WinPatrol 18 w/ custom Registry Lock

WinPatrol 18 release with custom Registry Lock is in the works.

http://billpstudios.blogspot.com/

 

Well that would be great, here is my ACL list of the Registry user space

HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe
HKEY_CURRENT_USER\Control Panel\don't load\
HKEY_CURRENT_USER\Software\Classes\*\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers\
HKEY_CURRENT_USER\Software\Classes\Directory\shellex\DragDropHandlers\
HKEY_CURRENT_USER\Software\Classes\Directory\shellex\PropertySheetHandlers\
HKEY_CURRENT_USER\Software\Classes\Drive\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command\
HKEY_CURRENT_USER\Software\Classes\Folder\shellex\ColumnHandlers\
HKEY_CURRENT_USER\Software\Classes\Folder\shellex\ContextMenuHandlers\
HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\Autorun
HKEY_CURRENT_USER\Software\Microsoft\Ctf\LangBarAddin\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FormSuggest PW Ask
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\fileexts\.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RistrictRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Network\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Programs
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\shell
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logon\
HKEY_CURRENT_USER\Identities\*\Software\Microsoft\Outlook Express\*\Signatures\
HKEY_CURRENT_USER\Identities\{536E6C55-2473-4FBF-B890-7CEDE687689F}\Software\Microsoft\Outlook Express\5.0\signatures
Plus this one (replace * with actual values in Registry)


Ask Bill whether he can incliude them

Regards Kees

 

I have been watching the Winpatrol Twitter waiting to see when this beta is going to be released, it looks like it has some awesome changes

 

I'm sure your contributions will be much appreciated, but don't tell us, tell him.

Cheers

 

Will the registry lock feature be available only in the Plus version or will it be available in the free version?

 

According to Bill's blog (link in post #1) it will be for the plus version only.

 

sounds great, I can't wait.

 

Just bought it and allready trying to meet my standards!

 

Hats off to Bill P. for adding this feature!
Another reason why he's one of my favorite developers.

 

Haha,

I bought a Plus lisence to support him in the past. I asked him when WinPatrol monitors registry changes (in the startup protection), why not provide this as a seperate mechansime/extra option (you allready programmed it).

He allready considered that (so definitely not my idea ), but told me that the only option in which users could manage the guard list was the cookie monitor. This option had provided some problems in the past, so he really was making up his mind whether to keep WinPatrol a simple no user scope protection program or provide some of the mechanisme as tools to the end user.

I think the best approach would be: a non-configurable freebie and a configurable paid version like managing warnings, own registry monitor, cookie management (although cookies are not exactly a high priority on my list)

Regards Kees

 

Kess,

Actually, if I've explained my recent BitfromBill post you may pick up on a plan in which you can really make some parts of this be your idea.

Obviously, it's not a really good user interface to have the average user add registry values they want to protect so I am going to allow 3rd parties to create lists of registry values they believe are important.

Initially, I'm working with other developers to create an add-on which includes registry values used by their program. There's no reason why I can't accept a list of registry values from someone else who's familiar with the registry and especially at cleaning up malware.

The add-on will be a simple text file which contains registry keys and their default values. Each keys can also be set to alert users of a change or just automatically lock them down.

There will be a "Suggestions" button on the Registry Monitor Tab that will take users to the add-on page.

I'm not sure I really other question in the thread but yes this feature will only be available to PLUS supporters. When I created the life-time PLUS membership it wasn't really an ideal business plan so I really depend on encouraging new PLUS members to keep things going.

Thanks again,
Bill

 

thanks bill for posting here,we apreciate you dropby

 

The new winpatrol will protect the registry, but is possible in the current version protect "dangerous" folders?

 

Hi Bill, and thanx for stopping by.

Agreed, but offering the flexibility for "power users" to add registry values / modify the ruleset, I feel, would pique interests of many security minded customers (including many forum members here).
The “average user” can leave the ruleset at default settings.
The addition of a custom modifiable ruleset would indeed make this proggie a tweaker's dream.
Pls keep up the good work.

 

yes bob like a dream come true

 

Thanks, Bill. You have done so much with WinPatrol since it was released. I just wanted to say "thanks" for the new feature and thanks for all you have done and continue to do with WinPatrol. (PLUS member here!)

 

I disagree .

 

Quite a few rogue apps are using the below key to disable other security apps:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

And there are some rogues such as Antivirus Live that can kill most other exes some other way and I don't really know how they do it.

 

Franklin, have a read at this http://isc.sans.org/diary.html?storyid=4039 this explains it rather nicely

Another option is to own the COM handles for Windows Management and Elevation (for your reference I used the CIS 3 groups) and elevate through debugger mode.

 

First what a pleasant surprise from you to join the discussion.

Secondly: nahh life time lisence will cause income to dry out and really is not a viable business option.

Thirdly: I recon with the new Windows7 UAC with the user friendly option to ignore system changes (made by the user), which basically creates a big hole in UAC protection, provides an ideal launch of Win Patrol Plus V18

Here is the plan
Most users will keep UAC on the default level, which does not protect them from malware changing (e.g. trojans) disabling UAC or intruding the system. So with Windows7 we need an intelligent Registry Protection.

Provide third party text files/monitor list as subscription

Suggestion button will take them to Plus data base and Community Voting result

The Plus lisence provides access to these third party/experts list and the option to assist with the pop-ups for a year (Plus db check plus community rating), renewal is possible yearly for a small fee (say 20 percent of the original Plus lisence).

You could always use IE tweaks (like download protection on IE8, see https://www.wilderssecurity.com/showthread.php?t=262475 ) as a download protection option in WinPatrol

Regards Kees

I will contact you via your regular channel for my Registry Suggestions

 

As Kees pointed out, you could always develop a separate application, as it is geared towards more advanced users. Basic free version, configurable paid version.

Or add other features to Winpatrol, and have a free, plus, and plus 'premium' edition. Like the online armor firewall with three versions, all different levels (free, premium, and ++ with AV).

For example, you may offer an 'open ports' feature in a premium version, like hijackfree does.

 

BillPStudios
Security Expert

"I'm not sure I really other question in the thread but yes this feature will only be available to PLUS supporters. When I created the life-time PLUS membership it wasn't really an ideal business plan so I really depend on encouraging new PLUS members to keep things going."


Personally I hate "rentware/leaseware", and don't like having to pay for software which has basically the same function over and over again,
It often just becomes padded non specific bloatware/suiteware to justify asking for more money
I know that you have to make a living Bill but having a software that has a history of having a lifetime licence and then turning it into "rentware/leaseware" would not (in my opinion) be a great idea; the licencing model you have used has added to the percieved integrity of the software and yourself as the developer of this product.
WinPatrol is good software and well respected but "changing horses midstream" might not be to your best advantage. Most likely this is not what you plan for Winpatrol but this is just my opinion.