Panda AntiRootkit Official Release

[Humpty]

Another free anti-rootkit that I am about try.

Panda AR

[rridgely]

I don't have anything to test it on at the moment, but its pretty.

I like the fact it searches for updates and that like most of the other rootkits programs I've tried it doesn't need to be installed. Other than that, meh.

How many of these things do we need? I think every major AV vendor has released one by now.

[Humpty]

Tried it out.Seems OK and scans pretty quick.Nothing found.

 

I didn't try the the reboot scan as a restart is no good here whilst in shadow mode.

[rridgely]

Tried it out.Seems OK and scans pretty quick.Nothing found.

 

I didn't try the the reboot scan as a restart is no good here whilst in shadow mode.

 

What exactly is "shadow mode". I know your using that power shadow program, but what exactly does that mean?

When you reboot is your computer put back exactly the way it was before you went into shadow mode? Also, is it not frustrating to have to reboot to go in and out of it? I think I'm missing the point.

[Humpty]

With PowerShadow you can go into shadowmode without a reboot but a reboot is needed to get back into windows.

 

There a few discussions going on over at Wilders about it with the original thread hitting near on 700 posts.

Latest Wilders discussion

 

Trust me rridgely, PowerShadow once you learn all the foibles is something special.

 

A free version was easily available a while back but it looks like that may have changed.

[rridgely]

A brief summery please? Or at least a link to a post that explains what exactly it does would be appreciated.

That forum gives me a head ache. The people there straight up admit they don't know what it does, but yet they praise it. How do they even know its doing anything at all?

 

I understand that its sort of like sandboxie in that it will revert back all of the changes that were made while in "shadow mode", but from what I gather it puts your whole computer like that. So what if I download say a podcast and want to listen, but I have to leave for a while. If I restart my computer back to normal mode will that file still be there? Is there a special folder or something where your files wont be deleted? Or do I have completely the wrong idea on how exactly the program works?

 

I've read a few posts on the topic, but if that program works the way I think it does, it could potentially be the most annoying thing ever.

[Humpty]

What is PowerShadow software?

 

PowerShadow is more than instant restoration software. It's a revolutionary approach to integrity protection. PowerShadow virtualizes your hard drive into a disposable session. Computer equipped with this virtualized hard drive is just the same as your original one WITHOUT performance loss. You can do anything you like on this computer, but everything you do is completely isolated from the original hard disk. End this session with a reboot and all modifications will be gone. Your hard disk will return to the very intact status.

PowerShadow is bulletproof. Shall I uninstall other security software?

 

PowerShadow only protects your original hard drive from intrusion, but it won't protect your virtualized hard drive. We don't recommend uninstallation of other security software, especially for beginners. If you are an advanced user, you can tailor a brand new security solution.

PowerShadow FAQ's

[rridgely]

So, when you reboot everything is gone.

Does this not drive you nuts? If I download something I want then I want it to be there when I reboot. I understand how this could be great security but to me it doesn't sound worth the agrivation.

 

Do you run this thing all the time?

[login123]

I tried the PandaScanna with a reboot, runs pretty quick, little over a minute. Nothing found. Looks good. Thanks for the link. Question. . .is there a "test rootkit", like the EICAR test virus, available?

[Humpty]

So, when you reboot everything is gone.

Does this not drive you nuts? If I download something I want then I want it to be there when I reboot. I understand how this could be great security but to me it doesn't sound worth the agrivation.

 

Do you run this thing all the time?

You can save whatever you like to a different partition, CD or usb stick from shadow mode.

 

I boot into windows, do anything I need to stick,make a ghost image etc then go into shadow for general surfing.

 

Using Powershadow you could ask a Hijackthis log poster for the link or app that got them infected,take a snapshot with Zsoft then execute the malware and this should just about show every where it hooks itself.

 

Once your done analysing, reboot and it's as if it never existed.

 

Also great for testing any apps that don't require a reboot.I'm sure we've all seen an app that you know is crappy but you still wouldn't mind trying it and you don't want all those left over reg entries hanging around after an uninstall.

 

PowerShadow allows this with no traces remaining at all.

 

Also when I do the odd online scan with Kav in shadowmode, which always come up clean, not a trace remains after a reboot so no "scan expired" message.

 

@Login123, there may be a test rootkit around but I haven't heard of one as yet.

[DennisD]

So, when you reboot everything is gone.

Does this not drive you nuts? If I download something I want then I want it to be there when I reboot. I understand how this could be great security but to me it doesn't sound worth the agrivation.

 

Do you run this thing all the time?

 

I've been using Power Shadow since I obtained the free version posted by Humpty ages ago, and I find it absolutely fantastic for trying new software.

 

I download the Installation Package before activating Power Shadow, then obviously activate PS and install the new software.

 

If I don't like the new whatever, I just reboot, and every trace of the new program is gone.

 

With Total Uninstall or Zsoft Uninstaller, I can always find stuff left, either in program files or the registry, or both. In fact yesterday I downloaded and installed Sunbelt Kerio firewall, tracking the install with Zsoft. I should have followed my usual method, (Power Shadow), but as I got the link from a thread, I took the chance and used Zsoft.

 

I mistakenly downloaded the latest version of Kerio, which is 30 day trial.

 

Uninstalled with Zsoft, after which I found the Icon still in the system tray, and the Kerio Firewall still in place.

 

Had to reboot to get rid, but still found Sunbelt folder in program files, and entries in the registry.

 

Now that is aggravation.

 

When using Power Shadow, I have never been able to find a trace of anything, either in Program Files, Windows, the Registry or the annoying icons usually left in the system tray.

 

Rebooting is far quicker and easier than having to manually get rid of stuff left by installation trackers, and I'm still puzzled by the fact that Symantec Security Centre is telling me that Sunbelt Kerio Firewall is active, when in fact I only have Windows Firewall running. Do I need Symantec Security Centre?

 

Power Shadow is possibly the only program I would happily pay for if I didn't have this free registered version.

 

If you want to surf the web in Shadow mode, you can save stuff to a 2nd hard drive, or a mem stick.

 

I always have a 1gb mem stick in place for that reason.

 

How exactly does it work?

 

When I boot my computer, the screen that appears momentarily says:-

 

Windows XP Home Edition

Windows Recovery Console

 

Under this I have extra lines:-

 

Windows XP Home Edition Single Shadow Mode

Windows XP Home Edition Full Shadow Mode

 

So Power Shadow is simply installing on to a virtual drive, a partition seperate from your Operating System. It needs something like 256mb to operate. When you reboot, everything is gone because it was never written to the Shadow protected part of your hard drive in the first place. (I hope that makes sense, I'm trying here).

 

If the newly installed software is something I want to keep, then it is no hassle at all to reboot and install as normal with the Installation Package I downloaded before entering Shadow Mode.

 

Single Shadow Mode is protective cover of your O.S.

Full Shadow Mode is protective cover for all available drives and partitions.

 

I'm posting this with a wee bit of trepidation, because I have very limited technical knowledge, and I might not be explaining this very well, so just be a tad polite with any criticism.

 

The main thing is that this program does its thing every time without exception. Wouldn't be without it.

[Madmartigan]

Thanks for the info Dennis. You can still get the free version of PowerShadow version2.6. I got it today, but I'm not doing anything with it yet. You can get the activation code over at Wilders. The guy who posted it said that the activation code was still on the PowerShadow site. I can't read Chinese and my computer isn't set up to read that text either, so who knows. I didn't know if it was alright to link to the Wilders forum, so I didn't post it. If it is, I or someone else can link to it if anyone is interested.

[login123]

I'm posting this with a wee bit of trepidation, because I have very limited technical knowledge, and I might not be explaining this very well, so just be a tad polite with any criticism.

 

I think it is a great explanation. . .I actually understand it. Very Pleasant.

[rridgely]

Its perfectly ok to link to other forums.

 

I get what you like about it dennis. Your basically just using it as a virtual pc to test software. Great idea, but there are other softwares out there that do it as well.

 

What I'm looking at this from is a security standpoint(and a convenience one as well. ). For it to be "bullet proof" like the author claims and all the users on wilders are saying it would have to be used all the time. Otherwise when someone booted their pc up without it, its not doing any good. But it seems to me that if you had to use it all the time, you could never save any of your data unless you have an extenernal drive or another partition to save too.(it would just be a hassle)

 

So I guess this is good if your planning to boot this up and do stuff that you normally wouldn't because of viruses,(not accusing you of anything I swear. ) but for general every day use I just dont see it.

 

I'm not nocking it believe me. I would love for there to truely be a "bullet proof" way to secure a pc, but this seems only suited for a select group of people.

[DennisD]

Thanks for the info Dennis. You can still get the free version of PowerShadow version2.6. I got it today, but I'm not doing anything with it yet. You can get the activation code over at Wilders. The guy who posted it said that the activation code was still on the PowerShadow site. I can't read Chinese and my computer isn't set up to read that text either, so who knows. I didn't know if it was alright to link to the Wilders forum, so I didn't post it. If it is, I or someone else can link to it if anyone is interested.

 

You can get a lot of info from this thread started by Humpty some time ago.

 

The free version mentioned, 2.82 is still available from the link mentioned.

 

I've just downloaded the zip file, virus checked it and explored it, and it is the English version with a read me file.

 

Haven't taken it any further because I already have it installed, but read that entire thread, as I made some cockups when I first tried it.

 

Hope this helps.

[Madmartigan]

Thanks rridgely!

 

You have to download the Powershadow2.6 trial from http://www.tucows.com/preview/400832

as the link on the Powershadow site did not work. The free registeration code is

User: PowerShadow s/n: VVR29E-R4WCK2-K4T111-V1YHTP-4JYJDD After you type it in the register section, exit Powershadow and open it again. It will change from 30 day trial to 2.6 registered version!

 

 

EDIT:

 

Dennis, you beat me to it, and I didn't even know I could get a later version. Thanks

[DennisD]

I get what you like about it dennis. Your basically just using it as a virtual pc to test software. Great idea, but there are other softwares out there that do it as well.

 

Exactly. Not interested in this bullet proof idea. I use security software for security.

 

The best way to use this, is to be selective, and use it when you feel the need. And my need is for trying out new stuff, and know that I won't have to manually finish off an uninstall by going into the registry etc.

 

If there is other software available (and free), it would have to be better than Power Shadow to even think of changing, and I can't see how this can be bettered.

 

Anyway, you know what they say, if it ain't broke, don't fix it, and this works for me.

[Humpty]

With version 2.82 all you needed to register was enter a name and email address.Or at least that's how it was when I first used it.

 

Just hope everyone can get it registered as things may have changed owing to the increasing popularity of PowerShadow.

 

What a great app it is.I've even installed on my two elder kid's and several other pc's and they're using it without a prob.

 

And even if they forget to go into shadowmode before going on the net, FF kicks in through Sandboxie which is another great little app.

 

Sure these apps may take a bit of getting used to but it's worth it considering what they offer.

[DennisD]

Sandboxie? Did a google search and found free trial versions only. Unless you know different.

[Madmartigan]

With version 2.82 all you needed to register was enter a name and email address.Or at least that's how it was when I first used it.

 

Just hope everyone can get it registered as things may have changed owing to the increasing popularity of PowerShadow.

 

Yes, I just updated to the current version. After you convert it to the English version, all it takes is a name and an email address. I'm gonna give it a try and see what it's like.

 

 

Sandboxie? Did a google search and found free trial versions only. Unless you know different.

 

 

Dennis per the Sandboxie-Front Page

 

Sandboxie is free so you really don't have to look around for an alternative. If you find it makes your Web experience that much safer, you are encouraged to register the program for a small fee.

 

So I guess that is it??

[Humpty]

Sandboxie is free with a nag screen after 30 days.Been using it since around version 1.7 .

Sandboxie FAQs

[DennisD]

Thanks for that, a good explanation on that link as to how it works as well.

 

Just out of interest, if you acquired both Power Shadow and Sandboxie at the same time (humour me here), which one would you install and run first, before you checked the other one?

 

Chicken and the egg isn't it.