Power Shadow

Benny Bronx is right, If the app needs a reboot to install, PS won't help you because when you restart, all changes will be deleted. As far as Comodo slowing down your system, the new version is suppose to be lighter than the current. I had version 2.4 running with 512MB RAM easily. It is also fairly easy to setup and I suspect the new version will be easier.

edit for accuracy

 

You'd be better off testing it inside a virtual machine, if anything goes wrong your base system will not be affected. Otherwise backup your system before testing so you can easily restore if it turns bad.

 

I think the 512mb of ram should be enough but it really depends on the ram usage of other processes. For example I've a p3 450 system with 320mb of ram. It runs fine in terms of ram usage, typically 15-30mb of ram.

The problems for me came in the cpu department. There are some bugs in the current version of Comodo (CPF) that leads to cpu being maxed out. For example the Logging & the Components Monitor. Check their forums regarding these issues, they've some really helpful people there

 

My old computer, may it rest in peace, had 512RAM and a 1.2G Athlon processor. I had Comodo on it as a test, along with Kaspersky AV, powershadow, and ran sandboxie inside powershadow (don't ask me, I just did), asquared, cyberhawk, and something else, and never had a problem.

 

HAHA, I can assure you that ur not the only one running sandboxie within ps or anything similar

Other than that, I use antivir, ssm pro, boclean, jetico v1, protowall as my real time protection. All of which have minimum impact on this old system.

Anyways, the bugs that I mentioned about CPF is not limited to mine of any other old systems. It was a known problem among CPF users, even their forum mod face similar problems. If you look into their forum, CPF -> Help -> Faqs, near the bottom area.

 

Thanks folks regarding the question of installing Comodo FW on my system.

Yes, I will wait for the next version 3.

My laptop is about 6 yrs old and 1.2 Ghz Ram is the max I can have.

Still running fast and I guess I might have to uninstall one real-time protection i.e. Windows Defender, to release some resource usage.

 

Running the now famed Power Shadow Master along with the relic firewall Kerio 2.15 alongside System Safety Monitor full version, inside of each FD-ISR snapshots, (9 to be exact), precludes for me any consideration for sandboxes. I prefer to meet any threats head on at immediate entry level and SSM does that just fine here and has now for quite awhile.

Power Shadow serves as an extra capture measure should anything mischievious evade front line shieldings. Simple reboot EXITS shadow-mode and dumps whatever was collected while in it.

Still waiting on word when they will finally get around to the EXITING shadow-mode WITHOUT a reboot feature. I wouldn't think it too difficult a task for development minds as sharp as what the PS group already is made possible with this neat protection innovation.

 

Version 2.8.2 Chinese with English translation works perfectly. It's great for testing trial software. Does anyone know how to backup the registration information since the developers might discontinue the "free for personal-use" soon (I heard June 17 or something)?

One annoying side-effect: Won't hibernate with the shadowed drive as the cause.

Not too much of a problem since it'll be only enabled to test software.

 

Since 2.6 does't work on my Sata driven rig,i'm curious if 2.82 maybe work ?

 

I have PS on my 6 year old Dell Inspiron 8100 Laptop for few months now and as far as I know there is no problem with hibernation at all for my pc. Infact my pc is as normal as it can be.

Not sure if it affects different system differently?

 

Huupi, I have a SATA drive and 2.8.2 works on it. I tried the dowbload conversion. I don't know what I did wrong but I have the Chinese version working. I have the 2.6 working on another computer so I know what is going on.

 

@ WilliamP If your having trouble converting the English files, you need to backup/copy the shadow folder (say to MyDocuments), Then delete the 'select' files in the real folder and replace them with just the files included in the download conversion folder. There should have been a readme file that vaguely explains the process. I have installed 2.8.2 and all is in English except the mouse-overs. I can help further if needed.

Edit for grammer correction.

 

One thing i know many of you will agree with and pleases me to no end about Power Shadow Master!

IMO, just like FD-ISR, this is one of those apps that is completely without problems, at least for most of us, and is as routine as using notepad.

We need more Security/Virtual apps like this that once you install it never come back later to haunt you or give you undo reason for any concerns.

This is one of only a very few programs i found that i can 100% totally rely on each and every time to perform and is completely stable as well as compatible with just about every other security app including the kitchen sink.

Now if they would just perfect that code whereas we can also EXIT shadow mode without reboot, but i'm willing to bet it's not likely and due in part because of how microsoft is fashioned XP internal core operations. But thats OK, as-is, is a Magnificient achievement in computer technology in my book.

 

@ Easter. I asked this in another thread but received no answer from anyone. I was hoping you knew. When in shadow mode, does PS protect the MBR? Just for reference my original post was in the Returnil thread. Also in that thread if I remember correctly coldmoon talks about the difficulty of returning from a 'shadowed/protected' state without a reboot. I also think that would be an awesome feature, but with so much time and energy going towards Vista compatibility by developers in general, innovation has slowed greatly .

 

I will only speculate because i'm no reverse engineer nor coding specialist even though i sometimes get very deep into C+ & Assemble code, but takes way too much of my time and since i'm not on a payroll for such intense study i leave that to real programmers.

My speculation though about Power Shadow Master comes from simple observations only just like anyone. IMO, so long as you don't use the Boot-Up Menu setting then PS doesn't reside in the MBR.

As far as protecting the MBR? It surely must! Because Peter2150 tested PS with the notorious KillDisk Virus and PS survived with flying colors.

I know that this still does not get to the heart of what you want to know so i'll leave that up to someone more qualified who can confirm that concern of yours either up or down to that question.

 

Thanks for your reply Easter. I knew somebody had ran killdisk against it, I just couldn't remember who. I also know that you had tested some nasties against it also. If I remember right, it was Peter2150's test of killdisk that prompted returnil to protect the mbr. I've been spending to much time reading here .

I was just looking for conformation of the complete effectiveness of this program. I'm not sure if they will continue to issue a free version to home users, but I do intend on hanging on to my copy.

Cheers, innerpeace

 

Good. Glad it was helpful for you.

Cheers EASTER.2010

 

When running in shadow mode, I assume powershadow does in fact use the hard disk as storage (cant use ram as not enough) -eg, if in shadow mode and download and save a 5 gig file, powershadow must infact store this somewhere on the hard disk. I know its in shadow mode and when you reboot the pc is just as it was before you entered shadow mode, but could an undelete programme or some forensic software discover what powershadow saved to disk whilst under shadow mode. Does powershadow securely delete its cache or whatever its called?

 

I always start with Boot-Up Menu using Single Shadow then go straight into Limited User a/c before connecting to the net. I prefer it this way as I want everything to be protected the moment I start my pc. So far so good.

 

Excellent plan chew & a most preferred approach. Congrats!

What makes PSM so nice is that it is so well put together it becomes as common and routine as notepad. For me it's really that simple.

 

Based on a post in this thread Sandboxie v2.86 I can with almost 99% confidence, say, PS (2.6 and 2.8.2) do not mess with the MBR (or PBR) in any way.

It somehow (probably using a legit M$ method) passes "/SHADOWALL" or "/SHADOWSYSTEM" (using boot.ini) into the boot process without changing MBR (or PBR).

Yup!

Mike

 

PS 2.8.2 store activation info 14 sectors after MBR, not MBR.
Tried SectorEditor v1.05 by Julie.Lau (77k Chinese freeware, loads SIoctl.sys service, Vista ready) to modify sector 15 in both /SHADOWSYSTEM and /SHADOWALL modes, PS can not stop it. dunno if this work with MBR too...

 

Can SectorEditor change system files ?

 

Correct, MBR is Sector 0.

There you go folks, so much for PS being TOTALLY perfect!

UPDATE: That is exactly why I have been talking/asking about data in the first cluster (sectors 0-62) of a disk!

Mike

UPDATE: See bottom of post #854

 

Mike,

Are you saying PS is vulnerable in this case i.e. sectors?

Is there a way to protect the sectors? If so how?

Chew