Power Shadow

Discussion in 'sandboxing & virtualization' started by Chuck57, Jan 15, 2007.

Thread Status:
Not open for further replies.
  1. poirot

    poirot Registered Member

    My support to pinga and chuck57!

    I'd like to let everyone know that i finally and inexplicably succeeded in registering my 2.6 copy of PowerShadow after
    a complete uninstall of the previous program from AddRemove-
    a complete uninstall from TotalUninstall-
    an 'Aggressive' mode of cleaning the registry with RegSupreme-
    a change from OpenOffice,Wordpad to Notepad copy-paste into PS.

    Perhaps the program does not condone a first-time mistake.
    Perhaps there was something corrupt in the first install.

    Very interesting what Espresso said in a previous post about NOT being advisable to defrag when you use PS, something to remember.
    After all, if you use PS all the time there's little chance the disk will need a Defrag like if it was used in a 'normal' way, isnt that so?

    I think that the 'phoning home' of Powershadow can be easily solved by instructing your firewall to block it. The same thing cannot be said about well established OSs .....
  2. twl845

    twl845 Registered Member

    Solarpowered candle - Right.
  3. Chuck57

    Chuck57 Registered Member

    Good to hear, Poirot. Powershadow is too good a program to give up after 30 days.

    My hard drive is very good since I reformatted. I looked at defrag and ran the analysis. It's almost like it was when I finished the format, thanks I think to Powershadow. You're right. Run Powershadow all the time. Play with and test programs in shadow mode and you'll never have to defrag again. Just another added benefit to having a great program.
  4. aigle

    aigle Registered Member

    Can u explain how u can stop PS to phone home via XPantispy?

  5. Espresso

    Espresso Registered Member

    I doubt if XPAntispy will be able to stop PS from phoning home. I assume you're talking about v2.6, as v2.82 doesn't phone home. The best option would be to find the IP to which it's connecting, get the reverse dns and stick it in your hosts file.
  6. Woody777

    Woody777 Registered Member

    Ok I installed this.Yes it seems to work fine. I guess its mostly for when you go to questionable sites or want to try out Software. It seems to be all that you guys said it was. My only concern is that it will goof up my Antivirus updates. Also it would not accept my registration until I tried 3 times & took my first & last name & eliminated the space between.
  7. Espresso

    Espresso Registered Member

    Install your AV on another drive/partition if you want them to stick. You can also move the folder and make a junction point to where it would normally be (I assume that would work).
  8. aigle

    aigle Registered Member

    I think it does as well. Can anybody confirm plase?
  9. Espresso

    Espresso Registered Member

    DSA doesn't pick up any outgoing connections whether I have the "Check for update" box checked or not. The only time it has to connect is to register.
  10. EASTER.2010

    EASTER.2010 Guest

    Funny i haven't seen it try to do an outgoing at all unless COMODO didn't see it which i hardly doubt is the case.

    You don't have to run it all the time unless you're really that afraid of picking up a potential drive by from some dodgy website. I only use it when testing programs or deliberately trying to pull in a intrusion file loaded from a rogue webpage.

    You can get all your updates (Automatic) by leaving it off. Just run it during such times you choose during the day/night then when done it's off after a simple restart.
  11. Chuck57

    Chuck57 Registered Member

    I ran it religiously for a couple or three weeks. Now, in the past day or so, I've decided to only use it when I'm downloading something or visiting sites I use for research. In the past day or two, sandboxie is getting a workout. Either way, PS or Sandboxie, I feel well protected without having my computer clogged up with a bunch of security programs.
  12. chew

    chew Registered Member

    Hi Folks, Thanks for highlighting this new discovery. Just what I want really as I have been looking for one like this for a while now, although I saw a few rather similar ones like those mention in previous threads I never tried them. But this one sounds very good and it looks like a bigger version of Sandboxie that I have only started using a 3 months. So I have some questions to ask experience folks here. My questions: (mostly related to the step by step installation) 1) Could you provide me the link to Power Shadow 2.82 please as I heard that it can be converted to an English version. (including the process to convert to English) 2) Could you also let me know how to install it please. 3) I am using Window XP SP2 firewall behind University server so how do I prevent it from calling home? 4) Can I Power Shadow in Limited User account or all the accounts? Cheers Thank you Chew P/s: I have only 512mb RAM and most of my Anti-malware softwares are on-demand only with the exception of Windows Defender, SpywareBlaster, SpywareGuard and Snoopfree.
    Last edited: Feb 3, 2007
  13. yankinNcrankin

    yankinNcrankin Registered Member

  14. Chuck57

    Chuck57 Registered Member

    This is off subject, but I started the thread......so.....

    I was just surfing around with Sandboxie engaged for a while, left the browser up MSIE 7 and went off to do something else. I came back later, didn't pay any attention, closed the browser and emptied Sandboxie.

    Just a few minutes ago, I got back on and I had Yahoo toolbar on my browser. Don't know where it came from or how it got there. I did not download it and certainly did not install it. Could this thing have gotten through Sandboxie somehow?
  15. sukarof

    sukarof Registered Member

    Well, maybe I am missing something here. I use version 2,6 downloaded from Powershadow home page, and I just chose the enlish version...? so whats all the talk about 2.82?
    Well if you dont want it to look for updates, then you just turn that feature off. I am still waiting for someone to provide some kind of fact that PS "phoning home" is doing other things than checking for updates. I am not saying that it doesn't try to contact the net for those who claim so, but at least some facts of what it actually does would be nice rather than just the fact that it does it.

    Personally I have not experienced that the file some is talking about (shadowtip.exe, maybe its just the 2.82 version that does that?) has tried to contact the net other than during registration process. Unless it has bypassed my firewall completely and hides itself from port explorer, process explorer and rootkit hook analyzer..
    But if it does try to contact the net the easiest way to block it, as with all other software you dont want to get out on the net; just block it in your firewall. Or if you´re paranoid enough - dont use the software, that is the ultimate way of blocking anything :)
  16. Meriadoc

    Meriadoc Registered Member

    Correct, ShadowTip.exe...C:\WINDOWS\system32\shadow\ShadowTip.exe...tries to connect to a remote address (powershadow.com, http(80)) through an outbound TCP connection.
  17. poirot

    poirot Registered Member

    My 2.6 version 'phoned home' just once,which i consented to-just in case they would like to know about me- then i blocked the request in Jetico and that's it, no more problems.

    Woody777 , why would it 'goof up' your updates?
    At the end of the session/day you just turn it off so next morning it will not be on when you begin using your pc and you can do all your updates without any problem in 'normal' mode. Then you can begin a PS session if you wish and start the day with all your updates in the box.

    This is true with any 'shadowing' program, the only drawback with the rest of them is you have to reboot in order to start. In spite of that you can always-with any program- start the day without being shadowed and make all sorts of updates then reboot and start a shadow mode.
  18. Meriadoc

    Meriadoc Registered Member

    'Phoning home'

    2.6 if I remember was ShadowSetting
    2.8.2 ShadowTip.exe

    Basically the niceties (hand-shake) [1,2,3]
    then some conversation followed by a pushy I got a higher application that wants something [4]
    a reply with a I got a higher application that wants something [5]
    again with a I got a higher application that wants something [6] and data
    chitchat [7] ending with reset [8].

    The conversations?
    - nothing outta the ordinary.

    Attached Files:

  19. EASTER.2010

    EASTER.2010 Guest

    Hi Chuck57

    That doesn't surprise me at all. I never really fully trusted Sandboxie although i wanted to keep it. I had problems in the past with it and this latest stable version proved no different. I try not to post my disappointment over it as many seem to heavily rely on it and claim they absolutely love the program like yourself.

    My feelings is it still has some bugs to work out, maybe? I dunno, what i do know is that my confidence in POWER SHADOW is iron-clad and solid given the protection it offers and is proven.
    The phone-home thingy is not no biggie so long as you know how to block "outgoing" requests, so that's rather useless worry IMO.
  20. ktango

    ktango Registered Member

    me too
  21. Chuck57

    Chuck57 Registered Member

    I don't know how man Kilobytes that toolbar is, but there was no warning from Sandboxie, no evidence of anything being downloaded - unless it was while I was away from the computer - and nothing to show it was installing. The toolbar was on MSIE 7 and I discovered it on my Firefox 1.5.xx too.

    I got rid of the toolbars, finally. I found the ytb.exe in 3 different places, or there were 3 yahoo exe's on my computer. I still don't know where they came from. I use yahoo for my mail and have for years without a problem, and never download any of it. Ran a couple of different registry programs I have and AVG Antispyware and all seems clean again.

    Anyway, I don't cut my security software any slack. If it fails on something like that, it can fail with more serious stuff. I don't think yahoo toolbar is spyware, but I consider it spyware when it gets onto my computer uninvited. So, Sandboxie is gone.

    I've gone back to Bufferzone 1.90 for routine surfing. If wherever those toolbars came from, they get through BZ, I'll dump it too and just rely on Powershadow. I Know it won't fail.
  22. EASTER.2010

    EASTER.2010 Guest


    Indeed. I was amazed last night with Power Shadow because i just realized how incredibly simple it works and it sure doesn't give out anything to complain about like some sandboxes do. In fact, most other sandbox apps it takes a little extra time to read up on them and know just what settings is required, where they box apps, and even then can you be really sure nothing will slip past at some point in time. I guess the same can be said for any app but unless PS itself is particularly targeted it is failsafe.

    I use System Safety Monitor so i can place the executable in SSM's "keep process in memory" and feel secure that if it was forcefully closed it would immediately be restarted. Now i don't know exactly what it would mean if it was abruptly terminated just what that would present but i'm going to do a test with APT and use Kernel Kill to stop it and then run some apps and see if they are retained after reboot or Power Shadow would either still dump the session or else remain in shadow mode.

    Good this was brought up because there is nothing in the program itself that can cause such a concern.
  23. Meriadoc

    Meriadoc Registered Member

    My son was next to me with his new laptop and I was teaching him some stuff - looking at traffic, using the appliance logs, Ethereal and CommView packet sniffers. The decoded traffic in PS was nothing to worry about which I've now stopped with a desktop firewall
  24. yankinNcrankin

    yankinNcrankin Registered Member

    Just ran the full test of DiamondCS Advanced Process Termination (APT) while in single Shadow mode,
    I was unable to kill the process of ShadowService.exe and ShadowTip.exe thanks to my setup with ProcessGuard, however interesting enough I was able to kill both processes with Ice Sword v1.20. After verifying that the services were killed I began to delete folders from my shadowed C: and dragged files from my D: to my desktop, I even opened a live RK Rustock variant to my C:
    I did all of this while online connected to WildersSecurity forum, after a bit I restarted my computer, the window of PowerShadow that usually comes up when you want to restart or quit shadow mode didnt even pop up, this got me a bit worried, so my comp shut down normally and rebooted ok, upon start up I noticed that all the stuff I dragged to my desktop when ShadowPower services were killed, were all gone! :D :thumb: It was liike nothing had happened. had to be sure so ran some scans and RKU also and found nothing, the folders that I deleted when the PowerShadow services were terminated were all back like nothing had happened! This keeps getting more and more awesome! :D
  25. EASTER.2010

    EASTER.2010 Guest

    You beat me to the punch yankinNcrankin ;)

    Indeed! Those results are nothing short of Miraculous and Amazing! Just goes to prove yet another measure of TOTAL SECURITY! with this engenious shadowing program.
    Try as anyone may, this is definitely one app that can really stand up to the severest of tests and hold it's own very well.

    I am now even more IMPRESSED!! :thumb:
Thread Status:
Not open for further replies.