How Secure is Deep Freeze?
My school is running Deep Freeze Enterprise 6.6/6.5. It is either the latest or fairly close to the latest version, I do not remember exactly which one.
I'm asking this out of curiosity as someone with a strong interest in security, and also because I don't want to have blind faith in this program if it's easily bypassed; not because I want or need to mess with our computers – I work at the school as help desk.
I've browsed a bit and all of the threads/articles here on HBH are either inconclusive or outdated. Also, the "Unfreezer" program I read about seems to have stopped development back in 2005/6 and with Deep Freeze version 5.5.
Furthermore, I saw one post that said Deep Freeze could be eliminated merely by using a live CD to remove DF's files. As I do not know how the program itself really works, is this correct? It would make sense to me. If so, the solution was to prevent booting to anything other than the C: drive. I don't believe there's any way to do this other than setting it in the BIOS, and pass-locking it (please inform me if there is) and of course removing all physical options for bootable media. But that's no good of course, since the BIOS password can be cleared via jumper or battery, and removing bootable media is impractical.
So, does anyone know if this a solid program that can be relied upon?
fashizzlepop wrote: Some parts of my school use this program. Luckily most are in a Linux area lab so it would be rather easy to "thaw" the computer. But my teacher would notice I'm sure.
How would having linux installed make it any easier to thaw the computer? As long as the BIOS is set up right, and the admins weren't idiots, you wouldn't be able to mount the windows drive or boot any other medium.
I've always thought Deep Freeze to be a brilliant program. One thing I'm surprised hasn't been mentioned yet is how it solves many of the problems with viruses, malware, and rootkits (as they wouldn't be persistent through boots). Yes, the attacking software could still do damage or steal information while the machine was still running, however DeepFreeze still provides a huge advantage compared to having to run malware checks on all the computers in the lab.
It is possible to bypass DF. You have to boot into a removable medium and do some registry edits to remove the references to DeepFreeze, making it bypass starting DeepFreeze on boot, and you end up with a normal system.
As for giving mass control over the computers, that's something also implemented very easily in linux.
Sorry, I wasn't clear. The lab machines have windows installed but they are set up so they can be booted into Linux via cd or USB. They are even set up so cd and USB booting has higher priority to harddive boot.
And yes, the whole virus protection is very good. Except when trusted programs show up as infected and you have o clear it with the av program evey boot. Lol.
Ah, I was thinking it was like my school. We have a linux network boot and a harddrive windows install with deepfreeze on most machines. BIOS is then locked down and the computers have locks on them. The up side to having half decent network tech's is it becomes a lot more fun to snoop around the school network, though. ;)
You could use an external floppy drive with an NTFS reading/writing o.s. (I envy the cheap prices at which hardware is available in U.S./U.K.)
Since most BIOS prefer Floppy before all others,this should work.then,Use:
http://www.governmentsecurity.org/forum/index.php?showtopic=123
Or,if you want something else:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,658.msg1826/#msg1826
Both should work with all versions of DeepFreeze(as far as I know).
Also,I don't believe in Restricting access or preventing the user from doing ANYTHING… The policy used by my school for test tubes,I believe,is the best. Allot each student one,Do whatever the heck you want with it.
(Except in lab periods,when you could kill someone by doing something wrong)
If the test tube breaks,ask the fellow to pay for the damages(Use a logging software to see if he actually destroyed it or not)
Or,make REALLY cheap laptops with little RAM,Only USB,etc,and give each student one(for school/home use).:)
This was just updated for 6.6 http://hotfile.com/dl/46156474/746165d/ADF_0.3.rar.html. Enjoy!