Toolwiz Time Freeze

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Someone might want to comment on this tools ability to protect your
system from virus and Trojans? I'm not expert in this area enough to do
so.

Toolwiz Time Freeze
http://www.toolwiz.com /
They have some nice free utilities here
http://www.toolwiz.com/products/toolwiz-time-freeze

Temporary System Virtualization

"Toolwiz Time Freeze is a free instant system restore solution to keep
your system safe and always like new. It protects your system from any
unwanted changes and malicious activity in low disk level.With a simple
click, it puts your actual system under virtual protection on the fly
and creates a virtual environment as a copy of the real system, on which
you can evaluate applications, watch movies, and perform online
activities. It provides higher-level security to computer protection,
and greatly improves the efficiency of virtual system."

On startup, runs in the system tray and double-click its icon to evoke
it.
File Size    1210 Kb
Windows XP/2003/Vista/Server 2008/

I installed the program and opened the program from the tray. I clicked
"start TimeFreeze" and being a Korean Program, it tells you in poor
English that it will create a virtual environment of your system. After
you start it check the "Show toolbar on desktop for Frozen Mode and an
icon will appear on your desktop reminding you that you are running in
virtualized mode. You also have a File Protection Mode allowing you to
protect folders/files to prevent viruses and Trojans accessing those
files. This confused me somewhat.

After started, it will begin creating a cache to store your session in
and shows you the progress of the building though you are in virtual
mode and it builds what it needs for the session up to 4011MB.

When you are done with the session, click Stop TimeFreeze, and a screen
pops up with options to turn off the protection and save all changes, or
Turn off the protection and drop all changes which will restart your
system and drop all changes in the virtual mode.

I created a few text files and saved them to my desktop which were still
there after the reboot which I didn't expect - I guess it assumed it was
a wanted action. Not sure what that's about and made me question total
temporary virtualization - I don't know at this point, I certainly
wasn't expecting to see those files after it re-booted. Maybe someone
else can enlighten me on that one.

At first run, the system was very slow to react, but after a bit it
settled down and speed was good. On second run, I almost didn't know I
was in frozen mode so I guess it saves a cache somewhere and expands
that size as it needs to. It was only slow on first run while it was
building cache.

The following is an explanation of how it works I found in their forums:

"The Toolwiz engine is made up of two Windows kernel drivers. One is the
file system filter and another is a disk filter. The whole engine is
designed to hold all the changes(both in the file system and raw disk
level) and save the changes to one cache file. We have very good idea to
keep as less changes as it can to get better performance. That is why we
can exit the protection at once and the others can not.

That is the very standard disk virtualization architecture. you can see
many other similar products, Deepfreeze, Powershadow and so on. The
difference between them should be the algorithm, logic and detailed
skill in the Windows kernel development(we have zero BSOD report so
far).

The Windows boot process has two stages at least. One is the boot loader
and another is the OS loader. The first stage is in the real mode(part
in protect mode). It loads the OS loader and System Registry with BIOS
read function(INT 13 normally).

If we want to keep the changes for many reboots(survive reboots as you
said), we need to change the user's MBR and use the HOOK code to do the
redirection work since first stage. We have the whole tech for this and
in fact you can find the Toolwiz BHORM in our website. This product can
keep the protection for many reboots, but so far more users choose
Timefreeze, not BHORM.

Replacing the MBR and adding the HOOK code to INT13 and INT15 is not a
good news for many users. Sounds like a bookit:) It will bring a lot of
compatibility and security issue. So far we want to keep our timeFreeze
clear and smart. But we will try to make a new branch for the
virtualization in the future, adding the features like RAM Cache,
Exclusion Folder, Keep Changes for many reboot, Protect more
partitions."

Re: Toolwiz Time Freeze


Quoted text here. Click to load it

I ran another session and altered the text files I created and made some
changes to quotepad. I terminated the session and after it re-booted I
checked the files and no changes were there...so I guess it will allow you
to create files but not change any.

Also, Quotepad failed to start with an "out of bounds error" and it's
borked.

Also, it confused SugarSync and wouldn't let it update it's targeted
folders/files...which is good IMO.

I would recommend having a good image of your system before trying this
program out as I will likely reload it in a bit...after some more testing
of this program. I can't recommended it at this point however.


Re: Toolwiz Time Freeze


Quoted text here. Click to load it

Looks like their web site is time-frozen.

                                   Forbidden

   You don't have permission to access /products/toolwiz-time-freeze on
   this server.

   Additionally, a 403 Forbidden error was encountered while trying to use
   an ErrorDocument to handle the request.



Re: Toolwiz Time Freeze

retsuhcs@xinap.moc (Mike S.) wrote in

Quoted text here. Click to load it

I got to them.

Re: Toolwiz Time Freeze

Bear Bottoms wrote:

Quoted text here. Click to load it

This group does not work the way you think it does, I wouldn't expect a
whole lot of replies with 'questions' like that.

Re: Toolwiz Time Freeze


Quoted text here. Click to load it

That's fine. We can make the group what we want collectively. Maybe I can
add some new perspective.

Re: Toolwiz Time Freeze

Bear Bottoms wrote:
Quoted text here. Click to load it

Again, it is a recovery scheme not prevention. Making a system
compromise easy to recover from is not the same as protecting it from
compromise.

Re: Toolwiz Time Freeze


Quoted text here. Click to load it

Are you certain? Really, that's funny. Who do you know that thinks it
is? Do you understand there is no bullet proof protection and recovery
is the most important thing. Many users, more than not, are not capable
of cleaning their machine and need help. Recovery makes them self
sufficient.

What questions do you get from folks mostly. What is a good anti-virus?
What is a good anti-spyware? They put them on their systems and think
they are protected. When they get burned, they move from say, AVG to
Avast, or Spyware Terminator to WinPatrol. If they get infected, they
holler for help. Some even experiment with other more sophisticated
programs or put so many on their system slows to a crawl. They still
aren't safe. No one is. Every expert on the planet, including them will
tell you it is a constant battle of them playing catch up.

It puzzles me that I have to say this.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-
mail

Re: Toolwiz Time Freeze

Bear Bottoms wrote:
Quoted text here. Click to load it

You didn't have to say it, and it doesn't conflict with what I wrote.


Site Timeline