iFocus.Life News News - Breaking News & Top Stories - Latest World, US & Local News,Get the latest news, exclusives, sport, celebrities, showbiz, politics, business and lifestyle from The iFocus.Life,

Debugging Issues With DeepFreeze

Technology computers-hardware
By Technology
104 20

    Tricking the Computer Time State

    • By design, Deep Freeze locks down malicious access to your computer from users and software by disabling the "Debug Programs" privilege, used to access computer program code. Using Deep Unfreezer, you can bypass this security measure by tricking the computer and Deep Freeze software, into thinking it is in a different tie state. This works because Task Scheduler, used by the computers to organize program events, is circumvented so that Deep Freeze doesn't know when or how to safeguard the system.

    Windows Server 2003 Resource Kit Debugging Exploit

    • Using the Windows Server 2003 Resource Kit, which contains an executable file called "ntrights.exe," users can gain access to a right called "SeDebugPrivelege." The privilege only takes effect if the user is the sole user logged into the computer and is evoked with the command line syntax: privilege ntrights -u Users +r SeDebugPrivilege.

      Once set up, Deep Unfreezer must be executed and the "Boot Thawed Button" selected. If the computer restarts in thawed mode -- Deep Freeze deactivated -- the program is vulnerable to this exploit.

    Deep Freeze Evaluation Exploit

    • Before fully committing to Deep Freeze, Faronics allows new systems and networks a 60-day trial to evaluate the benefits of the security platform. During this 60-day trial, the computer is supposedly locked down, however, DeepUnfreezer is used to switch to the system account allowing the user to access the access the computer time and clock. Deep Freeze uses the system time to determine the amount of days left in the evaluation. If the date is changed past the 60-day point, then the trial expires, leaving the computer in a thawed state.

    Debugging Issues and Virus Threats

    • The value of Deep Freeze is keeping the computer safe from tampering on both the configuration level as well as the coding level. The vulnerabilities surfaced by Deep Unfreezer indicate that both are potentially not secure. It is unlikely that common computer users will exploit the vulnerability, but computer viruses, Trojans or worms are capable of automating the tasks necessary to bypass Deep Freeze securities. This underscores the need to have anti-virus programs installed on computers that also use Deep Freeze.

Technology14 posts0 comments

Technology

Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time
You might also like on "Technology"

Leave A Reply

Your email address will not be published.