Power Shadow

How would we categorize this POWER SHADOW you think? Pure virtualization or sandbox or both, or one or the other? I know as we draw these distinctions one thing becomes apparent, these type apps go a long way in keeping your surfing pretty secure, right?

I mean, for someone like myself i don't mind entering the Lion's den of malware sites to see if i can stir up a nest of droppers and after collecting some of these flies it's only a matter of rebooting again to return to the previous snpshot. It's while shadowed that the partition being written to is but an ARTIFICIAL hard drive right? We do call that virtualization right? So if we're operating the PC in a secure/shadowed state then we are also SANDBOXED that same Hard Drive right? Just looking for the correct term to apply to this if any.

Most peeps avoid at all costs rogue sites and yet still find themselves in a pickle sometime from a milisecond landing on a webpage loaded with a rapid-fire entryware/dropper.

If anything like that gets thru and happens to make a safe landing in your folder, your firewall should pretty much SUSPEND the "outgoing" attempt to magnetize the Swarm that the dropper is signalling to invite.

What i'm getting at here is unless an app like this is particularly targetted your machine is not likely to experience any real side-effects should a direct hit drop onto your PC landscape. Yeah, while shadowed the intrusion might create quite a stir and interrupt all sorts of normal functionings but a swift reboot (even manual one) and you've effectively went back in time like a TIME MACHINE!

 

I call it a virtualization, but what do I know?

I can tell you this: whatever it is, it's going to be on this machine as long as I have it.

 

I refer to apps that virtualise part of the system as sandboxes and whole of system as virtualization apps

And what is the correct spelling for virtualise - virtualize.

FF's spell check flags both as being incorrect.

 

VirtualiSe is the British spelling.

VirtualiZe is American.

Probably virtualiSe is correct everywhere in the world but the United States.

 

Sandbox and virtualization to my knowledge:


Security aps restricting vulnarability by reducing policy rights and or filling in securiy holes of XP are often referred to as sandboxes.

1. Example DefenseWall = sandbox HIPS which limits access to registry and the ability of untrusted sources to change trusted sources (e.g. a dll implant). (EDIT To my knowledge DW does not use virtualization.

2. Some Sandboxes use to restrict registry changes by fooling the applications which rely on those changes with some sort of virtualisation (e.g. GeSWall).

3. Some Sandboxes also use file system virtualisation (SandBoxie and Bufferzone). (EDIT PowerShadow virtualises your C drive completely (where your OS in 99% of the installations is located) and can even virtualise your data drives also (drive D etc).

Applications which virtualise both the OS+file system (4) are often called virtualisation applications, like applications which also virtualise (emulate) the hardware environment (5).

Most people draw the line between sandbox and virtualisation between 3 and 4, a minority between 2 and 3.

Regards K

 

Excellent decription Kees! As I read here, all sandboxes use virtualization but not all virtualization software use sandboxing.

 

Yeah indeed. You really have to hand it to the founders sometimes because we computer buffs really find an exciting/safe bonus in this IMAGINARY virtualization technique.

Glad to see of these inventive minds developing apps like this.

Power Shadow makes a tedious and sometimes unnerving process one you can actually rest easy about.

I bet you many 98/Me/Nt/2000 users would have liked to seen this puppy available back when destructive viruses were the norm and it took little to no effort in them bringing a PC down quickly and forcing a reinstall windows scenario.

 

ADS Found In One Power Shadow Link

 

Would you mind going into more detail about this?
How does it affect those that have installed the ADS PS?

Al

 

I should not worry, Alternate Data Stream is used by PS to fool some programs when they want to execute some system files. The problem with ADS is that many malware programs also use to execute a different (the malware ap) in stead of the legimate ap.

Eample how malware uses ADS:
Example good.exe is the original name, with ADS you can fool the OS to execute bad.exe when you type in good.exe from the "excute window".

PowerShadow being a security ap, problable uses this technique in version 2.6 to capture calls to some systems program in a easy way (to enable the virtualisation). Due to the bad annotation of ADS they have problably implemented a different technique in later versions.

Most security aps (like SSM) use MD5 control to check whether the original good.exe is still the good.exe and not changed to bad.exe (the MD5 checksum would be different).

Regards K

 

So are you saying that the 2.6 download from turcows (no ADS) is not as secure as the download from the main website.

 

No, they are problably both secure. I understood that the 2.6 version contained ADS and the 2.8 version not. PS provides security which they first achieved with ADS (prblably the easy way, but also the way malware uses), later (in 2. with a more technical complex/advanced mechanisme with no negative annotation.

 

Thank you Kees 1958.

However, one member is saying that only the 2.6 download from the main website contained an ADS, while the same 2.6 from tucows (my version) did not. I am not particulartly concerned about this, just curious as to why the difference in the same version. So far I like this program for its features and stability on my system.

 

Than I really don't know an explanation for that. My son uses PowerShadow (Antivir + Cyberhawk + GeSWall Pro), because he likes to try out software (reason why he does not use SSM and SensiveGuard). He boots in normal mode and uses single shadow (only C-drive) when trying out software.

PS is a marvellous piece of software. Only thing you have to realise when using a sandbox (DefenseWall, GeSWall) is that the untrusted tag of files downloaded to your data drive get lost also, after a reboot (only for the files you downloaded when in single shadow mode). So he first downloades in normal mode, then starts up PowerShadow (so the untrusted tags of GeSWall remain after a reboot).

Regards K

 

Likewise.


Not mentioned but i might add, those who like to run Power Shadow on single-drive boxes in shadow-mode will need to copy/paste the files you might want to keep or any other downloads to a USB Flash Drive or other storage facility like DVD-CD-R/RW or even 3.5 Disc (floppy).

 

Nice tip. New for me!

 

I would say that this Power Shadow is a very valuable researcher's utility but if you also want to take your security to another level of protection you can't go wrong by running in shadow-mode.

That's because it has no effects on performance whatsoever from what i seen of it and makes no noise otherwise, except the W A V E !

Anyone have any results (either way) that they like to share since installing Power Shadow?

How does this stack up to your other Sandbox or Virtual apps, inquiring minds would like to know. LoL

 

I could comment, Easter, but you already know my feelings on PS. I think for somebody like me who does a ridiculous amount of downloading to check out various apps, it's invaluable for keeping my registry etc clean.

For people who hunt malware on dark corners of the net, I suspect it's a godsend as well.

Compared to BZ or Sandboxie, I don't know that it's any safer. I use Sandboxie most of the time, but I Feel safer with PowerShadow when I'm going to sites I've never visited before, even though they're presumed to be safe sites.

 

Hi Easter.2010:

So far so good. As advertised, it leaves no trace. I actually like sandboxie and am undecided as to whether to return to it. For my purposes, I like the fact that I can easily move back and forth from sandboxed to unsandboxed. And it never was compromised on my system. I must say, however, that my browser (k-meleon) seems faster when I enter shadow mode. I know this shouldn't happen but this is what I am seeing. Anyone else experience this or am I delusional. I know I could keep both programs but I am a bit of a minimalist and will stay with just one.

 

And Greets In Return benny bronxn

I never been able to explain that improvement either. I have installed programs before that afterwards made my own computer actually perform better, quicker with less delay.

Whatever it is that makes it possible i'm glad some of them do.

Power Shadow is a very well put together program as you already seen for yourself.

 

Nothing to say regarding possible conflicts or nuisances when running PowerShadow ,Easter 2010, its fine and smooth.
I .perhaps temporarily,changed from ProSecurity Free to Cyberhawk in my Powershadowed pc and nothing bad to note.
Like you and benny bronx i also had the non scientifically measured sensation it has become slightly faster all around, so i dont think benny is 'delusional' at all!
One thing is certain a 100%,though: pc does not hang some time anymore when closing down,but it is very fast. With the reboot -lacking to start it up and shut down saved time its about five minutes everytime!
Not bad.
I wonder what mediatic onslaught would M$ have organised if a new OS had accomplished this.

 

Folks, Could someone kindly post the installation instruction guide please so that newcomers need not scroll through 400++ threads. It helps so that nothing is missed out. Generally a quick summary. For example, Instruction guide should include: 1) Websites to download: version 2.6 with or without ADS, Version 2.8, plus the conversion to English version 2.8. 2) Legitimate s/n. 3) How to set the PS up properly i.e. what to tick and what not to. Step by step screen shots perhaps anyone? 4) How to stop the "calling home" using Firewall etc. 5) Other issue(s) that user should look out for? I have downloaded the version 2.6 with ADS from the main site but has yet to install it because I have two problems at the moment that I need to sort out. One being my AV is corrupted and secondly I need to find out if I can use AVG AS to stop it calling home i.e. disconnect the call home connection? I would like to do it but since I have not installed it yet plus I have work deadline I cannot. Cheers Chew P/s: Also I do not why my thread posting looks odd. I can't get the thread arrangement I want and it always end up in one paragraph no matter how I tried.

 

Did you ever get your AV issue resolved?

You don't use AVG AS to do that, you configure your firewall like ZA, Outpost, Comodo, Kerio, or what have ya' to stop that single one time event from recurring again.

 

Hi Easter.2010. Sorry for the late reply as I was busy trying to meet work deadline. AV got some problems for near a week but it somehow sort itself out. It was McAfee AV with errors message alone these lines. SK_det.mcs & SPAMSAFE1000 error. But it is updating properly now for whatever reason. I only use Windows firewall so can't block the dial home so not sure what else I can use to block it. Another question is PS a resource hog? As I have only 512mb RAM (the max I can install for a laptop of 6 years old) and it is getting slower each as I have other anti-malware programmes running. Cheers Chew

 

Hi chew. Welcome back.

You can easily install Kerio 2.15 to block that outgoing attempt. I'm fairly certain you can use both firewalls but i disabled XP's for Kerio 2.15 with excellent results. Sorry i don't have a ready link for you but it's posted here someplace if you use the search function, you'll find it i'm sure.

I also have an enemic 512MB RAM so the answer is to your satisfaction because Power Shadow uses very little resources on an XP Pro machine.