Powershadow Shadow System principle analysis and thorough evaluation

Note

Last week, Software News released an introductory article about Powershadow master, "Powershadow Master: Free Ghost?", the vast number of netizens gave a high degree of concern and raised a lot of questions. In order to get a more comprehensive understanding of Powershadow master, the author of "Go through the Fire", using Powershadow Master (hereinafter referred to as Powershadow) to carry out some high-risk operations, so as to test the safety of its key functions, and in-depth assessment. I hope the author's opinions can bring reference value to everyone.

Analysis of the principle of software

Powershadow will clone a partition or all partitions of the hard disk in this machine, and form a shadow called "Shadow Mode". It has the same architecture and functionality as the main system, and users can do the same thing in shadow mode. Shadow mode as the name suggests, users can arbitrarily destroy the system, while the shadow has an infinite body of resurrection. Users can be deleted files, installation test software (including rogue software, viruses), can be in the case of obvious vulnerabilities, to achieve "naked", the ultimate realization of the use of the system without leaving any traces.

Software Name:	Powershadow Master
Software version:	2.6.0511
Software size:	3.18MB
Software Authorization:	Free
Applicable platform:	Windows xp/2000/2003

After installing Powershadow, the software has several important operations: registering a Windows service, powering up a shadowtip process, and modifying the Boot.ini configuration file to enable "Normal mode" and "Shadow Mode" selections when the system is powered on. When you turn on Shadow mode, Powershadow generates a ShadowService.txt file that records the relevant information.

Powershadow can choose to protect different partitions, with a single shadow pattern and complete Shadow mode:

Two kinds of shadow modes of Powershadow

Hazard Operation Test

The use of Powershadow Shadow mode in the end can not guarantee the system of the king of the body? Believe that only practice can prove everything:

1, the deletion of documents

After starting a single shadow mode, the author deleted the C disk system partition many files (including document data, program files, Windows DLL files, system32 system files), back to normal mode, found all the deleted files restored as ever.

2. Install risk software

In order to further test security, the author in a single shadow mode installed a few online popular rogue software: Yahoo Assistant, Sogou through train, cnnic Chinese Internet tools. After installation, the image of the unrecognizable IE browser looks like two:

Figure II Internet Explorer after rogue software is installed

Back in normal mode again, my IE browser is simple as ever:

Figure three Internet Explorer back in normal mode

3, open the virus file

In a single shadow mode, the author opened a virus containing a large number of virus samples, which contains the most harmful cih virus. In the anti-virus software does not have to handle the case, the author uninstall antivirus software. Again normal mode, the result of all return to normal state, the system intact.

Figure Four opens a large number of virus files (including CIH viruses) in shadow mode

4, the Internet "naked Running"

Internet streaking is the dream of computer enthusiasts, but often because of the naked run caused a lot of system damage, had to spend time hand-handling some virus Trojan. The author uses the shadow system for up to two days of naked run trial, the result found that once back to normal state, the original system is still the same.

Finally, the author summarizes all kinds of dangerous behaviors under the shadow system in the following table:

Operation Content	Degree of harm	Dangerous consequences	Whether to protect successfully
Pruning files	High	Important files are missing, programs cannot run, and the operating system cannot start.	Is
Completion risk Software	In	IE browser hijacking, advertising, can not unload, affect the normal use, waste of system resources.	Is
Open a virus file	High	A series of unpredictable hazards such as system crashes, file loss, and slow system.	Is
Surfing the Internet "streaking"	High	Personal privacy is unsafe, hacked by rogue software, infected, hacked, and unpredictable attacks.	Is

Small comment: Visible Powershadow security is quite strong. After Shadow mode is started, only one function on the application layer is to turn off the shadow system. Therefore, programs on any application tier cannot implement attacks against Powershadow for any shadow-mode-protected files. The only way to damage the system is to start normal mode.

Resource occupancy issues

To achieve such comprehensive security, the Powershadow system requirements are not high, the resources occupied are very few:

Process analysis of FIG. Five single shadow Mode

The entire software installation, the temporary file count is only about 12MB, compared to ghost, such as the generation of G on the partition mirror is really very small. More data information, the author lists the following table:

Installation file size	3.70MB
File size after installation	12MB or so
In normal mode	Number of processes occupied	1
Amount of memory consumed	420KB
In shadow Mode	Number of processes occupied	1
Amount of memory consumed	5-8mb

Questions about editions and free

Powershadow now only the traditional version and the English version, according to the official website, simplified version will be introduced in the near future. However, there is a Chinese version of the Internet, which brings convenience to users. The most important reason for the recent popularity of Powershadow is its free strategy for Chinese users. You only need to press the following information to register for free long-term use, which is like the author of "Crack a clan" is indeed a gospel:

User name: Powershadow

Serial Number: VVR29E-R4WCK2-K4T111-V1YHTP-4JYJDD

Differences with software such as ghost, virtual machines, and restoration wizards

Like ghost, virtual machines, restore elves, and other software, Powershadow is to make the system long used as new, to avoid the problem of reloading the system and installation software. For average home users, and entry-level users, Powershadow has a great advantage:

Ghost Run files are small, but need to generate a mirrored file, and the mirrored file Gho files are a few g. Restore time is more troublesome, need a large area to rewrite the hard disk, overwriting files.

Virtual machine can also create a very good virtual environment, but with powershadow different places virtual machines occupy a lot of hard disk space and system resources.

Restore Wizard, installation settings require a certain level of computer. Some need to add hardware, and some need to set the hard disk sector used to restore the wizard, which has brought trouble with the installation.

Rating

Powershadow is quite suitable for beginners to use. The author intends to install a powershadow to the parents ' computer, eliminating the trouble of frequent home repair. Also suitable for the author such a new soft enthusiasts use, you can try a variety of new software, so as to avoid the real system to increase spam information. More suitable for those who are professional testers, at the risk of the important risk software research virus.

But Powershadow has some unsatisfactory places. After entering the shadow system, nothing can be saved. And the shadow and normal system need to reboot to switch, can not arbitrarily switch more trouble. The most important thing is that the shadow system can not be extended, the data and settings just used after the reboot is gone, and will be a new "shadow".

So the software is also has two sides, the key is its function and the needs of users is the corresponding, this is the key. If you think it's right for you, download the installer quickly.