Saturday, May 9, 2009

Deep Freeze



Deep Freeze, by Faronics, is an application suite for Linux, Mac OS X, and Microsoft Windows. Deep Freeze gives administrators the ability to protect the core operating system files and configuration files of an environment without eliminating the usability for (most) end users.

Advantages

Deep Freeze protects the computer by utilizing a separate partition on the hard disk drive for write back. When the computer is rebooted, this partition is treated empty again and existing information on it is unaccessible. This allows users to make 'virtual' changes to the system, giving them the appearance that they can modify core files or even delete them, and even make the system unusable to themselves, but upon reboot the 'frozen' state of the operating system is restored.
To make changes, a system administrator must 'thaw' the system partition, make any needed changes, and 'freeze' it again. These changes are saved to the protected partition instead of the 'thawed' write back partition.

Disadvantages

While Deep Freeze will allow users to have the comfort of virtually modifying the system as they like, it does not control the programming of individual applications that are installed. If, for example, a user account under Windows is a 'limited' account, regardless if the users can actually affect some files or not, some application installers will assume the user can not and inform them they must be an administrator. In some applications, this can be bypassed by working in 'Windows 98 Compatibility mode', which has no such user restrictions that programs typically mind, but many application installers still find trouble with this.
Deep Freeze only protects the operating system in a 'fresh booted' state. The protections the software offers can often be bypassed, for example, by installing a malicious, system wide application, especially if other users find this application popular and accept that it being installed when they log in means it is authentic. One user could install a modified version of a popular web browser that's been designed to save passwords to a server on the internet, then log out, then other users who log in would see that browser and may use it out of preference. To use the computer more safely, the user would have to restart the computer first.
Deep Freeze also can not protect against direct access to a disk drive when the hosting operating system is not in control of the system. That is, if another operating system can be boot from another hard disk, a USB device, or optical media, they will have real access to the contents of the frozen and thawed partitions. This may be protected against by setting the first hard disk as the only bootable hard disk and password protecting the BIOS configuration, but if physical access to the computer is available, this can be bypassed with a BIOS reset or rearranging the hard drive installation.

No comments:

Post a Comment