Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 367
  • Last Modified:

Using Clean Slate software vs. reformatting and restoring good images

What are the disadvantages of using Clean Slate software http://www.fortres.com/products/cleanslate.htm besides using up system resources? FYI I make an image of my vanilla system with XP and essential software and updates only. About every 6-9 months I would reformat and restore the pristine image. I know my method of restoring is adequate but Clean Slate (or similar) software seems to be superior due to it's "set and forget" feature which may save time in reformatting and restoring good images. I wonder why not many system admins or home users are using it.
1 Solution
Rich RumbleSecurity SamuraiCommented:
because ghost or other imaging software is very easy and quick. Typically all one must do is back up the mydoc's folders, perhaps a few others, then pop in a floppy and reimage- then copy a few directories back on. programs like this have been around for some time, DeepFreeze comes to mind... and many are now realizing the potential revenues they can make by using programs like this- even norton has one: GoBack http://www.symantec.com/goback/
Deepfreeze http://www.faronics.com/

Cost and overhead are the main factors. All i need is one ghost license to image hundreds of pc's- as opposed to running more software on the pc to administer. While the claim of lowering TCO seems feasible with these products, it's mainly only true when your using things like spy-ware removers, and doing manual AV scan's of the users pc's.

At our company (not my main employer, but the security company i work for) we find that administrators (clients)  are buying software to install M$ updates on Pc's... we think this is hilarious, when win2k (sp3) and xp pro have the ability to do this themselves. You can even point the autoupdate to a server on your lan that downloads all the updates, so that you don't have hundred's of PC's eating up BW to get these updates from the web. AV is another product that has auto-udating built in, and you can schedule daily scan's as well.

A ghost (reimage) of a pc takes 10-15 minutes start to finish (all user data back on the pc) Which is a pretty small amount of time to take a pc down.
Advantages and Disadvantages abound.  I've used very similar software to these.  The product I use is called Deep Freeze, but the basic idea is exactly the same.

The main advantage is that you know the computer will always work when you reboot it, barring any sort of hardware error.  Users are unable to make any lasting changes to the computer.  It's perfect for public computers.

The downside is that if you want to change something on the machine, you have to turn off the software (in deep freeze this is called Thawing) reboot, make your changes, activate the software (freeze) and then reboot again.  If you have to do this with many computers it's a huge pain.  Your computers will need to be thawed and updated regularly to keep them updated on windows update patches.  

Deep freeze has administrative console functions that allow you to manage frozen computers remotely.  YOu can tell the computers to reboot in the thawed state simultaneously.  You can also program into the software a given Maintenence Window, where every night/week/month it will thaw and reboot, and then refreeze itself.  Theoretically this allows your SUS or Automatic Windows Updates to go off and then refreeze the computer.  Deep Freeze also allows you to disable local logons during this window so you don't have to worry about other changes being made by a late night user.

Clean Slate is very similar, and maybe a bit more flexible in that you can specify certain directories to not be affected.  So you could leave the "My Documents" folders left so users can make changes, but if you want to freeze critical system files you'll still have the problem with patch mangagment.  It can be somewhat cumbersome.

Home users are better off with "rollback" software.  Such programs allow you to "rewind" your computer to how it was at X date and Y time.

Admins do use this software, but most people use it exclusively on public computers or high security systems.  More often you'll find yourself just wanting to restrict user access with Group Policy.  

There are a lot of headaches and annoyances involved with this type of software.  Imagine if you changed a setting in internet explorer that annoyed you, then you rebooted your computer and it came back!  So you'd have to hassle with unfreezing your computer, changing your one setting and refreezing.  You'll find you have to do this a lot because there will be a lot of small little settings we normally take for granted that keep coming back to haunt you.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now