deepfreeze VS shadow defender

Discussion in 'sandboxing & virtualization' started by demoneye, Dec 30, 2007.

Thread Status:
Not open for further replies.
  1. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Re: deepfreeze VS shadow defnder

    The DeepFreeze manual claims " The Windows Registry, the computer CMOS and the boot sector are protected by Deep Freeze from within Windows." but I can find no reference to BIOS - but this would be password protected anyway so is there a problem ?
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,994
    Location:
    California
    Re: deepfreeze VS shadow defnder

    Hello, Easter,

    I've used Deep Freeze for almost three years and have uninstalled/reinstalled many times without a problem.

    In following up on "mishaps" reported by users, I've found that they fall into two categories,

    1) conflict with a program on user's computer, which DF suppport is more than happy to help resolve

    2) tinkering with DF in DOS, which DF support is not willing to resolve

    This can happen with any program. See 1) above

    Over the years, I've corresponded with Faronics support with many questions, to which they have promptly responded.

    While I've not tested DF in the way others have, I'm going to eventually have a DF page on my website which will include specific information about rootkits, CMOS,. MBR, etc.

    Here are a few thoughts which will later be included with other stuff.

    http://www.urs2.net/rsj/computing/tests/DF/

    ----
    rich
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,777
    Location:
    U.S.A. (South)
    Re: deepfreeze VS shadow defnder

    Thanks Rmus for putting those concerns to bed. LoL

    Looking forward to reading those articles when they're completed too.

    I really couldn't see how far off the mark Faronic's would be seeing how i have their Anti-Executable and although not on the level as their Deep Freeze, i have never had a single problem with it.
     
  5. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    Re: deepfreeze VS shadow defnder

    HI
    just you 2 know....SD=713 kb and DF= 4 mb.... :)

    welp deep freeze make a hiden partition while SD doesnt...

    cheers:D
     
  6. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    Re: deepfreeze VS shadow defnder

    Eh I am a ex DeepFreeze user...

    It happen to me alot of time when I get lockdown totally into an infinitely freeze... no system tray icon to shut it down , even pressing hotkeys does not work. Only solution reformat put back a well freeze image and then uninstall deepfreeze in thaw mode.

    "just you 2 know....SD=713 kb and DF= 4 mb.... :) " LOL look into your C:\ do u see DF files there I remember seeing a 15mb loaded on C:\ and its visble...

    Try deleting that using Linux and probably you get an infinite loop freeze.

    SD= 713kb only do not count its image virtual files.... DF 4mb + 15mb that 15 mb supposed to do what I have no idea. but deleting it will cause a direct lock down.

    After SD apperance my heart went towards it.... instead of DF............

    cheers
    shaun

    Wish All of the people here Happy New Year 2008
     
  7. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    Re: deepfreeze VS shadow defnder


    welp mate i use it for couple of moths.... 0 problame...oww yeha and one other thing...why should i mess arouund dele DF files using linix loooolll:D
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Just retested Deepfreeze to compare with Shadow Defender. It does protect both disks, which is good. Passed Killdisk, and several other virus'. The POC discussed in another thread brought it down.

    But it lacks much of the flexibility of SD. Have to reboot to freeze, no commit, and no exclusions.
     
  9. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    welp like i said before Peter2150 . DP is for pro users,who want to realy secure there pc no kiddie play with it ! SD is for home users more flexibility (which deliver back doors such as robodog whos kiiled eraly ver of SD)

    so SALUT to your daddy (DF) :D

    cheers;)
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    We mixing up in two threads. I agree with that DF is for pro users, but the threat that SD just closed is still open in DF. What I was talking about is the threat being discussed in this thread. Initially SD failed it, but it has been fixed. I just tested DF against it and DF failed. That is a separate issue from features, and should be just as much a concern to pro users. If the machine got infected by a real malware of that type it would be wiped out. No reboot. Disk is trashed.
     
  11. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Since I´m not an user of virtualization software (except Sandboxie), I was just wondering Pete, if one of these viruses infects a file/folder that you have excluded in SD, does that mean that it will infect the hole disk = trashing the disk?

    /C.
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    DF might be the most professional, it's also the most painful ISR-software to work with on a home computer.
    DF always requires a reboot to activate frozen or thawed mode, that is alot of reboots.

    Like all the other similar ISR-softwares, DeepFreeze is not a total ISR-solution
    and that's why DF needs more support of IB-software to cover the situations, it can't handle.

    If I would use SD in practice, I would install Anti-Executable to protect me against robodog.exe and if that doesn't work, ShadowProtect will do the job.
    There will always be a malware that finds a way to destroy any kind of ISR-software, including DF.
    After all you tried only ONE malware, not the existing rest and not the ones in the future.
    In theory no ISR-software is safe and IB will safe you, in case ISR fails and it's up to you to have that image ready, if that ever happens.

    Cheers too :)
     
    Last edited: Jan 1, 2008
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I can't answer for sure, as I suspect it would defend on the folder excluded and the infection. On my test desktop, I usually don't exclude anything as I have it on to protect the whole machine while I work in the vm machine.

    Pete
     
  14. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I have 2 machines with DeepFreeze running in the way that it was originally designed to run - that is on all the time except when making changes. I think far too much is being made of the need to reboot to freeze. One machine is used exclusively for video work and the last thing I would want, having set it up the way I want it, is for something to change. So DeepFreeze is always on. every few weeks I unfreeze and make updates and refreeze. Perhaps the problem here says more about the lives of typical Wilders Users - constantly tinkering and trying out the latest ? I would have thought that for many ( my wife and sons included) Deepfreeze with protection on all the time ( with me as controlling admin) was ideal.

    The fact that xyz caused DF to fail in the past or that abc will cause it to fail next week is of minor importance. A game is played between the bad guys and the good and the only programs that have never failed are those that have only just been developed or those that have little or no market penetration. If a product becomes successful it will be attached and broken.The interesting thing is how the developer reacts
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I never evaluate software, based on my personal or someone else's usage, I prefer the analytical and logical approach.

    The fact remains that DeepFreeze is not a total ISR-solution and that means more support of IB to backup your system partition as a precaution, when something goes wrong during the reboot, while the frozen mode is disabled.
    The fact that users take or don't take that precaution is a personal decision. A smart user doesn't take that risk and does a backup before he tries such a software.

    A backup of a system partition can be short, if the user separated system and data, if he didn't, it can be a very large system partition, dependent on how much data he stored on his system partition.
    It won't be very practical if the backup takes a long time, just to test a software that requires a reboot.

    The total ISR-solution is dead, I hope RollbackRx can do the job, but I never tested RollbackRx myself. The backup/restore of RBRx ITSELF is a very unpractical solution according HDS, but that has nothing to do with this problem :
     
    Last edited: Jan 1, 2008
  16. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    hi all

    welp ErikAlbert i must say that u somehow get it all wrong...there is NO total protection for hardware failure...only if u are using RAID5 MIRROR or simller.

    my point is , OS on drive c:\ after fdisk it to lets says 20 giga and put on it basic data like office (not its files *.doc *xls etc) winrar . some players...etc...

    all other important DATA (like movies ; mp3s) on other drive like d:\

    so ... when C:\ under DF protection ... this is the ULTIMATE solution for runing your box for life (till hd get bad sectores or what ever hardware problem).

    so DF and SD are the BEST isr in the all world , in reboot u got your system up and running

    cheers :thumb:
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    It is indeed the ultimate solution...... FOR YOU, but not for everyone. Your ultimate wouldn't work for me, it it wouldn't be ultimate, but wouldn't even work.
     
  18. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    @ ErikAlbert - The Thread here is deepfreeze vs shadow defender. It would be helpful if we could keep to the thread and not deviate to discuss Rollback and its weaknesses
     
  19. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Erik,

    Neither the "total ISR-solution", nor RollbackRx are the subject of the current thread.

    That said, there are plenty of solutions out there, one's that can be as effective as your currently preferred one in a global sense. Better at some steps, less effective at others, but globally as effective. It's all in the logistical settings and implementation.

    Now let's get back on topic - DF/SD/and the like.

    Blue
     
  20. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    hi again

    Peter2150 what is your GREAT AWESOME solution mate:) ?

    will be happy to compare thrm both :D
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm NOT talking about hardware failure, I'm talking about a corrupted system partition.
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Another solution is : test all your software in a VM machine.
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I don't see any solutions from you, just talk. If you have an army of PC's than it doesn't matter, but I have only ONE machine.
     
  24. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I use Windows Home Server, but I don't infect every thread on the planet with it. It's not appropriate for a single machine setting, but it's a very cost effective solution for a multi-PC home.

    However, WHS is also neither DF or SD, which are the topic of this thread. I use the latter, but not in the context that you seem to try to force fit almost any solution or discussion of solutions.

    Blue
     
  25. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    what are u saying can be protect by DF very good acording to there home site.

    and anoter point... instaling DF doesnt say u give up your antivirus which protect the total system (and yess the partition/mbr) + DF , give you the ultimate protection you desire

    cheers:-*
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.