Deep Freeze!

Discussion in 'sandboxing & virtualization' started by Vantzos Kostas, May 23, 2006.

Thread Status:
Not open for further replies.
  1. Vantzos Kostas

    Vantzos Kostas Registered Member

    Joined:
    Mar 20, 2006
    Posts:
    36
    Hi guys! Can anyone tell me if I can combine Deep Freeze with nod32 , ewido 3.5 , appdefend beta , processguard , counterspy , winpatrolplus , outpost firewall ad adware SE?
    Best regards!:p
     
  2. divedog

    divedog Registered Member

    Joined:
    Jun 7, 2004
    Posts:
    265
    Location:
    Seabeck WA
    I use it with NOD and Ewido not sure about the rest. Tech support did say not to use it on NFORCE 4 motherboards but that was several months ago, they did say they were working on a fix. I found it to be a rock solid program.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Have used it with PG, no problem.
    I am not expert but I think it will not conflict with any of these software as it is a from totally different category. Usually u get conflicts when two softwares have overlap.
    So it should conflict if u use it with ShadowUser, ShadowSurfer, BufferZone etc as there will be overlap-- just my opinion.
     
  4. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Can't speak of the other apps but some of my clients successfully use NOD32, Ad-Aware SE and Deep Freeze.

    Obviously using Deep Freeze no updates will stick until you reboot in 'Thawed' mode and then update, so until then every every product will be out of date at reboot, re-downloading it's updates again etc.

    HTH

    Cheers :)
     
  5. Vantzos Kostas

    Vantzos Kostas Registered Member

    Joined:
    Mar 20, 2006
    Posts:
    36
    Thank you guys , I'll try it!
    We all deserve the right for secure internet surfing!
    Best regards!
     
  6. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    One word of caution:

    Deepfreeze is an excellent program that is a great ADDITION to a security setup. Don't rely on it for the only protection, especially on public pcs. It is easily bypassed by a program made by a black hat from brazil. Very scary, I tried it on my pc, and sure enough, when I told it to boot into thawed mode, it did :doubt: . I also tried it on a school comp(with permission from an IT guy), and it worked there (I have NO clue what the password is).

    It is a great supplement though, don't take me wrong.

    Alphalutra1
     
  7. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    alpha what's the name of the program? and do the creators of deep freeze know about it?
     
  8. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    The name of the program is "Deep Freeze Unfreezer", it's been made by Emiliano Scavuzzo, Faronics knows about it and they are completely unable to fix Deep Freeze against it (or they just don't care); they claimed they "fixed" the vulnerability for a few versions, then Scavuzzo cracked the new versions with ease as well. They apparently tried legal ways against Scavuzzo for reverse engineering their software, which is ridiculous for a product that claims to be protection/security product. In my opinion, all this certainly doesn't reflect well on Faronics.
     
    Last edited: May 24, 2006
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    But isn,t it that all this type of software can be hacked if somebody is expert enough? We should see how dangerous it can be in practical life( personally i don,t know exactly).
    So same can be done with BufferZone( as was done in past).
    Someone tomorrow can claim about ShadowUser the same thing.
    Recently I read here a virus was able to bypass DefenceWall and Sandboxie.
    I will say no software can be 100 percent especially when it is available in the market and hackers have enough time to break it.
    Am I true?
     
  10. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    The problem with deepunfreezer is that faronics has tried to patch there software with a "workaround" which was broken fairly easily by Emiliano Scavuzzo. However, for marketing reasons, they tend to imply that there product is impentrable(which it isn't), and / or that their anti-executable should be used to prevent deepunfreezer from starting. This is horrible, because they fail to address the problem in deepfreeze, and tend to resort to other programs to help themselves out. I at least want my products to have all of the security problems fixed in their OWN code.

    :ninja: ~snip~:ninja:

    :doubt:
    Alphalutra1
     
    Last edited: May 25, 2006
  11. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    alpha
    alpha this is terrifying! :( is deep freeze unfreezer a virus/trojan? i was thinking an antivirus program would stop it, if not............

    aigle
    yup "crazy4stef" pointed it out, it's called killdisk. but the creator of defensewall is aware of it and is updating his software as we speak. he told me v1.56 of defensewall will be able to defend against it and other like virii. i contacted the makers of bufferzone, but they haven't gotten back to me yet (this was like 3 or 4 days ago). and we know from experimenting that geswall stopped it cold in it's tracks. can anyone contact the maker of sandboxie and alert him to the threat?
     
  12. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    No, it doesn't do anything malicious in the true sense of the word. It just makes it possible to disable Deep Freeze without knowing the password (this can be malicious for some uses, but bening for others, ie if somebody forgot or lost the password, or if something went wrong during the install process - I've seen this happening).

    Note that it works only with an "administrator" account. It should not be considered a virus, nor it makes any sense to include it in a virus/trojan database anyway: if you can use it, you have already complete access to the machine, and you can disable the AV.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ya it is not virus but it means any malware can do the same job if designed for that.
     
    Last edited: May 25, 2006
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    DeepFreeze in combination with Anti-Executable is even stronger, but you need a CLEAN system, before you install Anti-Executable otherwise the whitelist of executable objects, created by Anti-Executable during install, will be worthless.
     
  15. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Yes, that's exactly the problem, and that's exactly why it's unacceptable that Faronics doesn't fix Deep Freeze.

    However, note that you still need to reboot as this Unfreezer 'tool' can't disable Deep Freeze on the fly, it can just disable it the normal way: the system must be rebooted first to enter the 'thawed' state; so every malware that gained access will be still gone after the first reboot.

    So in theory, a remote attacker must gain access to a system two times in a row: first to disable Deep Freeze, then to load the malware. This makes it unlikely that a system will be cracked unless it has a remotely exploitable service and a permanent connection to the Internet.

    For instance, if your system is compromised through a 'drive-by-download' on a web page, and the malware is able to disable Deep Freeze and reboot the computer as 'thawed', it still will not be able to do anything for two reasons: (a) all the malware will be gone, even though the system is now 'thawed', and (b) the user will notice this immediately and reboot as 'frozen'.

    If a system is cracked and has a vulnerable SSH or VNC server that loads at startup, though, it can be cracked again remotely when rebooted, the second time "permanently" (meaning than all the subsequent reboots will have the system already compromised, no matter if they're 'thawed' or 'frozen').
     
    Last edited: May 25, 2006
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  17. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi folks: I am currently testing the newest version 6.00.020.1523. I am positive that the compatiability issue w/ imaging app has been fixed. But I am still not quite sure whether this so-call "unfreezer" issue from Brazil has been resolved. I am a d/l junkie and like to try out new apps, therefore inst/uninst cycle has become my daily routine. In the past FD/ISR has come to my rescue mumerous times until few days ago; something so bad enough that I have no other choice but reinstalling FD/ISR. With deepfreeze, I found that I can virtually do anything within Freeze stage and upon reboot, everything I have done IS forgiven, and no questions to ask. Is it that wonderfull? I tried shadowuser before, but the compatiablity issue with imaging app has kept me away, I do hope it has been fixed.
     
  18. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Unfreezer has not been updated since Deep Freeze version 5.70.220.1378.

    As has been pointed out by others, a perpetrator must have access to the computer in order to bypass Deep Freeze, so this makes it very unlikely that a home system will be compromised, assuming the user has ways of preventing unauthorized access to the system.

    As for possible remote code execution of Unfreezer, software restriction policies or white list programs will prevent any unauthorized executable from running. Certainly all security-minded users have drive-by download protection of some type in place, so this should be a moot point for home users.

    The most vulnerable computers are those in public places, such as cafes, libraries, kiosks, where the owners/administrators are less likely to know about Unfreezer.

    The program has been very popular in Latin America, where kiddies brag that they have compromised computers with Deep Freeze in their colegios (schools).

    System Administrators in several educational institutions I’m familiar with in my state have been aware of this program since its debut and have had measures in place to prevent it from running.

    However, it is a moot point now, since these institutions have upgraded to the latest version of Deep Freeze.


    -rich
     
  19. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Nice to hear this good news. For now, I can surf with 100%(almost?) confidence that my PC is as safe as fortress. I highly recommend DEEP FREEZE (standard version for home user or average joe).
     
  20. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Deep Freeze used to have a problem with NForce chipsets. I don't know if they have fixed it yet or not. Just make sure, if you have a Nvidia chipset, you download the trial first.

    SourMilk out
     
  21. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    Hello all, I to have bought deep freeze and run nvidia products with it. I have had no problems with it at all, this program is awesome. I just wish I had something to complain about, but i don't.
     
  22. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Hello everyone,

    I was searching for information about Deep Freeze and found this thread. Good info.

    All of who has used this program, can you offer likes/dislikes about the program?

    I was going to install the trial, but then I came across some information I don't quite undrestand what they are talking about. Starting with the 5th post here, if any of you can explain this so I understand I would appreciate it.
    http://www.macworld.com/forums/ubbthreads/showflat.php?Cat=&Board=newsthread&Number=400887&page=0&view=collapsed


    Thanks,
     
  23. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Please disregard that post. There is no "default" password. He doesn't detail his installation procedure, but if he forgot his password, he can contact Faronics. See:

    http://www.faronics.com/faq/faqdfmac.asp

    I wouldn't hesitate. To be completely at ease,you can email Faronics Support and reference the post you mentioned, for their comment.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
    Last edited: Oct 16, 2006
  24. sdam

    sdam Registered Member

    Joined:
    Feb 7, 2007
    Posts:
    1
    ygfuiytuj
     
Thread Status:
Not open for further replies.