Hacker News new | ask | show | jobs
by protomyth 3513 days ago
We run Deepfreeze in our library and its cut out all of the problems we were having. Very solid product, but a little spendy. We will probably deploy it a bit more widely when we go to Windows 10.
1 comments
ZenoArrow 3513 days ago
Maybe I'm being dumb, but couldn't you just lock down the level of user access on the machine?

As another option, assuming you can use Linux, could go down the route of using Tails or another live distro:

https://tails.boum.org/

link
protomyth 3513 days ago
Your not being dumb, but....

Locking down the machines is fine if you don't get any privilege exploits that take over the machine. Plus, this puts the machine in a known, good state every time we reboot or have a new user.

Cannot use Linux (I would use PC-BSD given our BSD infrastructure).

link
gruez 3513 days ago
>Locking down the machines is fine if you don't get any privilege exploits that take over the machine

but in that case deepfreeze isn't going to save you either.

privilege exploits = SYSTEM access = kernel mode access = ability to bypass deep freeze (by circumventing their IO driver)

link
protomyth 3513 days ago
So far it has been one layer too far. plus I don't have to worry about any saves to the HD.
link