Deep Freeze (software)

Deep Freeze, by Faronics, is an application available for the Microsoft Windows, Mac OS X, and SUSE Linux operating systems which allows system administrators to protect the core operating system and configuration files on a workstation or server by restoring a computer back to its original configuration each time the computer restarts.

Operation
Deep Freeze is a kernel-level driver that protects hard drive integrity by redirecting information being written to the hard drive or partition, leaving the original data intact. This redirected information is no longer referenced once the computer is restarted, thus restoring the system to its original state at the disk sector level. This allows users to make 'virtual' changes to the system, giving them the appearance that they can modify core files or even delete them, and even make the system unusable to themselves, but upon reboot the originally configured 'frozen' state of the operating system is restored.

To make changes, a system administrator must 'thaw' the protected partition by disabling Deep Freeze, make any needed changes, and then 'freeze' it again by re-enabling Deep Freeze. These changes become part of the protected partition and will be maintained after restarts. 'Freezing' and 'thawing' can be done at the workstation level or remotely via either the Faronics Core management platform or the Deep Freeze Enterprise Console. Users of the Enterprise version can also create virtual partitions called ThawSpaces (of up to 1 TB on an NTFS-formatted drive) to retain data on "frozen" hard drives after restarts.

Deep Freeze can also protect a computer from harmful malware, since it automatically deletes (or rather, no longer "sees") downloaded files when the computer is restarted. The advantage of using an application such as Deep Freeze antivirus / antimalware is that it uses very few system resources, and thus does not slow computer performance greatly. The disadvantage is that it does not provide real-time protection, therefore an infected computer would have to be restarted in order to remove malware.

Limitations and security
Deep Freeze only protects workstations in a "fresh-booted" state. That is, Deep Freeze prevents permanent tampering with protected hard drives/partitions across reboots, but user activity between restarts is not limited by the program. For example, Deep Freeze does not prevent application installation; a user can install a modified version of a Web browser (but seemingly harmless to the unknowing user) designed to secretly send users' passwords to a server connected to the Internet. As a workaround, Deep Freeze can be configured to restart after user logout, shutdown after a chosen period of inactivity, or restart/shutdown at a scheduled time in an attempt to ensure that no such installations are retained (as rebooting the system returns the system to its original, unmodified state).

Deep Freeze cannot protect the operating system and hard drive upon which it is installed if the computer is booted from another medium (such as another bootable partition or internal hard drive, an external hard drive, a USB device, optical media, or network server). In such cases, a user would have real access to the contents of the (supposedly) frozen system. On a Windows-based computer, this scenario may be prevented by configuring the CMOS (nonvolatile BIOS memory) on the workstation to boot only to the hard drive to be protected, then password protecting the CMOS. This is a normal precaution for most public access computers. A further precaution would be to lock the PC case shut with a physical lock or tiedown cable system to prevent access to motherboard jumpers.

Deep Freeze can protect hard drive partitions of larger than 2 TB capacity (using NTFS).

Competitors
Faronics's Deep Freeze's main competitors are Fortress Grand's Clean Slate, Horizon DataSys's Drive Vaccine, Centurion Technologies' SmartShield and Microsoft Windows SteadyState (discontinued). In addition, there are sandboxing and virtualization products which provide similar computer restore functionality. These would include:


 * FarStone RestoreIT - Restore PC from Hidden Partition with 24/7 Ongoing Continuous Protection
 * Horizon DataSys' RollBack Rx
 * fsprotect (for Ubuntu, Debian based systems)
 * HDGUARD
 * Returnil Virtual System (Returnil)
 * Sandboxie (Ronen Tzur)
 * Shadow Defender (ShadowDefender.Net)
 * System Revert
 * Horizon DataSys' Reboot Restore Rx