUI loads fine via the Start Menu but attempting to turn the software on/off gives the same "driver not loaded" error message.

During this time, the nag screen would reappear out of nowhere, whether I was messing w/the application or not. I'd be working on something, then all of a sudden the entire desktop is gone and here's their nag screen...30 seconds of it. At that point I was ready to strangle the developers...but wait, it gets better.

It won't let me uninstall it..why? Because the driver isn't loaded!!!

Their documentation lists the locations it puts files. Cool, I'll just delete (or move) them, and delete the two registry keys it added. So, I did.

Reboot....uh...reboot....reboot?

That was the cycle, continuous reboots.

I booted to Acronis, and made an image. I then restored an image from a little less than a week ago. I booted up into it, and restored data out of my "bad image", and here I am.

If you aren't getting the message here, stay AWAY from WINROLLBACK.

 

Hello everyone it's nice to see some activity in the forum again, ok airjrdn. I’ll start with your question about maintaining changes on my documents, bookmarks, etc. Well for this you'll have to map those folders to a different thawed partition. You can do this by using windows xp powertoy tweak ui or via the registry, that way changes will remain after every boot. Also I have worked a lot on configuring programs like opera, edonkey, limewire to have them on a totally different hardrive increasing their performance. Now regarding your question about the anti virus apps that may require a restart in my case logging off has been enough and then logging on again. Another killer feature that we are forgetting about DF is that hard drives remain defragmented all the time, no need to maintain or defrag them, this is really useful since I have a different partition for temp files and it’s always fast since all the files are contiguous and it stays on top performance. Another recommendation is if you are going to create an image file uninstall DF create your image file and then reinstall it, otherwise you could have a corrupt install when recovering from that image.

 

Thanks for the reply.

Last night I installed (reluctantly) ShadowUser Pro (the trial). One thing I liked was that you could exclude folders (email, fav's, etc.). That's a nice feature. Unfortunately, it's around $70. I won't spend that much on it. $30 would be doable, but at $70, I'll just use Acronis True Image and have it create incremental images each night. With that, I don't have to continually be aware of whether or not the software is on, or off, or reboot to turn it on or off, etc. That's a little cumbersome.

 

The price may be a little steep but ShadowUser Pro is an excellent program and for around 30 dollars you can get ShadowSurfer which pretty much the same thing except with no folder exclusions or commit.

Thanks,

Chris

 

I got fed up having a million security programs running in memory so I wanted to find 1 program to do the lot.

I run Deep Freeze on a partitioned HD, 1 for OS and programs (frozen), the other for documents (unfrozen).

I also thought that running Deep Freeze and Process Guard was the ultimate defence (and only 2 programs in memory) assuming XP firewall is on to stop incoming. While surfing the internet, any malware would be stopped from running or connecting to the internet by Process Guard and when I rebooted, all traces of the malware would be gone. I wouldn't need any AV or AS scans which take longer than a reboot.

The only flaw I could find was for e-mail. Lets say a friend e-mails a small game for me to play. Neither of us are aware that this game contains malware and I save it on the unfrozen partition. I run the game and Process Guard pops up to tell me it's trying to run. I say OK, and its runs the game which I play. At the same time, the supposed game is also sending personal information over the internet (or some other unwanted activity of which there are many). The only way to actually get rid of the malware is to run AV and AS scans and I need to get rid because it will run every time I play the game.

So my conclusion was that I still need AV/AS software but at least I don't need to have it running in memory.

 

Well, a good firewall (sygate) would take care of a portion of that as it will alert you to outgoing traffic.

What if the malware (on your non-frozen partition) decided to simply do a delete of all of the data on the drive it's on though? In that instance, only a backup will suffice I guess.

 

I have been reading this thread with interest. I had also looked at the deepfreeze site and documentation there.

As I understand it the original theme of this thread related to the use of deepfreeze on home PCs. I'd like to point out that most home users do not have the knowledge or understanding to use such a sophisticated piece of software.
Deepfreeze would have to be made much easier to use before it would be likely to appeal to most home users.

For example, the vast majority of home users get their PCs with a single hard drive and just one partition (as far as I know, most PCs are sold that way). If I have understood correctly, deepfreeze requires data and other personal files to be kept on a separate partition or hard drive to avoid its being lost on a reboot, if changes are made in a frozen state (the whole point being that that would be the normal state)?
If so, few home users would know how to go about creating additional partitions (for which they would need some third party software, in itself not without risk of being used incorrectly). Maybe deepfreeze could add a facility to automatically create such a partition and move all the personal folders to it (also making the necessary path changes in apps and registry) during its installation? Not easy since people could have all sorts of apps installed, some of which could be rather particular about where files are placed.

Also, for most home users, the simple daily things mentioned in some of the posts that people do (download email, files and music, creating or editing documents, adding bookmarks as they surf, etc.): if these get lost on reboot, I think that the net result with many home users is that to save themselves the trouble, they would end up running in thawed state most of the time, defeating the object.

Then the question of the use of automatic updates by most software, which is usually recommended to be used on home PCs (often the default option for apps which home users would not change): that would need to be taken care of to avoid losing the updates on reboot, if, as intended the system is normally used in frozen state. Many home users using auomatic updates don't even realise when some update has been downloaded.

While of course the savvy user would know how to set up the system and how to operate it frozen/thawed as needed, I doubt that this is more than a small minority of home users.

So my conclusion is that in its present state deepfreeze really is not suitable for the vast majority of home users. This is not a criticism of deepreeze, as it has so far been targeted at markets that would be expected to be managed by an IT administrator, and for those situations its concept has impressed me greatly (albeit I have had no occasion to try it out, but I always believe everything I read ). It's just that I think the home user market is on a completely different level of the knowledge and ability that software can expect its users to possess. If you start off by telling them that they must first partition their hard drive or install a second one, then make all the necessary changes in all the apps to move their data files to the separate partition, they will not even try, or if they do, they are very likely to end up disastrously.

A free-for-home use version of freezeX would be good, exe vaccine offers a free version, but I think freezeX is better for the home user as on install it automatically adds all already installed executables to its white list, whereas from a brief look at exe vaccine, I got the impression that it requires careful setting up on first install.

 

JRosenfeld's points are well taken. We have the Enterprise version of DF at the college district where I work; this version installs a virtual "Thawed" drive for use by instructors as data storage. This was not intended to be a regular partition for installing applications, for instance, and would not be suitable for such on a home system. That might be the reason why the Standard version of DF doesn't install this virtual drive.

I spent about two weeks re-configuring my home computer before taking the plunge with DF. As JRosenfeld writes, you need at least two partitions or hard drives.

There are other issues, many of which have been addressed in the DF FAQ on the Faronics web site. For instance, those who still use IE and OE would have to remap the cache and stored mail to another partition - easy to do with the newer versions. (Those who still use IE and OE would have to keep up with Windows Updates to patch those leaky vessels)

Those who use My Documents and its subfolders would have to remap those folders also - easily done with TweakUI which lets you move various Shell User folders via a GUI rather than going to the Registry.

Anything that writes to the Registry while the system is in a frozen state will go away on reboot. This is a problem if you use MRU lists - at Start|Run, for instance. Some programs, like MSWord, store recent file lists in the Registry. Some programs store their configuration settings in the Registry. Any changes made to these settings would have to be done in a thawed state. All of my programs except Word use *.ini files which are stored in their program folder on a separate partition, so this is not an issue with me.

So, there are many considerations, but well-worth the effort to work them out. I use DF just for the purpose of locking down C:\. In poking around the other forums, I notice that those who use Deep Freeze add one or more other protective layers, depending on their level of paranoia.

I use a firewall, and MS WordViewer for opening *doc email attachments (WordViewer does not run any code.) That's all I have, and have been very satisified to not have worry about constantly updating AV and all of that stuff.

I agree, but I don't envision Faronics making DF any easier to use - it would compromise the level of security it provides.

-Rmus