What is the best program to protect the registry? To tell the truth, I'm not sure I need anything as I have TDS3 ,NOD32,and Process Guard. I just want to be sure I have all my bases covered. Thank you.

{QUOTE-> What is the best program to protect the registry? To tell the truth, I'm not sure I need anything as I have TDS3 ,NOD32,and Process Guard. I just want to be sure I have all my bases covered. Thank you. <-QUOTE}
Excellent question, WillimaP. I use DCS RegProtect, but I'm not too confident it does a good job. It only seems to alert me when certain apps try to change the registry. When I install a new program, or upgrade, it stays silent, and I know things in the registry are changing.

I've also used RegShot (http://www.pcworld.com/downloads/file_description/0,fid,19540,00.asp). It allows yout to take a snapshot before and after, and tt does a really good job of telling you what has changed, but it's not real-time protection.

I down loaded Regprot a while back and tried it. A couple of days later I started having serious problems. I can't say for sure but I did a System Restore to straighten out the mess. I,m not sure Regprot had anything to do with it, but things had been running so good for so long,then all of a sudden the problems. I removed Regprot and all is well.

{QUOTE-> I down loaded Regprot a while back and tried it. A couple of days later I started having serious problems. <-QUOTE}

WP,

Sorry to hear about your experience with RegProtect. I've not had any problems with it, but a the same time I'm too sure it's doing a good job of protecting my registry.

If your looking for a good registry cleaner, you can't beat JV16 Power Tools (http://www.jv16.org/). They also have a less expensive stand along registry cleaner that's OK as well. I've found JV16 to be MUCH better at cleaning than any of the freeware apps.

If you want a good registry monitoring app, try REGMON (http://www.sysinternals.com/ntw2k/source/regmon.shtml). It allows real-time monitoring of the registry, but it's not really what I would call a security tool.

I just tried Regmon and I wasn't real pleased. I knew it wasn't a security program. I just wanted to learn something. It didn't seem to want to behave. It could be that I didn't know how to work with it. I couldn't get it stop logging.

{QUOTE-> I couldn't get it stop logging. <-QUOTE}
Yeah - It's amazing how often (and incessently) things are being read from / written to the registry! :o

{QUOTE-> What is the best program to protect the registry? <-QUOTE}
Hopefully someone will suggest a superior PROTECTION app for the registry. I assume you are looking for an app that will warn you when something is attempting to change the registry (I sure am). At this point, the only one I'm familiar with is RegProtect, and we've already been down that road.

What about System Safety Monitor? It has a good Registry monitor/protector in it. The program has other uses as well. And it's free. Pick it up here: http://maxcomputing.narod.ru/ssme.html?lang=en But i think it's a faster download here: http://www.snapfiles.com/get/systemsafety.html

{QUOTE-> What about System Safety Monitor? It has a good Registry monitor/protector in it. The program has other uses as well. And it's free. Pick it up here: http://maxcomputing.narod.ru/ssme.html?lang=en But i think it's a faster download here: http://www.snapfiles.com/get/systemsafety.html <-QUOTE}
Yes. :) Good thread here (http://www.wilderssecurity.com/showthread.php?t=31723) regarding that app and it's competitors.

Here's a couple other registry monitor programs:

1. Active registry Monitor (i think, not sure if there's a free version, you'll have to look into it) http://www.protect-me.com/arm/download.html

2. Greyware Registry Rearguard aka GRR (costs $25.) http://www.greyware.com/software/grr

Hope these help.

How do you get the registry protection with SSM without downloading SSM. I had run SSM in the recent past but changed to Abtrusion Protector. I liked AP a lot better. Now I have Process Guard for Execution Protection. Please help.

WilliamP,

In the beginnning, I tried / used various registry protection programs to keep unwanted apps from installing themselves, and to keep malware from modifying the registry. As you saw from viewing RegMon, there are sooo many changes made to the registry by 'good' programs, I would think it would be almost impossible to keep up with approving / disapproving all changes requested. Therefore, I'm wondering if the execution protection afforded by SSM or AP or PG isn't enough? What more could we possibly need? Just wondering out loud...???

That is a valid question. I wonder the same thing. I'm looking at Grr! right now. It will take some checking to see if there has been any problems. I am not knowledgable enough to know if it is needed in addition to my other security. I certainly don't want to mess up my system now.

{QUOTE-> ...I have TDS3 ,NOD32,and Process Guard. I just want to be sure I have all my bases covered.. <-QUOTE}
I understand completely about not wanting to mess up your system. Catchy name, thouogh (Grr). Please let me know what you find out about it. I sure wish someone from DCS would comment about their product (RegProtect). And if anyone could comment on what vunerabilities still exist (as far as the registry is concerned) with the software you (myself included) are currently running

The Greyware Registry Rearguard website is really informative. The program looks good but so far I haven't found out anything from anyone who has used it. It can be tried free. Why don't you just jump in there!

I've used Grr! in the past, but switched to RegRun (Gold) a couple of years ago. Works very well with PG and BOClean. I highly recommend it.

http://www.greatis.com/regrun3.htm

Nick

{QUOTE-> ...lIt can be tried free. Why don't you just jump in there! <-QUOTE}
Will,

I've got so many apps running already, my system tray takes up half of the screen! :o To that I've just added a trial run of PG this morning - I'll probably wind up getting the full version before long (I like it!). Before I add yet another appy, I sure would like to know how bad I need it. Especially one that is constantly running in the background, if you know what I mean. ::)

Nick s , why did you drop Grr and go with Reg Run Gold?

Hi WilliamP

I have Process Guard too, and I wonder whether Grr can provide any additional REgistry protection. Are you experimenting Grr? If so, I would like to know your impressions about it.
Regards
Rui

When XP first came out, Grr! was not fully compatible (at least on my systems). The developers were not able to provide a fix that worked before my license expired, even though they acknowledged that there was a problem. I started looking at alternatives and went with RegRun. Registry protection is only one of RegRun's features, whereas Grr! only protects the registry. Take a look at the feature list here:

http://www.greatis.com/regrun3detail.htm

Nick

Let's divide registry protection software into three categories:
1) Poller: It polls the registry periodically and compare with old values.
2) Listener: It detects registry modification immediately after it was made, triggered by the change.
3) Proxy: It intercepts registry modification attempts while they are made, and offer protection or confirmation dialogs even before the change entered the registry.

My problem is that registry protection software usually do not state which category they belong to. I suspect that is because most of them belong to the weakest Poller category. Can somebody more knowledgable than me please put the above mentioned softwares into one of these categories I listed ??

-hojtsy-

Hojtsy, from what I can read on the Grr web site it fits into last catagory. It stops a change and gives the opportunity to ok or deny the change. I would guess its a proxy. Their web site gives a lot of info.

{QUOTE-> Let's divide registry protection software into three categories:
1) Poller: It polls the registry periodically and compare with old values.
2) Listener: It detects registry modification immediately after it was made, triggered by the change.
3) Proxy: It intercepts registry modification attempts while they are made, and offer protection or confirmation dialogs even before the change entered the registry.- <-QUOTE}
Hojtsy - Very well spoken. ;) While not a "Registry Protector" per se, doesn't Process Guard help to protect the registry by stopping unwanted programs before they load/execute. So, if you stop all unwanted programs, would it follow that you then stop all unwanted registry changes? ???

Hi, Dazed_and_Confused

Good Question.

{QUOTE-> While not a "Registry Protector" per se, doesn't Process Guard help to protect the registry by stopping unwanted programs before they load/execute. So, if you stop all unwanted programs, would it follow that you then stop all unwanted registry changes? <-QUOTE}

You should ask that on Process Guard Forum, I would ask it there myself but as it your Quote and Post I feel you have first right.

With Regards,
TheQuest 8)

Quest,I asked the question on the PG forum and sofar have not gotten an answer. I sure would love to get some answers.

I tried using the reg monitor in SSM and I didn't care for it much. I like SSM as an application firewall but I don't think the reg monitor is all that good. I have been searching for a good reg monitor for awhile now and couldn't find one I like.

WilliamP I'm sure someone over at the PG forum when they get time. :)

{QUOTE-> Quest,I asked the question on the PG forum and sofar have not gotten an answer. I sure would love to get some answers. <-QUOTE}
Will,

I think we've exhausted our options regarding finding new/better apps specifically designed to protect the registry. Again, let me know what you think about GRR. If resource usage is minimal, I may add it to my "portfolio". :D

I saw your post on the PG forum. Good thinking. I'm heading that way too.

{QUOTE-> I have been searching for a good reg monitor for awhile now and couldn't find one I like. <-QUOTE}
Notageek, hello!

Have you tried using the DCS freebie called RegistryProt? If so, I would like to know what you think about it. If not, give it a try.

I tried it. I liked it when I used it on my win98 computer but when I got XP it didn't work well on my xp so I dropped it. It froze my computer.

Let me put it this way. Maybe RegistryProt didn't play alone with another program I had running nat the time and the 2 programs go into a fight and froze my computer. But after I stopped using RegistryProt my computer didn't freeze again.

Notageek, I had a similar problem while using Reg prot. I had to do a system restore and remove Regprot. The problem went away so I guess it was Reg prot. Check out Grr. Their web site is very informative. http://www.greyware.com/software/grr/

Hi,

Just a strictly personal opinion ;)

First of all, please note that I'm still on W 98 SE.
So I cannot run programs like Process Guard or TinyTroyanTrap.
Be assured that I would love to try using ProcessGuard from DiamondCS.
From what I've understand, it is top.

In the past I've used RegProt from DiamondCS.
I'm really sorry to say it, but it gave me much too much problems.
I went to RegRun Gold. An absolutely excellent program !!!
I would recommand it to everyone.
Use it (if you can) together with ProcessGuard and a file-integrity-checker (yeah, I know, it's me again LOL ;) ).
I fully admit that I am not the greatest expert on the registry.
There are here some experts on RegRun like for example Wizard, Mickey, and several others. I'll try to ask some of them to give you their opinion.

Thanks WilliamP. I'm on my way over to chack out Grr. I'll let you know how I like it. I have become really picky when it comes to using programs on my computer. :)

Here is an interesting link on Regrun gold you may want to check out http://www.wilderssecurity.com/regrungold.html it gets a five star rating at Wilders.

Strongarm ,a lot of people have recommended RegRun Gold, and I have looked at it. It is kind of expensive for what I am looking for. It seems to have a lot of features that I don't think I would use, or know how to use. ???

Just tryin' to help m8. But GRR looks like a good app too if all yer lookin' 4 is reg protection. Hope it works out 4 ya.

I use RegRun since ages. The biggest advantage of RegRun compared to other programs is that you also can define additional registry keys to be monitored. This means once a new start-method is found in the registry you can update the program on your own.

Also this gives some flexibility in monitoring the registry values for other security apps as well.

Besides that RegRun covers all common start methods and some real exotic ones used by some backdoor trojans. Especially in regards to those exotic methods RegRun is IMHO one of the best programs available.

wizard

Hi Wizard, Thank you for your post. Regrun Gold looks like it is rather complicated and has a lot of features I wouldn't use. The program Grr also allows you to customize the files and such that you want to keep an eye on. I'm still not sure that I need the additional protection. ???

{QUOTE-> I'm still not sure that I need the additional protection. ??? <-QUOTE}
William - I agree. Still unsure if the extra app is needed. In the PG forum somone who seemed knowledgeable I believe implied it wasn't, unless the user allows PG to let malware run.

{QUOTE-> I use RegRun since ages. The biggest advantage of RegRun compared to other programs is that you also can define additional registry keys to be monitored. This means once a new start-method is found in the registry you can update the program on your own.

wizard <-QUOTE}

You can do that in SSM too. I'm amazed most other programs dont offer this.

D and C, I read it the same way you do. I certainly hope they are correct. I seem to remember reading about some type of baddy that could get in , but I'm not sure. It would have to get to the registry with out executing. I don't know if that is possible! ???

{QUOTE-> It would have to get to the registry with out executing. I don't know if that is possible! <-QUOTE}
I would sure feel better about DCS RegistryProt if I understood how it works. It always warns me when a program that is already running tries to write data to the registry, but it never warns me when I'm installing a new app.

The problem with Regprot is it stinks. It only monitors certain areas of the registry and doesn't work well against newer trojans. It's kinda like putting a band-aid on a broken arm.

{QUOTE-> The problem with Regprot is it stinks. It only monitors certain areas of the registry and doesn't work well against newer trojans. It's kinda like putting a band-aid on a broken arm. <-QUOTE}
DrDetroit - Do you have any details to back up that broad claim? I've found DCS' other products to work very well, and I'm surprised to hear they would offer a product that's half-baked. What areas of the registry doesn't it protect? Why would they design it that way?

Here's what you need to do Dazed. Goto the Diamondcs homepage. Scroll down to the bottom of the page. Click on 'contact us' And you can then ask them why Regprot is so out of date. And why newer trojans are so easily able to bypass it. And which reg keys exactly it monitors. They will help you far greater than i ever could. Good luck.

RegRun is a must app as far as i'm concerned

Dazed,
A list of some open holes left in the registry by DCS regprot is found in the thread http://www.wilderssecurity.com/showthread.php?t=32823
-hojtsy-

{QUOTE-> A list of some open holes left in the registry by DCS regprot is found in the thread http://www.wilderssecurity.com/showthread.php?t=32823
-hojtsy- <-QUOTE}
Thanks hojtsy!. I'll check it out!

Just had to disable DCS RegProtect. Started causing problems on my PC, as others have posted here. Every time I installed protection, computer would run very slow. ProcessExplorer indicated that RP was constantly using large amounts of resources and CPU time. My CPU meter was constantly pegged at 100% Things back to normal after disabling. Very disappointed. Now only registry protection I have is DCS PG (if you want to call that registry protection). Not a happy camper today. >:(

Sorry to hear about that. I had problems with RegProt also on my XP. RegProt made my computer freeze up. So I stopped using it and now I don't use a reg monitoring program like RegProt any more. I use Startup Monitor and SSM (with the reg the reg monitor turned off). I know winsonar has a reg monitor built in but I don't how good it works.

Having problems with RegProt here too - though different problems I'm guessing. I could be an idiot (could be?) but it doesn't sem to be working properly in the Power User account.

Disabled SSM a couple of days ago, switched to RegProt yesterday, now what? >:(

{QUOTE-> I use Startup Monitor and SSM (with the reg the reg monitor turned off). <-QUOTE}
So Notageek, your using nothing to protect the registry? I guess that doesn't concern you? Maybe I shouldn't be concerned either. I am using PG (for now). Maybe that is enough.

{QUOTE-> Let's divide registry protection software into three categories:

1) Poller: It polls the registry periodically and compare with old values.
2) Listener: It detects registry modification immediately after it was made, triggered by the change.
3) Proxy: It intercepts registry modification attempts while they are made, and offer protection or confirmation dialogs even before the change entered the registry. <-QUOTE}
The type of protection I'm really interested in would fall into catetory 3 above (nice post Hojtsy). It sounds as if SSM, RP, RR, and GRR meet this criteria. Already discarded RP (died a slow death). Waiting on Opti's evaluation of SSM. WilliamP is also running a test on GRR - looking forward to his conclusions there. Lots of positive comments here about RR, but kind of pricey. What'a girl to do?? :)

I was concerned about my registry at one time (not so long ago) but now I'm not so worried about my registry. I do want to know what's using my registry but I aslo make sure I know what I'm installing. I read everything about the program I'm going to install. But on my other system I will not. Like take weatherbug for instance. I installed it on my other machine to check out what kind of trash it really put out there. I am in no way of saying you should not be concerned about your registry. That is a personal choice. :) I'm just saying what I have running. Maybe someday I will use one. I tried out GRR and didn't like it much so I ruled that out.

{QUOTE->
Let's divide registry protection software into three categories:

1) Poller: It polls the registry periodically and compare with old values.
2) Listener: It detects registry modification immediately after it was made, triggered by the change.
3) Proxy: It intercepts registry modification attempts while they are made, and offer protection or confirmation dialogs even before the change entered the registry. <-QUOTE}
{QUOTE-> The type of protection I'm really interested in would fall into catetory 3 above (nice post Hojtsy). It sounds as if SSM, RP, RR, and GRR meet this criteria. Already discarded RP (died a slow death). Waiting on Opti's evaluation of SSM. WilliamP is also running a test on GRR - looking forward to his conclusions there. Lots of positive comments here about RR, but kind of pricey. What'a girl to do?? :) <-QUOTE}
DCS RegProt, Teatimer and SSM are pollers (category 1). I don't know for sure about GRR and RegRun, but I suspect they are pollers too! The only proxy I know of is Process Guard but it protects only a single registry key (APPINIT_DLL), and blocks modification withouth dialogs. We would need the technology built into PG with more keys, and control.
-hojtsy-

{QUOTE-> DCS RegProt, Teatimer and SSM are pollers (category 1). <-QUOTE}
Hojtsy - I have sed RP, and it does ask prior to allowing certain registry entries. Are you sure it's a poller?

{QUOTE-> Hojtsy - I have used RP, and it does ask prior to allowing certain registry entries. Are you sure it's a poller? <-QUOTE}
How do you mean prior? Just check the registry with regedit while the RegProt dialog is displayed! The change is already there! RegProt just offers to undo the value to the previously stored one. The wording of RegProt dialog boxes may be confusing you. By the way it is also quite easy to identify a poller with the software Sysinternals RegMon which displays the repeating registry read operations real-time. So I am quite sure RP is a poller.
-hojtsy-

{QUOTE-> How do you mean prior? Just check the registry with regedit while the RegProt dialog is displayed! <-QUOTE}
Thanks, Hojtsy. I can't remember exactly what the dialog box said (the app caused too many problems and I'm not using it anymore). You might be right, but it sure gave me the impression it was asking for my permission to allow the entry.

{QUOTE-> Thanks, Hojtsy. I can't remember exactly what the dialog box said (the app caused too many problems and I'm not using it anymore). You might be right, but it sure gave me the impression it was asking for my permission to allow the entry. <-QUOTE}
The same oversimplification goes for other pollers too. They love to confuse undoing with denial.
-hojtsy-

Another thing is that the registry is protected for the installation of new progs,
that you perhaps don't want to install.

But adding data to excisting registry keys, like 2 GIG to a key,
is still allowed, and can still corrupt your registry.

That is what happened to one of my servers here.