Deep Freeze problem

Tropicalchris · #1 06-15-04, 02:26 PM

My school computers have these two programs called Deep Freeze and Novell. Most of you should know Novell. Deep Freeze is a program that makes it impossible for you to download things and keepthemon the computer. I am wanting to install games such as Age of Empires and stuff like that on the system, and need help bypassing this Deep Freeze program. And to all of you sarcastic people, NO I DO NOT HAVE THE PASSWORD. Can someone help tell me how to fix this problem.

roy · #2 06-15-04, 02:26 PM

Boot into safemode and uninstall.
or
Find the directory where it's installed and try deleting as many files as possible, maybe that'll screw it up and prevent it from starting.
or
Search the net for programs that can crack the Deep Freeze bullshizz. Try www.astalavista.com.

Good luck

Tropicalchris · #3 06-15-04, 02:26 PM

I already tried to delete all the files in the folder, and only the one person in the school can do that, the computer lady. I will try to boot in in safe mode. Thanks for ur help.

chris watson · #4 02-07-05, 12:57 PM

is it possible ot take the safe mode off the computer? cuz i went into the boot menu and i didnt see it. theres a linux penguin guy tho, but i dont know enuf about linux to start messing around with it. where can you find the deep freeze program to start deleting it?

#5 05-18-05, 05:21 AM

Need to unfreeze Deep Freeze? Go to
http://www.unfreezer.cjb.net/

This guy found a way to do it! It works for XP/NT/9X and doesn't need to boot from floppy or CD.

#6 10-23-05, 01:31 AM

A black-hat computer programmer in Argentina with a grudge against Faronics, Emiliano Scavuzzo, has written a program to thaw Deep Freeze without knowing the password. It works on almost ALL versions of Deep Freeze, including the latest version, v5.60.120.1347, which recently came out (Oct-20-2005) to supposedly be immune to his program—it's not! You can use Deep Unfreezer to test for the vulnerability on your own machines:

Deep Freeze Unfreezer
http://usuarios.arnet.com.ar/fliamar...unfreezer.html

Method 1:

To perform the test you must first acquire DebugPrivileges (removed by Deep Freeze) by escalating to NT_AUTHORITY (the System account) using Task Scheduler from the command line (Start/run, cmd):

1) at 11:23pm /interactive taskmgr.exe (add one or two minutes from the current time)
2) End Task explorer.exe
3) File / New Task (Run...), Enter explorer.exe to launch the explorer shell under the System account which has Debug Privileges
4) Run Deep Unfreezer from the System account.

Method 2:

OR, use ntrights.exe from the Windows Server 2003 Resource Kit, a free download, http://tinyurl.com/6p6cy, to grant yourself the SeDebugPrivilege.
Syntax: ntrights -u Users +r SeDebugPrivilege
If you use ntrights, you must logoff and logon again for the privilege to take effect.

Then run Deep Unfreezer, View Status, click on the Boot Thawed button, Save Status, and restart the machine. If the machine reboots in thawed mode, your version of Deep Freeze is vulnerable, and you should take measures to provide additional security on your machines.

Deep Freeze Evaluation versions are also vulnerable to this attack. Deep Freeze Evaluation versions can be taken off machines by an attacker by forwarding the system date past 60-days which will expire Deep Freeze, causing the computer to restart in thawed mode, allowing Deep Freeze to be uninstalled. If you're using an evaluation version of Deep Freeze, here's how to perform this test:

Method 1:

1) Switch to the System account, as described above
2) Double-click the time in the system tray
3) Forward the date past 60-days
4) Restart in thawed mode
5) Use DeepFreezeSTDEval.exe to uninstall Deep Freeze. Deep Freeze is not uninstalled through Add/Remove Programs. It is uninstalled with the installation file, and ONLY with the installation file. Yes, the same file is used to install and uninstall. If you don't have it, download it here.

It's a free download:

Deep Freeze Evaluation -Trial Version - v5.60.120.1347
http://www.faronics.com/exe/DeepFreezeSTDEval.exe

Method 2:

Or, use ntrights.exe from the Windows Server 2003 Resource Kit to grant yourself the SeSystemtimePrivilege.
Syntax: ntrights -u Users +r SeSystemtimePrivilege
You must logoff and logon again for the new privilege to take effect.

Special Note:

Faronics came out with v5.60.120.1347 on 10-20-2005 as a response to Deep Unfreezer. It proved to be an impotent move. Emiliano's response to the new version? "rename frzstate2k.exe to anything else. Then attach to DF5Serve.exe instead". Does that work? Yes, it does. Thus, the newest version of Deep Freeze, intended to thwart Deep Unfreezer, continues to be vulnerable.

Deep Freeze protects over four million computers world-wide and over one million Macs (yes, there's a Deep Freeze for Mac). And most of them are vulnerable to this attack (but not the Macs). At this time Faronics does not have a fix, nor an immune version. If you are a network administrator in charge of maintaining a network of machines protected by Deep Freeze, please be advised of this situation and be prepared.

Faronics does not seem to be taking this seriously. They only made a token effort to thwart Deep Unfreezer in their latest version. Until they get serious about things, Deep Freeze is going to be melting away in the eyes of those who have grown to love and trust the program.

One of the main issues is the fact that so many computers these days allow Administrator status. Even a lot of internet cafes use Windows XP Home edition, with the user logged in as Administrator. The developers at Faronics are committed, however, to protecting the machine even from Administrators! The problem with that is, as you know, whatever is taken away from an Administrator, the Administrator can give back to herself. So if, for example, Deep Freeze removes DebugPrivileges, users can simply grant it back to themselves.

Another issue is their commitment to non-restrictive use. Their commitment with Deep Freeze is to protect the machine non-restrictively. That has worked... until now. I think they may be forced at this point to admit Administrator accounts can't be guaranteed protection any longer. Unless they can secure these issues, I don't see any other way.

#7 12-13-05, 06:06 PM

i was able to remove deep Frezze by way of MS-dos but it still seems to work any thing saved gets removed , is there any other files that should be removed other than the ones in the deep frezze files ?

#8 12-16-05, 01:39 PM

Well, Faronics has really flubbed it this time. They had their chance and blew it. For months and months Deep Freeze Enterprise v5.70.220.1372 was in development to put a permanent end to Unfreezer. Instead, it only took a week or so for Emiliano to update his Unfreezer program to kill even this latest version without a password. Evidently there is nothing they can do to stop this method. This is going to hurt their software sales in a big way. As before, the only requirement is to first grant yourself the Debug Programs privilege. A lot of people are stumbling on account of this requirement. They don't understand why Unfreezer doesn't work. It's because they didn't first grant themselves this privilege. Instructions abound, but they don't read them.

SomeGuy · #9 09-23-06, 12:36 AM

Well this is an old thread but I think things have changed. Emilano has all but disappeared and his site has not been updated for ages. I've installed deep freeze 6.00.220.1523 on two of my home machines and I have been able to thaw them using BartPE and editing the registry as instructed by Emilano (link is in above posts). The machine boots thawed and all is good that is until I try to reinstall DF6 with a password I know. It installs but the systray icon doesn't appear. The only way to rethaw is through BartPE and regedit. What I'm trying to do is thaw it. Uninstall it and reinstall my own DF workstation exe with my own password. I'm trying to be sneaky and I've been mucking around with this on my home computers.

Questions are: Is there a nice clean unfreezer for version 6? If not since I know how to thaw it the hard way how can I completely return my machine to a pre deepfreeze virgin state?

Grimreaper · #10 09-23-06, 03:49 AM

Another kid and I were almost successfully expelled from high school 3 months from my graduation for using unfreezer to disable deepfreeze. The computer tech had no clue what we did and got pissed off because we made him miss his Braves game so he told the principle we hacked the school network. Is that BS or what? Needless to say our parents appealed it, got a lawyer, fought it, and won.

Although I couldnt get on a school computer ever again there. They substitued my computer class with 4 1/2 hours of PE for the rest of the year.

1. No, I dont believe there is one for version 6 so I think your down to the hard way. Unless one came out in th recent months that I haven't seen.
2. I would think the way to go to pre-deepfreeze state would be to uninstall. If you run the original installer it should give you the option to uninstall deepfreeze.

P.S. Sorry for jacking thread with my story, got a little carried away.

SomeGuy · #11 09-23-06, 12:39 PM

Believe it or not I'm a teacher and I understand what you're saying. Our tech is useless and incompetent and will look for any outside excuse for the bad things that happen to his network. I believe any good tech should know and explore his own security holes in an effort to either patch them up (disable boot menus so kids can't boot from a cd) or to at least be aware of them so he knows what to look for.

I've been playing some more and the uninstaller for the DF workstation doesn't remove DF completely after its thawed. When I try to reinstall the DF workstation (a version with a known password) it gives an error. After playing a little a little more I've found that if I thaw the machine the long way (BartPE) then restart the machine and run the DF seed after a couple of restarts and reinstalling the seed I can see the seeded machine from the DF consonle on another machine. From the df console I can then install DF to the client and all appears normal except for one thing the DF client will not show on his console. Hmm more exploration to come.

BTW notice I'm playing with the school software at home. Don't do this in your school lab and expect to not be noticed. Try to recreate the situation on a home computer and go from there. Then maybe (just maybe) do it to one of the school machines but be sure to button it back up. Its not worth risking expulsion.

Grimreaper · #12 09-23-06, 01:12 PM

I would suggest getting your own copy if possible. When I was trying to learn more about the program I pulled a copy off of Limewire for "educational purposes" lol. You could also get the evaluation version from Faronics but I do believe that is a stripped down and time-limited version.

Good news though. The "Network Tech" was fired after this incident and is now an academic counselor.