Deepfreeze does NOT place any restrictions on a machine, so whatever
you want to do, whether it's downloading mp3's or downloading and
installing ICQ or browser add-ons or WHATEVER, deepfreeze does not
prevent it. What matters much more is how you are logged in: as User,
or Power User, or Administrator. True, you'll have to install/download
your stuff every time you sit down at the computer, but hey! you CAN
do so. That's the beauty of deepfreeze: it places no restrictions on
the machine. Take a look at M$ TechNet:
Default Access Control Settings
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/pr...
The entire white paper is very helpful in understanding the difference
between Users, Power Users, and Administrators. NOT understanding this
issue causes more problems on Windows 2000 than all other problems put
together. Example: you installed winzip and don't understand why the
*uck it won't work. Answer: you were not logged in as administrator
when you installed it.
And, along these lines, you can ask your teacher/computer lab admin to
promote you to Power User. Cuz Power Users have access to HKLM
(HKEY_LOCAL_MACHINE) in the registry, and can manipulate a lot more on
the system (read the paper). For example, let's say there is a nasty
content filtering program such as CyberPatrol preventing you from
accessing 2600 or other web sites. Such a program probably starts
automatically from a key in HKLM under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Simply delete the key and then restart the computer, and the program
will not be running.
So... try to become a Power user. If you explain to your teacher that
being just a User is a real pain in the butt and that you NEED to be
PowerUser in order to do things, he/she MIGHT make you one. You don't
know until you try.
Now, about hacking DeepFreeze. DeepFreeze was developed with sneaky
little hackers like you, intent on *ucking up computers, in the
FOREFRONT of the developer's minds. The developers of DeepFreeze knew
and know how to think like hackers. They were in high-school once,
too!! And, if that were not enough, they also know how to program at a
very low-level (we're talking LOW, LOW level!!) in order to protect
the computer. Do you know how to hack/load/unload kernel-mode device
drivers? NO?! Do you know how to program in assembly REALLY well??
NO?! Do you understand encryption and how it functions in a program?
NO?! Do you know how to best pack your program so that it is strongly
resistant to reverse engineering? NO?? You mean you don't even know
what "pack" means? JEEZ! I don't think you're gonna hack DeepFreeze
then, O Miserable One!!!
On Windows 95/98/Me:
DeepFreeze is a VxD (Virtual Device Driver) located in
c:\windows\system\iosubsys\persifrz.vxd The only hope for most
hackers of "hacking" DeepFreeze is to boot from a boot-disk and delete
this file. All the other filez in c:\progra~1\hypert~1\deepfr~1 are
just other program filez. The most important file to delete is the
actual DeepFreeze driver, persifrz.vxd. It IS true though, that if you
delete the other filez in the DeepFreeze folder FROM A BOOT DISK that
DeepFreeze will no longer load. i'm just giving you the best and
easiest way. Delete persifrz.vxd and DeepFreeze is deader than a
doorknob. AND it's only one file. persifrz.vxd IS DeepFreeze.
Cant' boot to any drive except c:\? And BIOS setup is
password-protected? Oh well, you're not gonna hack DeepFreeze. And
DeepFreeze prevents, BY DESIGN, BIOS password-crackers from working.
On Windows 2000/XP DeepFreeze consists of several important filez:
There are 2 drivers and 1 service (i'll let you figure out the paths):
DepFrzLo.sys (kernel driver)
DepFrzHi.sys (filesystem driver)
dfserv.exe (service)
frzstate.exe (password dialog)
persis00.sys (password file and "on/off switch")
Probably you will need NTFSDOSPRO to boot up and mount an NTFS drive.
And if you're elite, you won't have any problem getting that from
someone or finding it, or carding it from an internet cafe...
If you do card it from a cafe though, don't use a yahoo or hotmail
e-mail address. And make sure you know the CVV on the card. Use
something different like boxfrog.com or rock.com. It's available from
http://www.sysinternals.com and costs $300. True: there is a free
LINUX boot-disk which also mounts NTFS drives, but it's not nearly as
good. One last thing about NTFSDOSPRO. There is no free support AND it
is kinda tricky creating and using the NTFSDOSPRO boot disk. You have
to first boot with a regular boot disk, then put in your NTFSDOSPRO
boot disk to mount the NTFS drive. You'll see what I mean, it's not
very user-friendly and little explanation is given on how to really go
through with the entire operation.
Using NTFSDOSPRO, if you replace persis00.sys with your own
persis00.sys containing your own password, then you can thaw
deepfreeze using your own password. You see, persis00.sys contains the
password and the on/off switch which the driver checks to see if it
should start the computer in thawed mode or frozen mode. This is
preferable to deleting the entire DeepFreeze program on Windows
2000/XP with a boot disk. All pertinent encryption seems to be
contained in this one file. And, a persis00.sys from a totally
different DeepFreeze doesn't seem to matter (as in one from a trial
version). Post here if you discover differently.
Before attempting to delete the drivers on Windows 2000 with a boot
disk though, try it at home first. Because the computer may not start
up. In other words, it may be necessary to delete certain keys in the
registry as well, in order for the computer to not "crash" before it
even starts! Use InCtrl5 to monitor your own installation of
DeepFreeze 2000/XP. Available here:
http://common.ziffdavisinternet.com/download/0/1027/inctrl5.zip
It will tell you each and every file and registry key installed by the
program. There may be serious problems if you don't delete certain
important "pointers" and "references" to the DeepFreeze driver on the
Windows 2000 platform. I don't know. Try it and see. Maybe not.
Now, here are TWO methods of hacking DeepFreeze you probably haven't
thought of:
#1 IF your school/lab is using the trial version of DeepFreeze (and
this is more common than you think: schools are really hurting for
money nowadays!!), and IF you can access BIOS setup, you can forward
the date and DeepFreeze will no longer work (you'll see the blinking
red X flashing on the DeepFreeze system-tray icon.) Then simply
uninstall DeepFreeze. By the way, there are two keys in the registry
under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
which must be deleted in order to be able to re-install a fresh trial
version of DeepFreeze. One starts with Rebar, and i'll let you figure
out the other one. It may be only the Rebar that is necessary to
delete.
#2 Find out which computer your computer lab administrator has the
DeepFreeze Administrator program installed on. At his desk? In his
office? Most of the time now, administrators are taking advantage of
DeepFreeze's OTP (One-Time Password) feature. In order to thaw
DeepFreeze, they go to the computer which needs to be "thawed" and
shift+double-click on the DeepFreeze icon in the system tray, which
brings up the password dialog box (frzstate.exe). They then jot down
the token which appears in the window's title bar. They then go back
to THEIR computer which has the DeepFreeze Administrator program, open
up DFAdmin, and input the token in order to generate a one-time
password. This OTP will then work, one time only, to restart the
computer in thawed mode. After restarting a second time, the computer
is frozen once again, automatically. Now, IF you can get your hands on
a DeepFreeze Administrator program, maybe by purchasing it from
HyperTechnologies... then, all you need to do is copy one file from
your administrator's DFAdmin program, take it home, place it in your
DFAdmin program, and you can generate OTP's for your school's
computers. JUST ONE FILE: dfadmin.exe is necessary to copy and
replace, and it is small enough to save to a floppy or e-mail to
yourself. You see, when DeepFreeze Administrator is first set up, the
administrator chooses a phrase or master password which is used to
make the encryption unique for his/her network. And this encryption is
contained totally in dfadmin.exe You might want to think of a way to
get your administrator to thaw the computer, and then watch which
computer he goes to to obtain the OTP. Are you with me?
#3 IF your administrator is naive enough to be using permanent
passwords for DeepFreeze, then you can use something called KeyKatch.
Go to http://www.keykatch.com This puppy works great. Just be sure to
install it in the keyboard port, NOT the mouse port -- an easy
mistake. Regular software-based keyloggers, etc., won't work because
they will not be there when the computer is restarted. Think about it:
the administrator is never going to enter the password and then NOT
restart the computer! And when he/she restarts the computer, of
course, the keylogger would be gone. UNLESS your school's computers
have two drives, and one is not frozen, and you can configure your
keylogger to save the log file to the unfrozen drive. Of course,
you'll have to re-install the keylogger program to read your log file.
As you can see, except for #1 above, there is no EASY way to hack
DeepFreeze. Cuz whatever you do, you're not really doing, it all goes
away when you restart the computer. I hope this little post helps you
to understand more about how it might be done though, IF a person is
DETERMINED to beat it. Of course, being THAT determined might get you
in serious trouble at your school, too. So, remember that, first and
foremost.
Of course, you might approach your computer science teacher/network
administrator and tell him or her that you know how to hack DeepFreeze
and you would like his/her permission to hack it (he'll KNOW you
can't). Then, once permission is secured, get access somehow to the
computer with DFAdministrator on it and copy dfadmin.exe If you have
permission to hack DeepFreeze, you might even be able to get help from
a janitor or the assistant principle or something in order to get
physical access to the computer. You'll have to have your own copy of
DFAdmin first, and then you'll have to be able to log on to the
computer with DFAdmin on it. If winlogon greets you and you can't log
on, you'll need NTFSDOSPRO to copy dfadmin.exe using a boot disk. The
only other possibility would be to somehow e-mail the administrator a
trojan which would allow you to access his computer remotely and copy
dfadmin.exe. (SubSeven, BackOrifice, etc.) I think that's how the FBI
would do it! he-he...
11 comments:
Securing Your Computers and Protecting Your Children
Computer security encompasses a range of concerns
By: Hilary Naylor
November 13, 2002
Community technology centers (CTCs) and public school computer labs face complex technical issues related to the security of their computer systems. Not only do they need to worry about the outright theft of their computers, but they also need to consider desktop integrity, viruses, Internet filter controls, software piracy, and privacy concerns.
With these concerns, keeping a lab of 25 of 50 computers running smoothly can be a challenge.
Physical Security
All equipment in a computer lab must be secured in order to prevent theft or loss. Large items -- such as TVs, monitors, and CPUs -- can be secured to desks or workstations with cables. Local school districts are a good source for advice on finding a reliable and reasonably priced vendor for this service. (One such company used by schools in the San Francisco Bay Area is D&D Security , 800-453-4195.) Smaller items, such as keyboards and mice, probably cost less to replace than to secure, so it may be best just to make them as difficult to remove as possible. Putting identification codes on all equipment, either by branding or with ID tags and labels, is a good way to discourage theft, and it helps you keep track of your inventory.
Desktop Integrity
Computer lab managers often want to control what users can do and what they can access on their computers. To minimize maintenance time, it is important to keep users from causing problems by changing system settings or accidentally deleting applications or files. Several popular programs can help lab managers implement these controls. But remember that nothing can replace careful supervision and an acceptable use policy. You can find more information on these subjects at Computers in Our Future .
In general, security programs allow the administrator to control all kinds of access, and they do not necessarily require a server. They allow features (changing control panels, desktop patterns, etc.) to be disabled, control what applications users can run and where users can save files.
Fortres
The software costs $570 for 25 licenses (commercial); $325 for 15 licenses (educational).
Fortres works on Windows 95/98/2000/XP (there is no Mac version).
This software requires additional software called Central Station (costs $300) to administer permissions remotely, otherwise the settings on each client workstation have to be changed individually.
Fortres allows the administrator to choose features (control panels, desktop patterns, etc.) to be disabled, control which applications users can run, and where users can save files. It also allows different users to have different levels of access and hides many features when they are disabled.
FoolProof Security
FoolProof desktop security is available as a cross-platform license for Mac OS 9.2.2, Windows 95, 98, ME, and 2000. Development is underway for the Mac OS X and Windows XP platforms.
Useful features include the "quick keys" option to turn off security for about one minute in order to get into a program or open a CD-ROM. Also, having two passwords to get into the program administrative functions is useful. One password allows access to turn the program on and off, while the other is an administrative password that allows more changes in the program settings.
Overall, we recommend FoolProof because of its dual platform capability, good security, and easy-to-configure interface.
FoolProof works on Windows 95/98/2000/XP and Mac OS 6.0.5 - 9.2.2.
It allows for remote administration via Windows NT without additional software.
The software makes a computer look and feel exactly like the regular computer; if a feature is disabled, the user can still see it (the menu or control panel) but cannot make changes.
Microsoft Windows Family Products: Windows NT Server with NT Workstation, and Windows 2000 with Windows 2000 Professional
These systems provide remote management and troubleshooting tools and allow administrators to implement policies and standards for system-wide desktop configurations. This means control over what programs a user can run, as well as what directories, folders, and control panels can be accessed.
Setting up a network like this is complicated and could be expensive. It requires a technically-savvy network administrator (at a much higher skill level than Fortres or Foolproof would require).
DeepFreeze
Deep Freeze allows the lab manager to maintain a large number of workstations that look exactly alike, without having to worry about users changing any settings. Unlike Fortres and FoolProof, which prevent changes to the desktop, DeepFreeze allows changes to be made, but resets the entire desktop on rebooting. It also allows the administrator to choose a "thawed" drive option to create a space where student work can be saved, so it's not lost on restart.
Costs $300 for 25 licenses (educational)
Windows 95/98/2000/XP
Assimilator
Assimilator is the Mac equivalent of DeepFreeze. It simply restores the computer to its initial set-up condition after starting up each day. It is similar in nature to DeepFreeze, except that it gets the image from a server and not from the workstation hard drive. To add something to the workstations, the administrator only needs to add it to the server. It's therefore possible to force a lab to be "assimilated" in the middle of the day if a teacher needs a particular software program right away.
$499 for an unlimited license
Macintosh Manager
For an all-Mac lab, Macintosh Manager allows you to secure Macs by allowing users to run predetermined applications and other system functions in selected types of user environments. Like "At Ease," the predecessor to Macintosh Manager, those environments include panels, a restricted Finder, and full Finder access. It also locks users out of critical system software components, making it much easier to keep systems running a peak performance. Finally, it allows users to save their work on the server, so that a user can go to any workstation on the network, sign in, and get to their work. The client for Macintosh Manager is built into OS 9, while the server is part of the AppleShare IP, which must be purchased separately. This software was previously offered for the Mac OS X Server 1.0-1.2 platform only. Apple then released version 1.3 of Mac Manager, which will run on workstations with Mac OS 7.6.1 or later. The newest client/admin version for AppleShare IP environments is 1.4.1. The current server version (1.2.2) will operate on AppleShare IP 6.x. Macintosh Management Server version 1.2 will operate on Mac OS X Server 1.2. Mac OS X Server v10.2 (10-User Lic.) costs $499.00.
Macintosh Manager 2.x is also available. Mac Manager 2.x supports client workstations from Mac OS 8.1 through Mac OS 9.x. The server piece of Mac Manager 2.x is available only on Mac OS X Servers (v10.x).
Also see the Macintosh Manager training resource page .
Virus protection
All the computers in your lab or CTC need to have up-to-date anti-virus software installed, and each computer should be set to check automatically for virus definition updates without interference to or from the user. A section of your acceptable use policy should address the lab’s rules about downloading e-mail to lab computers, opening (or preferably not opening) attachments, and downloading and installing software. TechSoup has a good resource page on virus protection.
Internet Access
The most common concern about Internet access is about protecting children from pornographic material and pedophiles. Recent legislation has tied the provision of federal funds to the implementation of filtering and protection. These are the COPPA (Children’s Online Privacy Protection Act and CIPA (The Children’s Internet Protection Act) legislation. COPPA applies to the online collection of personal information from children under 13 years of age. The new rules spell out what a Web site operator must include in a privacy policy, when and how to seek verifiable consent from a parent, and what responsibilities an operator has to protect children's privacy and safety online. CIPA (which is facing court challenges over its constitutionality) requires that schools and libraries that are recipients of discounted E-rate services must certify that they are enforcing a policy of Internet safety that includes measures to block material that is deemed obscene, child pornography, or -- with respect to use of computers with Internet access by minors -- harmful to minors. It may be disabled for adults engaged in bona fide research or other lawful purposes.
Although most CTCs don't qualify for E-rate discounts, and thus are not legally subject to this legislation, they may very well want to install filtering software for their after-school programs. There are a number of products available, and each with good and bad points.
Rather than try and analyze each one here, we prefer to recommend some introductory reading on the topic of using and choosing filtering software, the summary report from the Internet Filter Assessment Project (TIFAP). But keep in mind that there could be some unintended consequences of installing filtering software, as users may be blocked from accessing legitimate sites. See Peacefire's report, "Amnesty Intercepted ", on the blocking of Amnesty International sites by CyberSitter, Bess, Cyber Patrol and SurfWatch.
More important than filtering software (which at its best works only moderately well), is a written acceptable use policy. Users at a publicly accessible CTC must agree to abide by the rules of such a policy before they are permitted to use the center. There are many examples posted on the Web, such as this one from Holmen School District, WI.: School Board Policy - Acceptable Use Policy for Staff and Students Using Techonology Resources .
There are a number of things to take into consideration when drawing up lab or CTC guidelines; some have to do with protecting your equipment and your resources (such as forbidding food or drink in the computer lab). Other guidelines help to establish appropriate use (such as staying away from sound clips that include profanity).
A few of the things you should consider including in your policy are:
Parental approval for participants under 18
A ban on chat rooms
Limiting use of e-mail
Paying for floppy disks and printing (especially color printing)
Approved Internet topics for users who are under 18 years old.
Banning food and drink in the computer lab
Making teachers responsibile for monitoring where their students go on the Internet
A ban on software from home or downloaded from the Internet
Defining inappropriate sites
Keeping some equipment, like scanners, restricted
Limiting some software to those who have taken a class on it
Sign-in procedures
Supervision of young children accompanying parents
Read an example of a short but effective acceptable use policy for schools, and one for CTCs. TechSoup also has an example of an acceptable use policy for a youth center: Sample Youth Center Acceptable Use Policy
Copyright and Software Piracy
It is important that CTC organizations and schools protect themselves from possible lawsuits by educating their staff, clients, and students about copyright law. While the Internet has opened up exciting possibilities for teachers, students, researchers and potential self-publishers, it has also increased the temptation to "borrow" others' intellectual property. "Intellectual property" includes creative writing, art, photography, graphics, and software programs. People using public access computer labs may be tempted to bring in computer programs from home and install them in your lab without a license. Others may think that it is all right to save programs on disks, take them out of the lab, and install them elsewhere. Both of these activities can constitute theft. The Netizen Web site is good place to learn about copyright and other legal issues.
To combat plagiarism, some schools use a content/linguistics device that scans for potential plagiarism based upon the language used on a site. It plugs into the network and monitors all Internet traffic for plagiarism, substance abuse, porn, games, and other subject matter you select. It does not block content. It takes a screenshots and logs the username, computer, Web site, and time. It can also monitor all TCP traffic so Web-based mail programs, messenger programs, and IRC chats are also logged. Visit Vericept for more information.
Other popular products are Turnitin and EVE2 .
Privacy
Privacy is an aspect of security in the sense that a public-access computer lab should ensure that the users’ Personally Identifiable Information (PII) is protected from other users and from unauthorized access by staff or visitors to the lab. While there is no legal obligation in the U.S. to protect privacy in this way, organizations sharing data with European partners need to be aware of the restrictions. Computer labs may legitimately collect information about the days and hours of lab use and the types of use. Sometimes this information will be combined with PII (which can include the user's name, age, address, and employment), but that information should be separated from the PII as quickly and precisely as possible. All users should be made aware of the organization’s commitment to privacy and be given the choice of whether or not to give private information.
Technology and the Internet is evolving at a rapid rate, and society, both civil and legal, is hard-pressed to keep pace. Responsible managers need to keep their organizations informed of all the technical and legal changes that impact the services they provide.
[b]Put end-user system changes on ice with Deep Freeze[/b]
Takeaway:
Techs who support PCs in an open environment get tired of end users tampering with their Windows settings, installing programs, and deleting Windows system files. Find out how Deep Freeze can undo any user-made changes with a simple system reboot.
--------------------------------------------------------------------------------
End users tinkering with their desktop PCs can be a major headache for the help desk. But now there is a way to make end-user damage disappear by simply rebooting the PC, thanks to a product called Deep Freeze from Faronics Technologies.
How Deep Freeze works
Although Deep Freeze is a desktop lockdown utility, it operates differently than other such products. Instead of actively preventing end-user changes, Deep Freeze runs passively in the background. Users are free to make any changes to the system that they like. They can install programs, delete files, and change Windows settings. When the system is rebooted, though, all of the changes are undone and the system is restored to the state at which Deep Freeze was installed.
How does Deep Freeze accomplish this? According to Vik Khanna, director of sales for Faronics Technologies, once Deep Freeze is installed it "freezes" all the used space on a particular hard drive partition. No permanent changes can then be made to that partition unless Deep Freeze is disabled or uninstalled or Deep Freeze Professional's ThawSpace feature is used. Just how Deep Freeze manages to lock a partition's contents, Khanna wouldn't say—to protect Deep Freeze's patent pending technology. The process does not, however, involve any imaging of the hard drive; in fact, Khanna touts Deep Freeze as an alternative to the repeated imaging that is often performed on open-environment computers, such as those found in school computer labs or corporate training classrooms. It is in these environments that Deep Freeze really shines, and according to Khanna 16 of the 20 largest school systems in the United States currently use Deep Freeze, including New York City public schools, Los Angeles unified schools, and San Francisco unified schools.
But Deep Freeze's power doesn't come without a price. No permanent changes can be made to a partition once it has been frozen—including saving files. If a user saves a file to a "frozen" C: drive, it will be lost once the machine is rebooted—this includes information saved in Outlook PST files and Internet Explorer Favorites. Any programs that automatically save information to the frozen drive will need to be configured so they use an alternative location, such as a network drive or separate hard drive partition. Help desks must also configure their PCs to boot from the hard drive first for Deep Freeze to be totally effective. Otherwise, individuals would be able to boot from a floppy and bypass Deep Freeze.
Standard, Professional, and soon Enterprise Editions available
Two versions of Deep Freeze are presently available; Deep Freeze Standard Edition and Deep Freeze Professional Edition. An Enterprise Edition is in development and a Windows 2000/XP version is scheduled for release in mid-2003 with a Windows 9x/Me version to follow soon after.
Both the Deep Freeze Standard and Professional Editions come in two versions, one for Windows 95/98/Me and one for Windows 2000/XP—sorry no version for Windows NT. Deep Freeze supports IDE and SCSI drives and FAT16, FAT32, and NTFS file formats, and it can be used to freeze any combination of drives and a mixture of file formats on a single PC.
Deep Freeze Standard Edition
Deep Freeze Standard Edition is the basic Deep Freeze product designed for the individual or organization that needs to be able to freeze a computer's hard drive and restore to a default configuration at reboot. For corporate and government users, pricing starts at $24.25 per license. However, the price goes down the more copies that you buy. For example, if you purchase 5,000 or more licenses, the price is $5.66 per license. Standard Edition is also the only Deep Freeze version available as a single-unit purchase at $59.95 including shipping.
Deep Freeze Professional Edition
Deep Freeze Professional Edition works the same way as the Standard Edition but includes many more features. Deep Freeze Professional also includes the Deep Freeze Administrator, which you can use to create custom Deep Freeze installations for various computer configurations.
Deep Freeze Professional Edition allows you to actually schedule system reboots. By doing so, you can ensure that your designated configuration is restored on a daily basis.
Another cool feature found in the Professional Edition is the idle time reboot. The system can be configured to automatically reboot once the system has been idle for a specific amount of time. As a way of preventing continuous reboots during idle time, the idle time reboot mechanism isn’t activated again until user activity resumes.
Occasionally, you may want your users to be able to make certain changes to the system. For example, if a user saved a document to the local hard drive, you may not want the document erased after the next reboot. This is where the ThawSpace mechanism comes in. The ThawSpace feature allows you to designate anywhere from 16 MB to 2 GB of space as exempt from Deep Freeze. Anything saved or modified within this space will never be touched by Deep Freeze. But this feature has a serious drawback. The space reserved as ThawSpace is a virtual hard drive partition controlled by Deep Freeze. If Deep Freeze is ever uninstalled from the computer, all data stored on this partition will be lost. If you want your users to store information locally it is best to create a separate hard drive partition that you leave unfrozen. Information stored on this partition would not be affected were Deep Freeze to be uninstalled.
You can also designated a ThawTime during which can update your Deep Freeze-protected computers. For example, you could tell Deep Freeze to keep any changes made between midnight and 4:00 A.M. If you are worried about users tampering with the machine during the ThawTime, you can configure Deep Freeze to lock the PC's keyboard, and you can push the updates to the workstations remotely.
The Professional Edition simplifies the installation process as well. You can perform a hands-off installation over a network, simultaneously rolling out Deep Freeze to multiple workstations. The installation process takes anywhere from two to four seconds per PC. There are also some cool new installation options. For example, you can install in stealth mode, which installs Deep Freeze without placing the system tray icon onto the PC. You can also do custom installations that exclude any Deep Freeze features that you don’t want to use.
If you tend to have a lot of computers in your organization, you’ll be happy to know that Deep Freeze can be completely operated from a command prompt. This means that any Deep Freeze commands can be run automatically by scripts that you develop.
Deep Freeze Professional Edition is slightly more expensive than the Standard Edition. Pricing starts at $31.20 per license but drops as low as $7.00 for those who purchase 5,000 or more licenses.
Not for everyone, but perfect for some
Overall, Deep Freeze performed exactly as described and I experienced no problems. Yet Deep Freeze is still not for everyone. I would be cautious about using Deep Freeze across the board in a normal corporate environment. If your PCs aren't configured properly and your end users aren't educated on Deep Freeze's abilities, the potential problems could be serious. (I can hear the irate user now, "But I saved the yearly report to my C: drive. Now it's not there and I need this for the all-company meeting tomorrow.")
I would, however, recommend this product to those who support PCs in an open environment such as public kiosks, Internet cafes, corporate training rooms, or school computer labs. Deep Freeze can reduce the amount of time your help desk spends managing the PCs in these settings.
Anti Freeze
@ECHO OFF
IF EXIST C:\persifrz.vxd GOTO DISABLE
IF EXIST C:\persifrz.vzd GOTO ENABLE
:DISABLE
REN C:\persifrz.vxd persifrz.vzd
GOTO END
:ENABLE
REN C:\persifrz.vzd persifrz.vxd
:END
CLS
EXIT
put it in and boot to disable. then when you want it back on, just put the disk back in and boot.
There are 2 drivers and 1 service (i'll let you figure out the paths):
DepFrzLo.sys (kernel driver)
DepFrzHi.sys (filesystem driver)
dfserv.exe (service)
frzstate.exe (password dialog)
persis00.sys (password file and "on/off switch")
A black-hat computer programmer in Argentina with a grudge against Faronics, Emiliano Scavuzzo, has written a program to thaw Deep Freeze without knowing the password. It works on almost ALL versions of Deep Freeze, including the latest version, v5.60.120.1347, which recently came out (Oct-20-2005) to supposedly be immune to his program—it's not! You can use Deep Unfreezer to test for the vulnerability on your own machines:
Deep Freeze Unfreezer
http://usuarios.arnet.com.ar/fliamarconato/pages/edeepunfreezer.html
Method 1:
To perform the test you must first acquire DebugPrivileges (removed by Deep Freeze) by escalating to NT_AUTHORITY (the System account) using Task Scheduler from the command line (Start/run, cmd):
1) at 11:23pm /interactive taskmgr.exe (add one or two minutes from the current time)
2) End Task explorer.exe
3) File / New Task (Run...), Enter explorer.exe to launch the explorer shell under the System account which has Debug Privileges
4) Run Deep Unfreezer from the System account.
Method 2:
OR, use ntrights.exe from the Windows Server 2003 Resource Kit, a free download, http://tinyurl.com/6p6cy, to grant yourself the SeDebugPrivilege.
Syntax: ntrights -u Users +r SeDebugPrivilege
If you use ntrights, you must logoff and logon again for the privilege to take effect.
Then run Deep Unfreezer, View Status, click on the Boot Thawed button, Save Status, and restart the machine. If the machine reboots in thawed mode, your version of Deep Freeze is vulnerable, and you should take measures to provide additional security on your machines.
Deep Freeze Evaluation versions are also vulnerable to this attack. Deep Freeze Evaluation versions can be taken off machines by an attacker by forwarding the system date past 60-days which will expire Deep Freeze, causing the computer to restart in thawed mode, allowing Deep Freeze to be uninstalled. If you're using an evaluation version of Deep Freeze, here's how to perform this test:
Method 1:
1) Switch to the System account, as described above
2) Double-click the time in the system tray
3) Forward the date past 60-days
4) Restart in thawed mode
5) Use DeepFreezeSTDEval.exe to uninstall Deep Freeze. Deep Freeze is not uninstalled through Add/Remove Programs. It is uninstalled with the installation file, and ONLY with the installation file. Yes, the same file is used to install and uninstall. If you don't have it, download it here.
It's a free download:
Deep Freeze Evaluation -Trial Version - v5.60.120.1347
http://www.faronics.com/exe/DeepFreezeSTDEval.exe
Method 2:
Or, use ntrights.exe from the Windows Server 2003 Resource Kit to grant yourself the SeSystemtimePrivilege.
Syntax: ntrights -u Users +r SeSystemtimePrivilege
You must logoff and logon again for the new privilege to take effect.
Special Note:
Faronics came out with v5.60.120.1347 on 10-20-2005 as a response to Deep Unfreezer. It proved to be an impotent move. Emiliano's response to the new version? "rename frzstate2k.exe to anything else. Then attach to DF5Serve.exe instead". Does that work? Yes, it does. Thus, the newest version of Deep Freeze, intended to thwart Deep Unfreezer, continues to be vulnerable.
Deep Freeze protects over four million computers world-wide and over one million Macs (yes, there's a Deep Freeze for Mac). And most of them are vulnerable to this attack (but not the Macs). At this time Faronics does not have a fix, nor an immune version. If you are a network administrator in charge of maintaining a network of machines protected by Deep Freeze, please be advised of this situation and be prepared.
Faronics does not seem to be taking this seriously. They only made a token effort to thwart Deep Unfreezer in their latest version. Until they get serious about things, Deep Freeze is going to be melting away in the eyes of those who have grown to love and trust the program.
One of the main issues is the fact that so many computers these days allow Administrator status. Even a lot of internet cafes use Windows XP Home edition, with the user logged in as Administrator. The developers at Faronics are committed, however, to protecting the machine even from Administrators! The problem with that is, as you know, whatever is taken away from an Administrator, the Administrator can give back to herself. So if, for example, Deep Freeze removes DebugPrivileges, users can simply grant it back to themselves.
Another issue is their commitment to non-restrictive use. Their commitment with Deep Freeze is to protect the machine non-restrictively. That has worked... until now. I think they may be forced at this point to admit Administrator accounts can't be guaranteed protection any longer. Unless they can secure these issues, I don't see any other way.
~~~~~~~~~~~~~
Need to unfreeze Deep Freeze? Go to
http://www.unfreezer.cjb.net/
This guy found a way to do it! It works for XP/NT/9X and doesn't need to boot from floppy or CD.
for certain no recurring to induction the Hot Hot Top-notch Respin feature, providing you 2 respins that could fill up your reels with the gorilla's gold. [url=http://www.onlinecasinotaste.co.uk/]online casino uk[/url] http://www.onlinecasinotaste.co.uk/ Rid cash casino bonus are offered can represent the good regalia of casino games online. http://www.onlinecasinotaste.co.uk/
used fume and scent do attack from anti-smoker cultists who Get hold of a Discontinue or die approach path to tobacco control. [url=http://www.ecigarettez.co.uk]e cigarettes[/url] e cigarettes But if clinical trials are unimaginable, how could the a spot Organisation whose guidelines motive to be followed to the missive. http://www.ecigarettesa.co.uk
Should i afford the monthly bills [url=http://www.tmfea.co.uk/]payday loans uk[/url] payday loans uk Being short-run in nature, payday loans are provided from relatively higher rates of interest http://www.mikespaydayloansuk.co.uk/
If only one endure spills ahead your current record, a specific need to make the effort in opposition to supply them removed awake until finally such moment as getting in negotiations [url=http://www.mummypayday-uk.co.uk/]quick payday loans[/url] http://www.mummypayday-uk.co.uk/ Consequently, these loans do not allow any key to affect your own chances to avail easy money to meet up with their monetary needs http://www.bvnvpaydayloans.co.uk/
This assists dealers learn to do a greater job along with increase customer satisfaction [url=http://www.paydayloansweirdos.co.uk/]http://www.paydayfreakuk.co.uk/[/url] payday loans Don't expect your creditors to be drive overs, however http://www.paydayloansweirdos.co.uk/
In 2006 chairwoman Pubic hair has managed to purloin a law surpass Sexual congress that is called the UIGEA Unconventional net gambling Enforcement Act which was hidden in has been activated. [url=http://ukpaydayloans.blog.co.uk/]http://ukpaydayloans.blog.co.uk/[/url] http://ukpaydayloans.blog.co.uk/ That means you get to toy 40, 50, 60 or even 100 paylines simply one one-armed bandit. http://ukpaydayloans.blog.co.uk/
Post a Comment