Official: Powershadow 2.6 does NOT protect MBR.

Discussion in 'sandboxing & virtualization' started by Horus37, Jun 19, 2007.

Thread Status:
Not open for further replies.
  1. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    As per website admin at powershadow forum -



    http://powershadow.freeforums.org/templates/subSilver/images/icon_minipost.gifPosted: Thu Jun 14, 2007 5:13 pm Post subject: http://powershadow.freeforums.org/templates/subSilver/images/lang_english/icon_quote.gif version 2.6 was released two years ago. It doesn't protect MBR.

    Non-English version (2.82 ) supports MBR protection. (This was released in Dec 2006 )
    Our next English version will support MBR protection too. (Will release soon. Time not decided.)


    Told you I broke it Peter.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Of course you broke it. You also would have broken 2.82, doing what you did. WHen you install something that has to modify the partition table while in shadow mode, you are bound to screw up your disk. Don't believe me, wait and try it again. BUT, I'd suggest taking an image with a good imaging program that save the mbr and track 0 before you do, or you will be posting asking for help again.
     
  3. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, Horus37, congratulation to your adventurous work. Since you have the weapon(HP's software), can you d/l DeepFreeze standard and test it? To see whether it can defend itself. I am assured on many occasions by developer that DF may be the safest virtualization app my money can buy, just curious. Please keep me post. Thanks.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Perman, that would be unwise for him to do. Remember that software has to repartition the disk, so it needs to change the partition table. The only way to do that would be unfreeze install the software and refreeze. Doing it in the freeze mode is bound to have equally undesirable results. It's almost like asking if Deepfreeeze would protect you from booting to a floppy and doing a format c:

    Testing against something like killdisk whose purpose is to maliciously and quietly destroy the hard disk makes sense. But to try and test it against software whose purpose is to repartition the disk to do it's job, doesn't.

    Pete

    PS. I just remembered. I did test DeepFreeze against killdisk and it prevented a problem while in the frozen state. Killdisk couldn't do it's thing.
     
  5. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, Peter, thanks for the advice. Again, one more positive knowledge learned from you. :thumb:
     
  6. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    When I first tried DF Having not read the notes I didn't realize that I needed to hold shift while double mouse clicking to enter the program. Assuming it wasn't working I tried to use Acronis from within windows to restore and was surprised when instead of rebooting to Acronis DF protected itself and brought me back to windows. using the emergency disk allowed me to delete the frozen C: and restore but I was impressed by the way DF defended itself.
     
  7. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, long view: a bit OT. Have you ever used ATI to create the secured archive partition? I found that DF will not allow ATI to proceed, that means no partition can be created while DF is installed within that volume(drive), whether in thawed or frozen mode. The other thing I find interesting is that you can virtually install any programs(including those requiring reboot) in frozen mode, then after reboot, everything will be back to the way was, no harm will be done to your system. In the past I have tried many security apps requiring reboot, and have not encountered any negative impacts yet, but I may want to change this practice from now on, since our friend Peter has warned us about the consequences in doing so. Since this is a sidekick discussion, I better cut off right here, before... Have a nice one.
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Faronics Anti-Executable requires also to hold shift while double mouse clicking to enter the program. Both professional softwares protect and hide themselves very well compared with other softwares and you need a password to get access to their configuration, which is very good if they are used by several users at the same location. :)
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Hi Perman

    Nothing wrong with playing and experimenting, as long as you have a good imaging program to back you up. But as i discovered with that you can get yourself in a mess with partitions. Trust me, when your trusty Windows CD BSOD's, you get a really funny feeling that you are in trouble, and you are. This stuff is best left for Virtual Machines.

    Pete
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes Peter, but that was because, you didn't have a zero tool to wipe everything, including messed partitions.
    After running a zero tool each mess with partitions is gone, because everything is replaced with zeroes. I've done enough restorations on zero-ed harddisks without problems and I would do the same after a killdisk attack.

    Zero tool + Recovery CD + images on an external harddisk, that's all I need.

    PS: I still find it weird that a Recovery CD failed to do its job after a killdisk attack. Nobody would expect this.
     
    Last edited: Jun 19, 2007
  11. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    where would I get a zero tool ? tried google and found a thermal emergency survival blanket - which I don't think is what you meant ? :mad:
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If I was you, I would go to the manufacturer's website of your harddisk and see what they offer as harddisk tools. I got it from Western Digital.
    If you don't find anything, maybe Darik's Boot and Nuke (freeware) can do the job or any other similar tool.
    http://dban.sourceforge.net/
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Hi Erik

    I plan on taking a look at Dban. I did download WD's utility, that includes the zero tool, BUT, it doesn't see my hard drives, as there is no provision to load drivers.

    Pete

    PS. Your comment about the recovery disk is so true. Talked with grnxmn about this, and he said it almost has to be a bug in the MS routines that access the partition table. Not much comfort.
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My WD Zero Tool allows me to select the harddisk first and then the selected harddisk will be erased with zeroes, you can choose between quick or full. You probably didn't see your harddisks because they are not WD Raptors like mine or other WD harddisks.

    I'm not familiar with DBAN, but I've seen the screens at their website and it doesn't look as userfriendly as my tool.

    I'm not sure if this is a legitimate software, but it's freeware.
    hxxp://hddguru.com/content/en/software/2006.04.13-HDD-Wipe-Tool/

    Keep in mind that it MUST be a floppy or CD to wipe your harddisks.
     
    Last edited: Jun 19, 2007
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Erik, my problem is there must be a way to install the nvidia drivers for the raid 0 array, or program doesn't see the drives.
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    This is what WD says about my WD Zero Tool :
    This is my harddisk : WD Raptor WD740GD 74gb 10000rpm SATA 8mb Cache 4.5ms

    I don't know what kind of WD Zero Tool you downloaded, but I don't think you can use these tools for any harddisk.
    This is the link where I got this tool
    http://support.wdc.com/download/?cxml=n&pid=1&swid=30
     
    Last edited: Jun 19, 2007
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Erik, they have a utility for my specific model of drives, but the program is DOS based and can't see my drives cause it lacks the nvidia raid drivers.
     
  18. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  19. EASTER.2010

    EASTER.2010 Guest

    I remember using the zero tool from Western Digital "only" on my WD drives. I believe nearly all the top makers of hard drives now offer something similar, including Seagate/Maxtor = MAXBLAST! The disc actually came with my Maxtor purchase in November.

    More OT, i'm eagerly awaiting Power Shadow Master's new release that covers MBR, although unless i had duplicated the feats with Killdisk & HP's latest nuker, this current 2.6 version is not made any problems for me even when testing RootKits but then RK's have no reason i would think to damage anything, just stay hidden and keep the system running as stable as always.

    The MBR/Partition Table corruption is more in line with viruses designed to wreak maximum disappointment for the unlucky soul victimized.
     
Loading...
Thread Status:
Not open for further replies.