Deep Freeze (software)
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
Deep Freeze, by Faronics, is a reboot to restore software application available for the Microsoft Windows, and macOS operating systems which allows system administrators to protect the core operating system and configuration files on a workstation or server by restoring a computer back to the saved configuration, each time the computer is restarted.
|Operating system||Windows, Windows Server, macOS|
Deep Freeze can also protect a computer from harmful malware, since it automatically deletes (or rather, no longer "sees") downloaded files when the computer is restarted. The advantage of using Deep Freeze is that it uses very few system resources, and thus does not slow down computer performance greatly. The disadvantage is that it does not provide real-time protection, therefore an infected computer would have to be restarted in order to remove malware.
Limitations and securityEdit
Deep Freeze only protects workstations in a "fresh-booted" state. That is, Deep Freeze prevents permanent tampering with protected hard drives/partitions across reboots, but user activity between restarts is not limited by the program. For example, Deep Freeze does not prevent application installation; a user can install a modified version of a Web browser (but seemingly harmless to the unknowing user) designed to secretly send users' passwords to a server connected to the Internet. As a workaround, Deep Freeze can be configured to restart after user logout, shutdown after a chosen period of inactivity, or restart/shutdown at a scheduled time in an attempt to ensure that no such installations are retained (as rebooting the system returns the system to its original, unmodified state).
Deep Freeze cannot protect the operating system and hard drive upon which it is installed if the computer is booted from another medium (such as another bootable partition or internal hard drive, an external hard drive, a USB device, optical media, or network server). In such cases, a user would have real access to the contents of the (supposedly) frozen system. This scenario may be prevented by configuring the CMOS (nonvolatile BIOS memory) on the workstation to boot only to the hard drive to be protected, then password-protecting the CMOS. A further precaution would be to lock the PC case shut with a physical lock or tiedown cable system to prevent access to motherboard jumpers. Failure to take such precautions can compromise the protection provided by the software.