Protecting the Registry

Having problems with RegProt here too - though different problems I'm guessing. I could be an idiot (could be?) but it doesn't sem to be working properly in the Power User account.

Disabled SSM a couple of days ago, switched to RegProt yesterday, now what?

 

So Notageek, your using nothing to protect the registry? I guess that doesn't concern you? Maybe I shouldn't be concerned either. I am using PG (for now). Maybe that is enough.

 

The type of protection I'm really interested in would fall into catetory 3 above (nice post Hojtsy). It sounds as if SSM, RP, RR, and GRR meet this criteria. Already discarded RP (died a slow death). Waiting on Opti's evaluation of SSM. WilliamP is also running a test on GRR - looking forward to his conclusions there. Lots of positive comments here about RR, but kind of pricey. What'a girl to do??

 

I was concerned about my registry at one time (not so long ago) but now I'm not so worried about my registry. I do want to know what's using my registry but I aslo make sure I know what I'm installing. I read everything about the program I'm going to install. But on my other system I will not. Like take weatherbug for instance. I installed it on my other machine to check out what kind of trash it really put out there. I am in no way of saying you should not be concerned about your registry. That is a personal choice. I'm just saying what I have running. Maybe someday I will use one. I tried out GRR and didn't like it much so I ruled that out.

 

DCS RegProt, Teatimer and SSM are pollers (category 1). I don't know for sure about GRR and RegRun, but I suspect they are pollers too! The only proxy I know of is Process Guard but it protects only a single registry key (APPINIT_DLL), and blocks modification withouth dialogs. We would need the technology built into PG with more keys, and control.
-hojtsy-

 

Hojtsy - I have sed RP, and it does ask prior to allowing certain registry entries. Are you sure it's a poller?

 

How do you mean prior? Just check the registry with regedit while the RegProt dialog is displayed! The change is already there! RegProt just offers to undo the value to the previously stored one. The wording of RegProt dialog boxes may be confusing you. By the way it is also quite easy to identify a poller with the software Sysinternals RegMon which displays the repeating registry read operations real-time. So I am quite sure RP is a poller.
-hojtsy-

 

Thanks, Hojtsy. I can't remember exactly what the dialog box said (the app caused too many problems and I'm not using it anymore). You might be right, but it sure gave me the impression it was asking for my permission to allow the entry.

 

The same oversimplification goes for other pollers too. They love to confuse undoing with denial.
-hojtsy-

 

Another thing is that the registry is protected for the installation of new progs,
that you perhaps don't want to install.

But adding data to excisting registry keys, like 2 GIG to a key,
is still allowed, and can still corrupt your registry.

That is what happened to one of my servers here.