How neccessary is regdefend

Discussion in 'Ghost Security Suite (GSS)' started by Image, Mar 15, 2006.

Thread Status:
Not open for further replies.
  1. Image

    Image Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    15
    I'm using 6 antispywarekillers and 2 antivirus programs and a firewall.
    Ewido
    Counterspy
    Spysweeper
    AdAware
    Spybot S&D
    XsoftSpy SE
    NOD32
    Avast4.6
    ZoneAlarm

    My q'n is do i really need regdefend even when having running these programs in the background.
    I'm a average pc user and not very technical.

    I don't know where to put this q'n so i try it here as well,
    I'm using PerfectDisk 6 from raxco and it is very good, what i like to have is a very good program for my internal memory or other programs that will increase my pc performance.

    Hope to hear from anybody.
     
  2. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,620
    Location:
    Canada
    Antivirus and Antispywares will not protect you against Registry modification. That's what RegDefend is doing.

    Here is a short explanation of the protection it offers.

    Anti-virus/anti-spyware programs poll for changes. This means it is constantly using memory and the cpu even if nothing is happening to the registry. RegDefend does not use any wasteful or ineffecient methods like these other programs. It is only active when something accesses the registry in a way which it is not supposed to.

    Another problem in these other programs is they they only read the registry every few seconds. This gives malicious software a chance to modify the registry in a way which these programs cannot fix. This is a big security hole! However, since only a few (increasing every day) malicious programs use these techniques, the security companies don't care that much about it. These other security programs allow the malicious software to modify the registry, then try and fix it AFTER THE FACT! RegDefend stops programs BEFORE they can even access the registry which totally blocks this security hole.

    Also take a look to the main site for more informations.

    http://www.ghostsecurity.com/index.php?page=regdefend

    Hope it helps.:)
     
    Last edited: Mar 15, 2006
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,351
    Location:
    The Netherlands
    Even more importantly, unlike Antivirus or AntiSpyware software, RegDefend doesn't rely on either a database of known malware or heuristic detection; instead it watches a large number of registry keys and values that are likely to be hacked by malware.

    This is exactly why RegDefend is so valuable: it will prevent entirely new baddies from wreaking havoc even if no AV/AS software detects it.
     
  4. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i think it is good to have "registry protection", but you can choose which program that you want to use for that, if you want registry protection..

    registry protection could alert you to malware that is trying to add regkeys to "startup", in the registry, where malware creates a regkey so that the malware will run automatically at bootup..

    i use regdefend because i think that it has more advanced registry protection than some other programs have, but it you do not want to purchase regdefend, there are other programs that you could use for registry protection instead of regdefend..
     
    Last edited: Mar 17, 2006
  5. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Don't forget RegDefend also has a "free" method of operation that works quite nicely and it is very light on resources

    In simple terms (if you do not customise a ruleset for your PC and way of working) the difference between "paid" and "free" is simply that with the free one you need to kill the process in order to block an operation when you get an alert dialog

    Both the free and the paid can automatically block without an alert dialog
    There are some processes that you wouldn't want to kill, like services.exe but if a change was being made to load a driver and you didn't want it you would have to try and put up with a reboot

    Certain malware is making use of registry permissions to stop the polling registry monitors from undoing a change. This makes a 1 second delay far too late to easily "undo" the damage unless the polling monitor brute forces the change (by taking ownership of the key or changing the permissions again).

    This is where the proactive nature of the kernel based products (like RegDefend) give you an advantage because the malware is hung waiting on the kernel to return whilst you are seeing the allow/deny prompt.
     
    Last edited: Mar 17, 2006
  6. minnow

    minnow Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    17
    Location:
    in Wunderland
    wow :eek: I can't wait till Im RICH like you guys - to spend extra time in here learning about ALL of this stuff o_O whewww
     
  7. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,620
    Location:
    Canada

    minnow,how come you're not rich yet? In your signature, under occupation you mention "Street of Gold":D :D :p
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think it is too difficult to use free version, if u can,t set rules that means u will either bloick the eanted programmes also or u are going to get an endless list of popups all the time u use ur PC.
     
Thread Status:
Not open for further replies.