Discussion in 'sandboxing & virtualization' started by WilliamP, May 14, 2007.
How do these compare? I can't run PS on my XP Pro. box so maybe DF will work.
I haven't used deep freeze, one of the two or three left I haven't tried, but those who have it seem to like and trust it. From what I've read, it's just about bullet proof - as seems to be Powershadow so far.
Hi, folks: I am using DF standard on WinXP home sp2. am a happy camper. I can share my hand-on experience w/ you. DP has only three(3) options. Thawed, freeze and clone. After installation, you choose the volume to have DF applied to. It is a nearly 100% bullet and tamper proof. Upon reboot, everything on disk in frozen mode is virtually erased, not a single trace of changes is allowed to remain. Anyone has a physical access to your box CANNOT tamper it by trying to uninstall it. This individual needs password to get to it. And he/she can not find DF's uninstaller anywhere in your box. You need original d/l installation folder and passward to uninstall it. Few drawbacks thou; (1) once DF is installed, your partition app no longer functions, you can not resize your drive (2) some deep hooking security apps such as Cyberhawks, Blinks personal internet security, will render DF unstable.
After having DF's service, I have cut down scanners to just few, and daily cleanup(internet history, disk space recovry) choes has been reduced substantially. I have not tested PowerShadow yet, but from I have read here so far, it is a remarkble app. But until this day, there is one feature still puzzling me, that is its ability of switching from normal mode into shadow mode without rebooting. How? I do'nt know, it's so unique that i joked that PS should have a pending patent by now. Have a nice day.
Right now I am trying DF. It is up and running. So far no problems. I know it has been around a long time and since I can't run PowerShadow I just decided to see how it works. So far the only thing I don't like is it has to be booted Frozen or Thawed. That in itself is no problem. But if you boot thawed you have to re-boot to freeze it. With PS you can go into Shadow mode without boot. Of course you have to re-boot to come out of Shadow mode. Perman, what other programs can conflict with DF? I have a few such as NOD, DefenseWall, BoClean and,SSM,and FD-ISR
I don't know how Powershadow goes into shadow mode without a reboot, either, Perman, but it's nice. When I have PS engaged all day, I don't need ccleaner or anything else at the end of the day.
If I have a whole day free, I download and try things to my heart's content and, next day when I turn on the computer every single trace is gone.
You can imagine a potential security hazard: if something has changed on the system partition while in Frozen state, and you could switch to Thawed on the fly, and then re-freeze on the fly, those changes would become permanent - frozen.
By requiring a reboot to thaw, any changes to the system partition would be discarded. That is the principle of Deep Freeze's Reboot-to-Restore.
Whether the way PS does it avoids this potential problem, I don't know.
With many programs competing for space down in the kernel territory, a good idea is to contact Faronics about any known conflicts with your programs.
Of course, a system backup should be made before evaluating programs such as these, just in case unknown conflicts might occur
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."
Right now, Powershadow requires no reboot to go into shadow mode. It does require a reboot to exit, and everything you haven't saved to another drive or partition is gone.
Powershadow is supposedly working on a newer version that will not require a reboot to exit shadow mode. It isn't here yet, though.
I have a snapshot of my sys,[ FD-ISR ] and I update it about every third day. Plus an archived snap on an external USB enclosure.
Hi, WilliamP: any other apps may have issues w/ DF? I am running ZA pro, Avast home, ComodoBoClean, prevx1, winpatrol plus, BlackIce and McAfee Antispyware Enterprise, having no problems. You may not need defensewall any more, since DF would cover more ground than it. As to FD-ISR, I can not install it after DF. But I did not try to inst FD-ISR first and then DF, therefore I do not know how they work. I like to have both working together, I will try someday. Rebboting is a proper procedure for switching disk status. I would not mind doing it w/ DF. While you are testing DF, just to measure how much time you can save at the end of day by not having to cleanup your internet history/disk space. One other drawback I have forgotten mentioning is: you can not try program requiring reboot after installation(most security apps demand reboot). While in DF's frozen mode, welcome to play games(even needing to d/l 100 MB) for the day, and then reboot , everything is back to normal. The longer you have DF, the more fun side of it you will discover. Enjoy it. It is a safe-hex application after all.
I'm using the same method as DF, but with FDISR and I also have a freeze storage (= archived snapshot).
You only have to be carefull with re-freezing, if your system partition is infected you will re-freeze the infections as well, but I'm sure DF has the same problem.
Hi, Eric: If the system partition is infected during thawed state, the problem will stay after frozen, nothing will change, however, if this infection took place in frozen mode, it will vanish upon rebooting. Therefore, I do my daily routines exclusively in frozen state. I thaw it only when I need to update apps or install new ones, while being protected by whitelist(application control of BlackIce), allowing not a single window of opportunity for malware to sneak/execute upon my box. This tactic works so far so good, although losing some flexibility. Eric, you have very soild defense lineups. If majority of PC users adopts your concept, most(if not all) security apps vendors will go
belly up. Have a nice one.
It isn't inconvient, it is just another method of working.
The classical security software are also very inconvenient, but once you get used to them, you don't consider them as inconvenient anymore. The feeling of inconvencience disappears once it becomes a habit and routine.
At least we enjoy trying new softwares without any trace left, while other users can clean the mess, if they find the mess.
"At least we enjoy trying new softwares without any trace left, while other users can clean the mess, if they find the mess."
And isn't it great, in a weird way, to be able to watch a malware think it's trashing your system and then, poof, reboot and it's gone?
It sure is, but I have one problem : I don't see the difference between good and bad objects, so I can't enjoy watching a malware trying to do its evil job, because I don't recognize it, I might watching a goodware without knowing it.
Maybe I will enjoy this in the following years.
PDM in KIS complains about DF is using a keylogger driver (probably to catch the hotkey for freezing/thawing). Has anyone seen this?
Hi, folks: I know DF uses 2 drivers; DepFrzlo.sys and DepFrzHi.sys and has been confirmed by HiddenFinder. What is the name of keylogger referred by KIS? DF needs HotKeys CTRL +ALT + SHIFT +F6 to open its control window. If this is what KIS's concern, then it is a F.P. What you think ?
It's just complaining as the activity could be risky. Since you know it's okay, just trust it and go forward.
Yet another option is Shadow User. It is like DeepFreeze on steroids -- LOTS of options. One of those options is that you can install and test software in shadow mode EVEN IF INSTALLATION REQUIRES RESTART!
Also, ShadowUser gives you great flexibility as to which disks/files/partitions etc are frozen & which are not. Further, those settings can be easily modified - but only by you, the user. Shazam!
Since you already have FDISR, why not just use it. It also has the Freeze option and ErikAlbert can sure lay out how to set it up.
Thanks Pete. I may do that . I have often wondered about FD freeze.
You posted very good steps for the FREEZE snapshot of FD Erik, in the FD-ISR forums today and i have to really applaud you for those. I was beginning to think it might just be too complicated 4 me but you trimmed away all the fat & fluff so that even i can grasp it now.
Is BlackIce software also a firewall, besides application control ?
If yes, I'm interested, because I have a similar problem with UPDATING my frozen snapshot unprotected while I'm on the internet and that bothers me alot.
A home page link to this product would be nice.
Check FAQ's here
Separate names with a comma.