Power Shadow

Couldn't the same be said for our antivirus, antispyware, HIPS programs, etc?

I see what you're saying, Perman, and as a pure novice in this area, I'd say you're probably right - but the warning could go for all security software. If the right 'key' is found, I'm betting they can all be shut down.

In the case of Powershadow, that malware would have to get through shadow mode, though, and so far, nothing has beaten it. That isn't to say it won't happen tomorrow, or hasn't happened already and the info just isn't available yet.

 

No panic, I think I'm being reasonable in asking what I asked earlier, now you make another statement here Again, I would say this is a critical issue, if any malware coders can bypass your layered defence and turn off this driver, you are cooked(well-done). Since you obviously wont show proof in your statements I'm gonna settle this myself and post back.
Would ofs' could ofs' & Ifs', now I'm gonna sound a bit cynical, your statement above can be said about any program, you don't have to be a rocket scientist to know about what you just stated, kind of an unnecessary statement IMO. Maybe if you said here is an example of PS getting bypassed and when the driver gets turned off then you are cooked, then that would of been good. Until that happens nothing can be said. That statement you made earlier would apply to almost all security type programs that install drivers to the OS for functionality. I won't comment about this anymore thanks.

 

http://usuarios.arnet.com.ar/fliamarconato/

 

Thanks, Franklin. I've read a lot about DeepFreeze. Never tried it.....yet. Interesting. That's what you call protection. Now, I'm curious what would happen with Powershadow.


"Taken from Faronics Deep Freeze FAQ:

Question:
I was unable to get in and disable Deep Freeze, so I booted to a floppy and deleted the installation directory manually. Now, the protection is still enabled and I can't remove it!

Answer:
Unfortunately your only option is to reformat the computer. The procedure outlined in our User Guide should be followed when uninstalling Deep Freeze"

 

Hi, folks: I am afraid that Franklin's link IS OUTdated, That link is referring to Deepfrezze V.5 and learlier ones. DF has since released newer one last June, v.6 and has been updated twice. I am sorry that someone would like to feed members w/ absolutely outdated materials. There is a thread on this forum discussing it in deep, and that UNFREEZER has been mentioned. Ha, again, as a member, I feel compelled to inform you any potential danger may unearth ahead. PowerShadow is good, but it has a time-bomb implanted. Believe it or not IS your own business. Good luck.

 

Hmmnnn,Deepfreeze updated twice,eh.

Must be patching those timebombs.LOL

 

I appreciate all the information, pro and con, on Powershadow. Since finding it, even though I haven't done any of the heavy work testing it, I kind of think of it as my baby.

I'm still a bit puzzled though about the SnpShot.sys. I understand your concern and thank you for pointing it out. What puzzles me is exactly who would take the time to work their way around other security just to get to remove the SnpShot file. Please understand, I'm a newbie in this area of security - most areas of security, in fact.

Also, if the computer is running in shadow mode, in order for the file to be removed the malware would have to get through shadow mode and through whatever other security in place, to get to it. If the other software is doing its job, as I hope it is, it would warn. Then, it's up to the user to make a choice.

Again, thanks for bringing this to our attention.

 

No security is 100%.If an expert like the author of Defensewall put any effort into bypassing an app I'm sure he could do it.

But I do have an ace up my sleeve just in case a "timebomb" does manage to get past my hardware firewall then my software firewall then Firefox and noscript extension running through Sandboxie whilst in Shadow mode.

I have a couple of spare hardrives with clones of this main drive which can be set as master or slave which gives me the option to format and reimage or reclone to the main drive in case disaster strikes through malware or hard drive failure.

 

Slightly similar set up here, Franklin. I run behind a hardware and software firewall, in Firefox, in BufferZone, and have CyberHawk, Snoopfree, antivirus and antispyware running.

If I'm going to an unknown site for research, safe surfing only but you never know these days, that I haven't been to before I'll often engage shadow mode.

It's probably overkill, but this is my only computer and I need it working. Down time can translate into lost income, so I want it as protected as I can get it within reason. One can become so bogged down with security software that protection value is lost due to slowing down of the machine. Been there a time or two.

My work is saved to both CD and a second hard drive.

 

I might have known some pokes were coming at Power Shadow just to try to dampen the enthusiasm with so much of this hi-energy frenzy many of us are enjoying with it right now.

The time-bomb theory was a good one But since my PC is also armed with a militia of File Examiners, Decompilers, Hex Editors etc. i have peeped inside PS internals just to make sure for myself and i find nothing out of the ordinary except this is a very effective program that some have a hard time swallowing just how GREAT! & SAFE! it really is.

Compatibility with some other SandBoxes is another story altogether and just like matching up an AntiVirus to play nice with your firewall/HIPS; some virtualization programs like PS will work together just fine while others might not untill the issue is addressed by it's makers.

Roger! Over N' Shadowin' Out

 

Thanks once more, Easter. Some day I'm going to buy an old box just to start playing with all the stuff you and others do.

I finally totally rid myself of Shadowsurfer today. I lit it up one last time, went through the same misery as before and uninstalled it for good. That last time convinced me how much more elegant Powershadow is to run.

I've been cruising the web a bit in the last few days and can find no instance at all that Powershadow has ever been compromised. I'm betting if it has, somebody would be blasting it all through cyberspace.

 

Hi, folks: For those who are using PS and are interesting in testing its strength. I have a test method which has been published in China, and has been use by PS users to build their confidence or otherwise. Here it is:
(1)Back up your drive.
(2)Open PS single shadow mode.
(3)Use IceSword or its alike to terminate all PS's running processes.
(4)Use IceSword or its alike to delete some system files, such as
C:\windows\NTDETECT.COM, C:\ntldr, C:\windows\system32\drivers\all
files ,C:\windows\repair\all files
(5)Use BCWipe or its alike to secure wipe free space in Drive C, at least 3
times. If succeeds, then
(6)Reboot and see what will happen next,
(a)if OK, are those deleted files restored? if yes, your PS does not let u
down.
(b) if not, seek the help of BackUp. There is a big hole in your PS (?)

 

So pray tell us Perman,which timebomb malaware actually installs and uses Icesword to carry out all those instructions?

Anyways I tried your "oh you beaut timebomb" manually and this is what I got trying to initialize Icesword through my first line of defense being Sandboxie.

What a joke!

 

No can work, for you see "ALL" Power Shadow's running processes on my units are placed into protective custody & "PROTECTED" from complete termination by System Safety Monitor "AND" ProcessGuard.

That deliberate destruction & abuse is MANUALLY suggested and i might add also to the eXtreme and beyond what any malware could perpetrate upon a protected system like just pointed out.

But feel free to try that and return your results for us.

 

Hi,folks: I am just a feeder, no interest in PS's venture or whatsoever. You do not have to be this . I am glad that you have a diamond-strength sort of confidence on this app. It is good for you. Ha, how often do we find a freeware(sort of) w/ this kind of muscle. A finder is truly a keeper in this case. As I mentioned at begining on other post. My info is merely a info,serving as reminders and guidelines, no more and no less. Any deviation of interpretation from that never has entered my mind initially. I think my helping hands in this matter has better ended right here. Have a nice one.

 

Ok I guess you asked for it. I cant believe you still talking BS lol. For one you couldnt answer my earlier questions in my previous posts and now this. To satisfy myself and hopefully others I took your challenge and did exactly what you said and more a whole lot more. I intentionally tried to mess up my system, killed the processes you specifically said to kill that were connected to PowerShadow of course using IceSword. I deleted whatever I could hiiden system critical files, some of course would automatically recreate them selves but oh well,I then shredded the deleted files and folders using Peter Guttman method, next I ran BCwipe3 by jetico this would of took 3 hours to wipe free space so I speeded it up a bit, next I ran my collected samples of real live malware, worms, viruses, and Rks did all this while connected to the Wilders forum. After all was done restarted my system and as expected all is well

After doing this I come to a conclusion Perman, your threats of a Time Bomb is some really bad false statements, I'm surprised that administrators have not yet intervened on your false comments. I say again to you Perman show some proof that is duplicatable and I'll be happy to CONCUR and verify what you say to be true. So far everything you have said I personally proved to be false and please read my previous posts to you and answer them as Im sure the audience would like to hear your response, dont avoid my questions.

OMFG lol I cant believe this guy is gonna quit now I hope you comment back to this post of mine Perman dont make your exit so soon, you started something now finish it with some character and show these guys you not blowing smoke.

 

You were in shadow mode when you performed the tests, YanknNcrankin? If so, that confirms what I suspected.

*Edit* Well, that was a stupid question. Of course you were in powershadow or restarting wouldn't have made any difference. Sorry, not thinking tonight.

My suspicion was that anything done in shadow mode, including disabling files and programs in powershadow would go back to normal when rebooting was done.

No doubt in my mind that this one is a keeper after reading your test.

 

In Shadow mode the original documents is protected by powershadow as a results anything done in shadow mode, including disabling files and programs in powershadow would go back to normal.

 

Ok I downloaded the 2.82 version in chinese and followed the instructions however my extraction didn't find any english files to extract and cut and paste over the chinese characters in the system32 folder of shadow. What archive are you guys looking in to find the english file as I can't find it? Thanks for any help.

 

Should be in the zip along with the exe.Folder named "shadow english".

 

here you go: https://www.wilderssecurity.com/showpost.php?p=942637&postcount=7

 

Hi, folks. and hi, Y-N ,in particular: To this day I am still in deep puzzle that why on earth you are so exicited about my postings, they are merely info, do you read this,, INFORMATION, only. I am not an expert in this field and I can not make any comments. If you ever read my posts clearly, I have said(declared, rather) those info are for you to consider, NOT to demand you to do this or that. I feel very sorry that you have taken my initiatives a bit wayside. I am glad you have done the test and to your very much satisfaction, isn't that all you want? I have never said PS is a questionalbe app.Like any wonderful apps out there, there is a slight possibility that it may have a weakness. Any person with grade school widsom would never say"never" to anything. What did not happen today does not mean it will NEVER happen the next day. Let me say again, I am very much pleased there are quite few members have found their love w/ PS. And more importantly, it has provided the kind of protection and service you require. I think this is the bottom line. Have a nice day.

 

Hi there,

Would you kindly explain what do you mean by 'same misery' you went through with Shadowsurfer? It is only out of curiosity, especially after qualifying Powershadow as elegant when running it. Thanks
(I don't have either of these programs).

 

On mine and a few other people here, when you reboot to leave shadow mode, Shadowsurfer will not let you without using the uninstall feature. I click to reboot and it goes as far as the computer is shutting down screen and stays there. Attempt a manual reboot and when Windows finishes loading, you're back in shadow mode. I went through this a month ago too and finally clicked uninstall. THEN, it wouldn't uninstall but did leave shadow mode. After attempting to uninstall, though, you can finally uninstall it on the second or third try. It's now off my computer for good.

Everybody doesn't have this problem. Many here use and like Shadowsurfer.

 

Then why in the hell would you go around saying UNTRUTHFUL remarks about a program you have no proof in backing up what you had said in all of your posts. It dont matter if you claiming info only as far as I see it its FALSE info. You gonna post SH*t better back it up with hard facts or best leave it alone. If you was following this thread then you would of known the tests I had performed way from the beginings of this thread. Don't COP out and start singing another tune, back up your words dont come in strong and now you start back stepping, talk about double standards, I think you better reword your posts cause to me it sounds like you a wanna be professional when it comes to exposing vulnerabilities in programs. You still havent answered my previous posts which tells me alot about you in your avoidance.
Next time you go saying stuff about PowerShadow have some proof and do some real life testing dont go blowing smoke about something you obviously have no clue about, What IFs', Would Ofs', Could Ofs' thats all you did here nothing more and for what to create excitement, post some real facts next time, don't try to justify yourself by saying you no expert after the fact after the remarks made in your previous posts.

LOL 1st you say critical now I see slight possibility go reread your posts and if you got to edit them then do so cause you got some major DOUBLE STANDARDS.