Free registry protection?

Discussion in 'other security issues & news' started by FatalChaos, Jan 29, 2006.

Thread Status:
Not open for further replies.
  1. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    Are there any free programs that protect your registry? I know diamond security makes a free one (i use it), but it seems kind of lacking in terms of how much it protects.
     
  2. look_here

    look_here Guest


    Look here. https://www.wilderssecurity.com/showthread.php?t=32823
    It a great thread about reg monitors. Though I don't believe it is 100% accurate, it is still about one of the best I've ever seen on the subject.
     
  3. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
  4. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Regprot is very old . Does a decent job but , look elsewhere . RD is much better but , it does cost . Try the link that look_here posted .
     
  5. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I used to use WinPatrol, but I changed to Arovax Shield, because WP use to much cpu...

    Both aren't perfect, but for me are sufficient... ;)
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    All the freebies are pollers. By far the best of these (IMO) is MJRegistryWatcher, as discussed at length on THIS Wilder's thread. Reasons for saying it's the best freebie are...

    1) RegWatcher's programmer is a Wilders member & responds to support requests/questions on the thread linked above.

    2) RW uses "kill first, then ask." That is, RW kills changes upon detection, & doesn't reinstate them until the user says so. Other pollers use -- "ask first, then kill." Thus, with RW a nasty has a bit less time to re-boot the OS or do some other evil thing before getting snagged.

    3) Unlike Arovax & WinPatrol, RW monitors MANY more *sensitive* registry items. Moreover, RW is fully configurable both as to which items to monitor AND as to polling frequency. Polling interval can be set anywhere from *constant patrol* to several minutes between cycles.

    Of course, if you are a high risk user, I recommend you to pay for Regdefender's extra protection (hook based) -- check it out in Ghost's forum right here at Wilders.
     
  7. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    thanks for all your advice, but just a quick question. has any exploit actually managed to fool a poller but not a hook program (regdefend)?
     
  8. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    The problem with a poller, is that the data is already in the registry
    before it is detected.

    A tool like RegDefend works on kernel level, and can stop a
    registry change BEFORE it happens.
     
  9. Try Winpooch. Or cyberhawk security guard, both can block registry changes without polling. I think GESwall and Coreforce do so too.
     
  10. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    Thanks, winpooch looks really interesting (hooks just like regdefend?). I tried cyberhawk, but for some reason after the install (i even restarted), nothign would happen when i clicked on any of the tabes (like rule setting).
     
  11. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    I think the GUI is Html, and needs to run mshtml.exe, or something similar (I don't exactly remember, and I've no logs anymore): if it's blocked for some reason on your pc, it could explain that? o_O

    Cheers,
    nicM
     
  12. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    I don't see why mshtml would be blocked on my pc for any reason, and i had problems with winpooch too (wouldn't even load a gui, the splash screen stayed on screen too). any specific services cyberhawk needs?
     
  13. dac

    dac Guest

    first time i ran winppoch i set debug previleges and my machine locked up when i closed it and then reopended it. had to restart.. is it safe to use deg previleges?
     
  14. Heco

    Heco Registered Member

    Joined:
    Mar 8, 2003
    Posts:
    264
    Location:
    Provence, France
    I think that it is mshta.exe which is blocked, according to my logs...
    Cheers
     
  15. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Thanks Heco ;) , I didn't remember and couldn't check because my logs are gone.

    nic
     
Loading...
Thread Status:
Not open for further replies.