Deep Freeze Experiences

Discussion in 'other security issues & news' started by LockBox, Dec 29, 2004.

Thread Status:
Not open for further replies.
  1. Stilgar

    Stilgar Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    5
    I have it but it does no good when the blue screen of death comes around
    (crashes with error in DepFrzLo.sys)
    strange but I got this error after installing both .NET 3.0 and IE7 on 4 out of 6 machines
     
  2. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, folks: I have DF standard for a while, lately I added .NET 3.0 and upgraed to IE7 w/o any sort of problem except one. The BSOD you encountered may not be caused by DF. Do have any other IE plugins may not sit well w/ new IE7? I used to have an adblocker type product it did cause BSOD after installing IE7, and the problem solved after removing that app. Good Luck.
     
  3. Stilgar

    Stilgar Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    5
    its was a fresh Windows install just frozen and I decided to add IE7. I don't have any addons except for the default addons that come with IE7 (not even new version of flash)
    The error is definitely with DF (though it may be windows' fault) as the BSOD states an error in DepFrzLo.sys and if I try to run the computer in Safe mode even in Safe mode with command prompt only I still get a crash when Windows is trying to load DepFrzLo.sys
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi,folks: DF,s DepFrzlo.sys is a kernel driver. If an error was issued by it, that could indicate a conflict of driver at kernel level. Do you have some apps initiated at kernel level? BTW, you said there are other 2 of 6 machines having no problems? Do they have identical apps lineup as the troubled 4 ? If there is no errors w/ the good 2, then the integrity issue of DF is out of the way. IMO.
     
    Last edited: Dec 21, 2006
  5. Stilgar

    Stilgar Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    5
    the six machines have absolutely identical hardware and as much of identical software as humanly possible (however they are not build from image) The only kernel software I think is Daemon Tools (actually I'm not sure it installs anything at kernel level) and it was there before installing deep freeze and everything was fine. So it's either IE7 or .NET 3.0 that caused the conflict. after I reinstalled everything I installed IE7 and .NET 3.0 and installed deep freeze after that. I have no problems for week now. I had DF on 16 machines before and they run for years with just one BSOD with the same DepFrzLo.sys error but then I think it was hard drive failure and the crashes didn't come after installation in unfrozen mode. So I was stunned when these 4 machines failed. I didn't even bother to backup or image any of them because I was so confident that no problems can possibly occur and the hardware was brand new.
     
  6. jimwbruce

    jimwbruce Registered Member

    Joined:
    May 8, 2007
    Posts:
    1
    Location:
    Merritt, BC
    Re: Deep Freeze and Word autobackups, a problem

    We use deep freeze in our college library comptuter lab. It works well with one problem that has persisted. It results because students are not the best at making backups (incredible revelation, right?). Word can be configured to save autorecover backups which will save your butt when you haven't backed up that 10 page report that you have worked on for three hours. But the autorecover is of limited use in Deep Freeze.

    If the students responds when facing a system lockup by rebooting the computer, all timed basckups made to the hard drive are eliminated. Deep-Freeze dutifully restores the computer like Cinderella's godmother to the condition it was at midnight the night before. Back to the ashes for the student.

    Each student in our college DOES have a novell folder for file storage. If you logon to Novell with username n0007832 you will have a folder on the public server called "n0007832". That data does not get eliminated. Logicaly the timed backups should be stored in these folders.

    However, word can only be configured to save autorecover files to ONE location which is set in Tools--Options--File locations. If we set the "autorecover files" to go to folder.../n0007832 then that would be of no applicability for student n0003232 etc.

    I have been told that if we leave a folder on the hard drive "thawed" then the purpose of deep-freeze has been defeated. Also we would allow new students on a machine the option of reading backups from a previous user.

    Does anyone see a way around this conundrom?

    Jim Bruce
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Re: Deep Freeze and Word autobackups, a problem

    I assume you have the Enterprise Edition installed for the lab, where a virtual Thawed drive T:\ is created upon installation on each workstation. You can point the ASD directory there.

    T:\ is used here by instructors and students to store classroom presentations and files, etc. They know it's not secure, but it gives them a temporary storage place.

    Then, standard procedure should be that the student, upon creating a new Word document, does File|SaveAS to his/her Novell folder, giving the document a file name. A Ctrl + S save should be done regularly while working on the document. Then in the worst case scenario, the document up to the last save is in the Novell folder, no matter what happens to the ASD temp file.

    AutoSave/Recover is a great feature, but I wouldn't depend solely on it.

    regards,

    -rich
     
  8. AMac

    AMac Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    1
    I work for a Junior college and we run DF in most of our labs. I say most, because the one department that needed DF most, the Computer Science department, hated DF even though their lab coordinator had full control of it. Sloppy work on the part of the Lab Coor led to a bad rap and DF being uninstalled. There was a complete lack of understanding about what the program did, how it worked. Although we don't manage labs, we do babysit three. Between DF, imaging, and WSUS, we literally set them and forget them. All the other lab folks love the product. Look at all the time saved since they don't have to clean up after students. The only problem we've had is if the Lab Coors don't leave their labs on at night for the update maintenance period and things get out of sync, but it's a usually easy fix of thawing and letting the pcs finish the process. I love the product, and I feel it's just another part of our security tools.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    DeepFreeze is a recovery tool, not a security tool. DeepFreeze doesn't see the difference between a good object and a bad object, only security tools can do that.
    DF doesn't remove a bad object, because it's malware. DF removes it because it is a harddisk-change, which means that DF also removes the good changes.
    That is also the reason why DF is better than all existing scanners, because it doesn't need signatures to remove malware, it considers each malware as a harddisk-change and that is the most perfect killer of malware you can get, because all infections have one weakness in common : they change your harddisk.
     
    Last edited: Jun 6, 2007
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Hello ErikAlbert,

    Good and bad are relative terms.

    In an educational environment, any changes a student makes to the Hard Disk are bad (=unwanted).

    So, Reboot-to-Restore (=Recovery) removes these changes.

    From the standpoint of a System Administrator, this secures (=provides security for) the workstation.

    I think this is the context in which AMac was using the word security when he said,


    -rich
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Sorry but I don't agree, good and bad objects are a fact and do exist.

    What you decide to do with good objects is relative. Some environments don't want them, like in schools, while other environments want to keep good objects.
    I just don't want recovery softwares being confused with security softwares.

    If DF was a security tool, it would keep the good changes and undo the bad changes, but that doesn't happen, it undoes good and bad changes.

    An interesting question is : "Do you really need the good changes, if you always boot in an unchanged harddisk ?"
     
  12. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    OK, I'll describe Deep Freeze this way: it is a software which adds to the security of the workstation (=keeps it secure) by rebooting to previous good state.

    How is that!

    Deep Freeze denies by default the saving of any changes to the hard drive while in Frozen Mode. There is no option to commit|save any changes.

    You can understand how this bullet-proof solution is ideal for educational environments where there is no option for the user to save anything.

    Now, this is not so convenient for some home systems, and requires at least two partitions, one of which will stay Thawed (unfrozen) so as to permit saves to disk for user files.

    And so, it's interesting to watch the development of similar products which will permit saves during the current session without requiring a reboot.

    A benefit to everyone of the competiveness of the software industry is the different solutions becoming available to meet different needs.

    -rich
     
  13. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Very nice explanation. Sums it up perfectly.

    Thanks,

    Chris
     
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Hello Chris,

    Haven't seen you around here so much lately. Are you still testing?

    I wonder if people notice two products in your Sig: Viguard and Unhackme.

    I remember being impressed with your results with Viguard last year when everyone (who could test) went to that strange site with the drive-by download.

    With respect to Deep Freeze: somewhere buried in this long thread are some posts asking why Faronics doesn't make the Home edition of DF capable of changing to Thawed state without a reboot, or being able to commit changes while in a Frozen state.

    Personally, I'm glad they haven't compromised the strategy of their program.

    Also, I assume it would be difficult to do. DF does not load the partition into RAM, nor work in a snapshot. Those methods, it seems to me, make it easier to provide options to save changes, change state without reboot, etc., as are being developed in other reboot-to-restore programs

    It's a solution designed originally for specific environments, and I'm glad they have provided a Home (Standard) edition for those who prefer such a solution.


    regards,

    -rich
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.