Hacker News new | ask | show | jobs
by ZenoArrow 3511 days ago
Maybe I'm being dumb, but couldn't you just lock down the level of user access on the machine?

As another option, assuming you can use Linux, could go down the route of using Tails or another live distro:

https://tails.boum.org/
1 comments
protomyth 3511 days ago
Your not being dumb, but....

Locking down the machines is fine if you don't get any privilege exploits that take over the machine. Plus, this puts the machine in a known, good state every time we reboot or have a new user.

Cannot use Linux (I would use PC-BSD given our BSD infrastructure).

link
gruez 3511 days ago
>Locking down the machines is fine if you don't get any privilege exploits that take over the machine

but in that case deepfreeze isn't going to save you either.

privilege exploits = SYSTEM access = kernel mode access = ability to bypass deep freeze (by circumventing their IO driver)

link
protomyth 3511 days ago
So far it has been one layer too far. plus I don't have to worry about any saves to the HD.
link