When security software becomes a virtual footprint sweeper

Deepfreeze is a software program used in some computer labs and libraries to restore entire hard drives to an unaltered, hopefully “pristine” condition after the computer is restarted. There are advantages and drawbacks to using Deepfreeze or similar software programs, but one of the main benefits is that students can make all kinds of changes to the desktop, installed programs, wallpaper, screen saver, etc. and after a restart everything goes back to your “standard configuration.” When installing new software programs, the computer administrator has to disable deepfreeze and make the changes, and then define the new system configuration to which everything should restore upon restart. This is an extra step and can pose inconveniences for instructors, but particularly when a lab gets a lot of traffic I’ve found Deepfreeze to be a HUGE headache saver and preventer.

I ran into a situation recently which highlighted a “flipside” to deep freeze that I had not considered previously, however. The network administrator in a computer lab in which I was working had configured Deepfreeze to automatically restart every computer after thirty minutes of in-activity. His reasoning was/is that this will provide a high level of protection for the other lab computers, since if one gets infected with malware it will restart after 30 minutes of inactivity and the bad worm will have limited ability to propagate itself on the network. Personally, I recommended he configure the computers to just restore themselves to their “default configuration” when they are manually restarted, but he insisted that this restart after 30 minutes of inactivity was a better setup.

A situation which arguably should be expected recently highlighted a drawback of this configuration. A lab user reported that someone had just been in the computer lab looking at pornography, and naturally action was taken to address this. I won’t go into the details of what was done, but I will highlight that had an adult NOT immediately gone to the computer where this individual had been online, viewed their Internet Explorer history, and documented what was revealed there, all evidence of this individual’s virtual footprints in cyberspace would have been erased by Deepfreeze in 30 minutes if no one else touched the mouse or keyboard of that computer during that time. The computer lab and network in question does utilize the Astaro software security gateway to provide some content filtering and monitoring, but since users do not login with unique credentials (everyone logs in with the same default user account) I don’t know there would have been (or is) documentation on the network which would be traceable (certainly in a straightforward and easily obtainable way) for the behavior of this individual.

In a sense, in this context Deepfreeze was and is acting as a “virtual footprint sweeper” covering the “hyperlinked tracks” of lab users.

I’ll repeat again what I say repeatedly in presentations and workshops about Internet safety and online social networking: There is NOT a computer hardware or software solution, or a “policy” solution which can ever stop everyone from intentionally looking for inappropriate materials online in a computer lab, library, or other location. Filtering solutions are needed, but ultimately what is most needed are conversations, relationships, and practices which encourage perceptions of accountability for online as well as offline behavior.

photo credit: austins_irish_pirate