Deep Freeze vs PowerShadow

Discussion in 'sandboxing & virtualization' started by WilliamP, May 14, 2007.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    How do these compare? I can't run PS on my XP Pro. box so maybe DF will work.
     
  2. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I haven't used deep freeze, one of the two or three left I haven't tried, but those who have it seem to like and trust it. From what I've read, it's just about bullet proof - as seems to be Powershadow so far.
     
  3. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I am using DF standard on WinXP home sp2. am a happy camper. I can share my hand-on experience w/ you. DP has only three(3) options. Thawed, freeze and clone. After installation, you choose the volume to have DF applied to. It is a nearly 100% bullet and tamper proof. Upon reboot, everything on disk in frozen mode is virtually erased, not a single trace of changes is allowed to remain. Anyone has a physical access to your box CANNOT tamper it by trying to uninstall it. This individual needs password to get to it. And he/she can not find DF's uninstaller anywhere in your box. You need original d/l installation folder and passward to uninstall it. Few drawbacks thou; (1) once DF is installed, your partition app no longer functions, you can not resize your drive (2) some deep hooking security apps such as Cyberhawks, Blinks personal internet security, will render DF unstable.
    After having DF's service, I have cut down scanners to just few, and daily cleanup(internet history, disk space recovry) choes has been reduced substantially. I have not tested PowerShadow yet, but from I have read here so far, it is a remarkble app. But until this day, there is one feature still puzzling me, that is its ability of switching from normal mode into shadow mode without rebooting. How? I do'nt know, it's so unique that i joked that PS should have a pending patent by now. Have a nice day.
     
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Right now I am trying DF. It is up and running. So far no problems. I know it has been around a long time and since I can't run PowerShadow I just decided to see how it works. So far the only thing I don't like is it has to be booted Frozen or Thawed. That in itself is no problem. But if you boot thawed you have to re-boot to freeze it. With PS you can go into Shadow mode without boot. Of course you have to re-boot to come out of Shadow mode. Perman, what other programs can conflict with DF? I have a few such as NOD, DefenseWall, BoClean and,SSM,and FD-ISR
     
    Last edited: May 14, 2007
  5. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I don't know how Powershadow goes into shadow mode without a reboot, either, Perman, but it's nice. When I have PS engaged all day, I don't need ccleaner or anything else at the end of the day.

    If I have a whole day free, I download and try things to my heart's content and, next day when I turn on the computer every single trace is gone.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    You can imagine a potential security hazard: if something has changed on the system partition while in Frozen state, and you could switch to Thawed on the fly, and then re-freeze on the fly, those changes would become permanent - frozen.

    By requiring a reboot to thaw, any changes to the system partition would be discarded. That is the principle of Deep Freeze's Reboot-to-Restore.

    Whether the way PS does it avoids this potential problem, I don't know.

    With many programs competing for space down in the kernel territory, a good idea is to contact Faronics about any known conflicts with your programs.

    Of course, a system backup should be made before evaluating programs such as these, just in case unknown conflicts might occur :)

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  7. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Right now, Powershadow requires no reboot to go into shadow mode. It does require a reboot to exit, and everything you haven't saved to another drive or partition is gone.

    Powershadow is supposedly working on a newer version that will not require a reboot to exit shadow mode. It isn't here yet, though.
     
  8. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have a snapshot of my sys,[ FD-ISR ] and I update it about every third day. Plus an archived snap on an external USB enclosure.
     
  9. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, WilliamP: any other apps may have issues w/ DF? I am running ZA pro, Avast home, ComodoBoClean, prevx1, winpatrol plus, BlackIce and McAfee Antispyware Enterprise, having no problems. You may not need defensewall any more, since DF would cover more ground than it. As to FD-ISR, I can not install it after DF. But I did not try to inst FD-ISR first and then DF, therefore I do not know how they work. I like to have both working together, I will try someday. Rebboting is a proper procedure for switching disk status. I would not mind doing it w/ DF. While you are testing DF, just to measure how much time you can save at the end of day by not having to cleanup your internet history/disk space. One other drawback I have forgotten mentioning is: you can not try program requiring reboot after installation(most security apps demand reboot). While in DF's frozen mode, welcome to play games(even needing to d/l 100 MB) for the day, and then reboot , everything is back to normal. The longer you have DF, the more fun side of it you will discover. Enjoy it. It is a safe-hex application after all. :)
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm using the same method as DF, but with FDISR and I also have a freeze storage (= archived snapshot).
    You only have to be carefull with re-freezing, if your system partition is infected you will re-freeze the infections as well, but I'm sure DF has the same problem.
     
  11. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, Eric: If the system partition is infected during thawed state, the problem will stay after frozen, nothing will change, however, if this infection took place in frozen mode, it will vanish upon rebooting. Therefore, I do my daily routines exclusively in frozen state. I thaw it only when I need to update apps or install new ones, while being protected by whitelist(application control of BlackIce), allowing not a single window of opportunity for malware to sneak/execute upon my box. This tactic works so far so good, although losing some flexibility. Eric, you have very soild defense lineups. If majority of PC users adopts your concept, most(if not all) security apps vendors will go
    belly up. :) Have a nice one.
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It isn't inconvient, it is just another method of working.
    The classical security software are also very inconvenient, but once you get used to them, you don't consider them as inconvenient anymore. The feeling of inconvencience disappears once it becomes a habit and routine.
    At least we enjoy trying new softwares without any trace left, while other users can clean the mess, if they find the mess. :)
     
  13. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    "At least we enjoy trying new softwares without any trace left, while other users can clean the mess, if they find the mess."

    And isn't it great, in a weird way, to be able to watch a malware think it's trashing your system and then, poof, reboot and it's gone?
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It sure is, but I have one problem : I don't see the difference between good and bad objects, so I can't enjoy watching a malware trying to do its evil job, because I don't recognize it, I might watching a goodware without knowing it.
    Maybe I will enjoy this in the following years. :D
     
  15. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    294
    PDM in KIS complains about DF is using a keylogger driver (probably to catch the hotkey for freezing/thawing). Has anyone seen this?
     
  16. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I know DF uses 2 drivers; DepFrzlo.sys and DepFrzHi.sys and has been confirmed by HiddenFinder. What is the name of keylogger referred by KIS? DF needs HotKeys CTRL +ALT + SHIFT +F6 to open its control window. If this is what KIS's concern, then it is a F.P. What you think ? :)
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,058
    It's just complaining as the activity could be risky. Since you know it's okay, just trust it and go forward.
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Yet another option is Shadow User. It is like DeepFreeze on steroids -- LOTS of options. One of those options is that you can install and test software in shadow mode EVEN IF INSTALLATION REQUIRES RESTART!

    Also, ShadowUser gives you great flexibility as to which disks/files/partitions etc are frozen & which are not. Further, those settings can be easily modified - but only by you, the user. Shazam!
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,058
    WilliamP

    Since you already have FDISR, why not just use it. It also has the Freeze option and ErikAlbert can sure lay out how to set it up.

    Pete
     
  20. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thanks Pete. I may do that . I have often wondered about FD freeze.
     
  21. EASTER.2010

    EASTER.2010 Guest

    You posted very good steps for the FREEZE snapshot of FD Erik, in the FD-ISR forums today and i have to really applaud you for those. I was beginning to think it might just be too complicated 4 me but you trimmed away all the fat & fluff so that even i can grasp it now. ;)

    Thanks
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Is BlackIce software also a firewall, besides application control ?
    If yes, I'm interested, because I have a similar problem with UPDATING my frozen snapshot unprotected while I'm on the internet and that bothers me alot.
    A home page link to this product would be nice. :)
     
  23. Texcritter

    Texcritter Registered Member

    Joined:
    May 6, 2005
    Posts:
    1,985
    Location:
    Teesside, North East England
  24. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
Loading...
Thread Status:
Not open for further replies.