Your Thoughts on DeepFreeze?

Discussion in 'sandboxing & virtualization' started by eniqmah, May 28, 2007.

Thread Status:
Not open for further replies.
  1. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    Hi,
    Trying out deepfreeze.
    So far, it seems impressive. Really impressive.
    Please give your inputs on problems I might encounter while using this program. The pros and cons of using this program?
    Thanks
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Standard, Enterprise?
    We have machines at work with Deep Freeze Enterprise and Anti-Executable which means I get both also at home on a desktop. Make use of Faronics! they have some good walkthroughs - also have you seen this tool.
     
  3. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    Hi,
    Im using the standard.
    I really like it. I don't really think I'll need anti executables. As for the mapping tool, I am only beginning to muck around in Faronics software so I haven't gotten around to it yet. I would be interested in a Faronics forum to troubleshoot system maintenance issues while using this software.
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: If I am contacted by friends today about setting up programs for newly formatted pc, in addition to premium firewall, I would ask them to install DeepFreeze standard for their workstations. From there on, they can add just few more to strengthen the defense lineups. Among them, prevx2, AV realtime, few AS scanners and a reliable backup app. DF will take care daily surfing routines, if user utilizes its frozen mode. User's daily cleaning duties can be reduced to min. The only drawback I can think of is lacking the ability to retain a program requiring reboot post-installation while in frozen state. After using DF a while, user will normally feel a bit boring-because no more cleaning, click pop-ups etc. But you may gain more productive cyber time in return. I never regret having DP on board. More people using DP or its alike will harm tranditional signature-based security apps' future growth--this will be the trend for next a while, I bet.
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The days of the simple malware are over. New malware is now more sophisticated, better hidden and harder to remove. Some scanners already detect some malware, but can't remove it or remove it only partial and this will get worse and worse. The bad guys learned alot also during the years and they always find something new.

    The only way to be sure is removing these infections as a change on your harddisk and that's what Deepfreeze does and all the other similar softwares.
     
    Last edited: May 29, 2007
  6. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    If Deep Freeze does what I think it does or perhaps should do why are any other security programs needed ?
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Because infections can install and execute themselves between two reboots. Your clean computer is only back AFTER reboot.
    So you still need security softwares for the period between two reboots.
    Scanners really recognize malware by signatures or heuristics. Deepfreeze doesn't recognize malware, FDISR also.
    Deepfreeze removes malware as a change not by recognition. That's a big difference.
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Please explain how this might happen to me, if I were using using just Deep Freeze + Firewall + Opera.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If a malware succeeds to bypass your Firewall or Opera, it might execute itself BEFORE you reboot.
    You probably assume that this is impossible, but I wouldn't be so sure. :)
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Nothing is impossible, of course, but if I worried about all possibilities, I wouldn't connect to the internet.

    So, please give me a working example of your "if... it might..." that would affect me.

    thanks,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    LOL. You ask this to the wrong person, I can't give you any example. I'm not even a knowledgeable user. I don't even see the difference between a good or bad object.

    I explain why I am telling this. You use Opera, which is considered as the safest browser at this moment.
    Two or three years back Firefox was considered as the safest browser, but it has been attacked since then. This can happen to Opera too and when that happens on your computer, you might get infected and screwed BEFORE you reboot or you might even freeze it.
     
  12. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thank you. That is all I am interested in.

    regards,

    -rich
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If you wait long enough, you might get examples from the bad guys. :D
     
  14. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    A few years back a guy reversed engineered the program (Faronics took google to court over it) and come up with a program to unfreeze Deep Freeze, he gives some comments on the software also. - Emiliano Scavuzzo
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Didn't know about this, but the program Deep Unfreezer v1.6 can still be downloaded from the internet. Manual included LOOOL.
    It changes the Deepfreeze status without needing the password.
     
  16. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yes useful if you had problems with DF. I didn't mention it directly but I new I'd given enough.
     
  17. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: For those who are thinking to unfreeze DF are out of luck. Just because this guy's method DOES NOT work on DF v.6 and up any more. Now you need password and original installation directory to unarm DF.
     
  18. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yes the site pertains this.
     
  19. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    1. I hid the DeepFreeze installation file deep in the WINDOWS directory. I then used a folder protection program to protect that installation file with a password. Then, I installed and Froze the system and put another password on the DFz service. So to uninstall, the user probably has to provide the pw to thaw the system, then provide another pw to run the installation file, IF he can find it. I dunno man, that sounds like too much work to steal my music and pictures.

    2. Regarding ATI:
    I installed DFz, booted into frozen state, and imaged the system. I then restored that image without problem. But when I booted into windows, but after other applications loaded and before DFz service starts, it would crash and go into an endless reboot loop.
    I installed DFz, booted into THAWED state and imaged the system. I restored it without problem and Windows worked excellently.

    3. After installing and freezing the system, my card reader no longer shows up in my computer even though the Diskmanager shows that it is there, all the drivers and registry keys are there. I put in a flash memory card, it does not get recognized. I boot into Thawed state, it still does not get recognized.

    4. I started to hate the fact that my browsing preferences and bookmark changes were completely wiped after rebooting.
    To fix this, I just googled and found how to move the FireFox user profile to my documents drive, which is NOt Frozen.

    5. Following this path, I directed application logs and preferences to my documents drive. This does NOT solve definition updates or application upgrades, those have to be handled separately by rebooting into thawed states and running maintenance.


    I have the system running without Security software except the firewall. I installed a trojan after I booted into the system in a FROZEN state. I opened up PortExplorer and watched the trojan make an outbound connection, sneaking past my firewall. So during the 3 or 4 hours that I was on, if that trojan was calling home, I could have possibly lost some music or picture files :(. You get the point.
    You will STILL need an antivirus and realtime spyware scanner , make no mistake about it. Deepfreeze simply protects me when I try out sharewares and stuff like that. For some one like me who always mucks around with new things on my system, DeepFreeze is simply the life saver. I loved being able to restore my ATI images and get the system back to normal after I screw it up, but honestly, ATI is a pain in the ass, especially when I can buy Deepfreeze for $30.
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Installing a program that requires restart in order to complete installation- You will have to do the install AND the restart in thawed status. Your computer will be vulnerable to malware during that period.

    Installing a program that does NOT require restart- You can try out that program in frozen status. However, if you like it & want to install it permanently, you will have to do so in thawed status, in which case you will be vulnerable to malware during such time.

    Doing work & making other *permanent* changes to your computer (e.g., creating/updating files, updating programs, retaining downloaded information, etc).

    *If you choose to freeze all drives/partitions then you won't be able to make any permanent changes or do any lasting work while in that frozen status.

    **Changes that you make to your computer (new installs, downloads, database updates etc) will remain intact ONLY while you remain in frozen status.

    ***Going to thawed status for any reason will revert all frozen drives to pre-frozen status. Thus, any & all downloads, installs, work performed, etc, that you WANT to retain will be lost unless you configure DeepFreeze to exclude certain drives/partitions so as to avoid that possibility.

    ****If you exit frozen status in order to do lasting work, you are exposed to malware during that thawed time.

    *****Accordingly, I freeze ONLY my system drive (c:\). I always leave my data drives/partitions unfrozen. That procedure enables me to do updates, do *keepable* downloads, & make other permanent changes to my data drives.

    ******Since my data drives are intentionally NOT frozen, it is possible that a malware could become established thereon.

    ~~~~~~~~~~~~~~~~~

    #1- Bear in mind that a malware is conceivably FREE to execute while you are in frozen status. Thus, even while you are in frozen status, malware could be coded so as to do such things as (1) recognize the virtualized status of your computer, & act benign during such times; (2) detect any drives not in frozen status, and mess with them; & (3) send out spam email, etc.

    #2- There will be times when you must take actions while in thawed status, for such reasons as those explained above. Your computer is vulnerable at those times.

    #3- Bottom Line: Virtualization is VERY good protection, but it is most certainly not even close to being "bullet-proof." For greater protection, even during thawed periods, it might be advisable to use one of the good HIPS programs alongside of DeepFreeze.

    For the truly paranoid (like me), it's also a bloody good idea to do disk imaging to an external drive on at least a weekly basis.

    P.S. There is a program similar to DF (it's called "ShadowUser"). AFAIK, that program DOES allow restarts while remaining in shadow status (their version of "frozen status"). I have tested DF. It works as advertised. I have not tested ShadowUser.
     
  21. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    In what way would I be vulnerable? Give me an example. How will malware get in?

    Please give me an example of what could happen at those times.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  22. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Not really.

    Why would I do such a thing?

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
    Last edited: May 30, 2007
  23. EASTER.2010

    EASTER.2010 Guest

    I have DeepFreeze too, but it doesn't hold a candle to FD-ISR in my impressions of it, so it's a program i only use for my test machines and nothing more.

    FD-ISR is Da' BOMB! Stable, packed with useful safe features, and will bail you out COMPLETELY of the most troublsome of times, given you had the mind to off-load some saved archives that you can always recreate again on a fresh install of it.

    FD-ISR :thumb: WINNER! Hands Down!
     
  24. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    Why would you download or execute a trojan? Perhaps because you were surfing unsafe sites? downloading ? I am illustrating a scenario where your computer is vulnerable WHILE you're using DFz without realtime protection.
    :)
     
  25. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    Again, an example of how malware can infect and affect you follows from my illustrated scenario above. In my scenario, I was Frozen, so if I rebooted before the trojan did anything, I would be ok. If I was NOT Frozen, the trojan will be running on the next reboot. Make sense?
     
Loading...
Thread Status:
Not open for further replies.