Are there any free programs that protect your registry? I know diamond security makes a free one (i use it), but it seems kind of lacking in terms of how much it protects.

{QUOTE-> Are there any free programs that protect your registry? I know diamond security makes a free one (i use it), but it seems kind of lacking in terms of how much it protects. <-QUOTE}


Look here. http://www.wilderssecurity.com/showthread.php?t=32823
It a great thread about reg monitors. Though I don't believe it is 100% accurate, it is still about one of the best I've ever seen on the subject.

you can get "registryprot" from "diamondcs"..

http://www.diamondcs.com.au/index.php?page=regprot

i used it up until recently when i started using "regdefend".

Regprot is very old . Does a decent job but , look elsewhere . RD is much better but , it does cost . Try the link that look_here posted .

I used to use WinPatrol, but I changed to Arovax Shield, because WP use to much cpu...

Both aren't perfect, but for me are sufficient... ;)

All the freebies are pollers. By far the best of these (IMO) is MJRegistryWatcher (http://www.jacobsm.com/mjsoft.htm#rgwtchr), as discussed at length on THIS (http://www.wilderssecurity.com/showthread.php?t=54666) Wilder's thread. Reasons for saying it's the best freebie are...

1) RegWatcher's programmer is a Wilders member & responds to support requests/questions on the thread linked above.

2) RW uses "kill first, then ask." That is, RW kills changes upon detection, & doesn't reinstate them until the user says so. Other pollers use -- "ask first, then kill." Thus, with RW a nasty has a bit less time to re-boot the OS or do some other evil thing before getting snagged.

3) Unlike Arovax & WinPatrol, RW monitors MANY more *sensitive* registry items. Moreover, RW is fully configurable both as to which items to monitor AND as to polling frequency. Polling interval can be set anywhere from *constant patrol* to several minutes between cycles.

Of course, if you are a high risk user, I recommend you to pay for Regdefender's extra protection (hook based) -- check it out in Ghost's forum right here at Wilders.

thanks for all your advice, but just a quick question. has any exploit actually managed to fool a poller but not a hook program (regdefend)?

The problem with a poller, is that the data is already in the registry
before it is detected.

A tool like RegDefend works on kernel level, and can stop a
registry change BEFORE it happens.

Try Winpooch. Or cyberhawk security guard, both can block registry changes without polling. I think GESwall and Coreforce do so too.

Thanks, winpooch looks really interesting (hooks just like regdefend?). I tried cyberhawk, but for some reason after the install (i even restarted), nothign would happen when i clicked on any of the tabes (like rule setting).

{QUOTE-> I tried cyberhawk, but for some reason after the install (i even restarted), nothign would happen when i clicked on any of the tabes (like rule setting). <-QUOTE}

I think the GUI is Html, and needs to run mshtml.exe, or something similar (I don't exactly remember, and I've no logs anymore): if it's blocked for some reason on your pc, it could explain that? ???

Cheers,
nicM

I don't see why mshtml would be blocked on my pc for any reason, and i had problems with winpooch too (wouldn't even load a gui, the splash screen stayed on screen too). any specific services cyberhawk needs?

first time i ran winppoch i set debug previleges and my machine locked up when i closed it and then reopended it. had to restart.. is it safe to use deg previleges?

{QUOTE-> I think the GUI is Html, and needs to run mshtml.exe, or something similar (I don't exactly remember, and I've no logs anymore): if it's blocked for some reason on your pc, it could explain that? ???

Cheers,
nicM <-QUOTE}
I think that it is mshta.exe which is blocked, according to my logs...
Cheers

Thanks Heco ;) , I didn't remember and couldn't check because my logs are gone.

nic