Ideas For Antimalware Tactics

Heres my latest... Im anything but knowldgable in coding or antimalware technology but... I have the impression that an important aspect of many(?) vulnerabilities is related to the ability of malware to change settings. If thats right wouldnt encrypting settings help? Just a thought... even if this idea is completely lame, it would be interesting to hear others...

Anyone else?

 

What about running erdnt on startup?
Its the recovery part of erunt back up.

 

Do you use System Restore already?

 

I don't seehow you could encrypt settings without encrypting the rest of the OS. The settings would have to be accessible to the OS and applications so they'd have to be readable for them.

Regarding backing up with erunt, that could work with registry stored settings provided that you keep the backup up to date. Depending on what file system you use, you do do something similar with a small OS running batch files that's launched from a bootloader.

 

I keep paragon backups handy... system restore is turned off.
Erdunt is very fast though... and it it seems like it could be easy to implement. there are always other considerations. Maybe Lars Hederer could help?

By the way thank you for the respectful intelligent reply... I am no genius regarding software... re your first point: Can you make communication between system and application exclusive?

 

He wasn't the only one !

 

Hello to noone_particular

 

You're welcome .

When I used XP, I had erunt back up the registry upon system startup. With Win 7, I don't do that anymore. Nowadays, I just revert to a previous image if I'm having problems. My documents are stored on a different partition.

Regarding your other question, can you give an example of a setting that you had in mind?

 

I do much the same using batch files launched from Win98 during startup, except that I included the user autostart folders and core system files. On a virtual system, I was able to copy and move files fromDOS on an NTFS formatted XP unit using NTFS for DOS. I don't know if that utility will work on Vista and newer versions of Windows. It should be possible to replace the Windows registry files with backup copies from a Linux or DOS live CD. Automating the process would probably require a bootloader and a 2nd OS that will run the commands automatically as batch files. Running ERUNT from another OS might be possible as well, depending on what command line parameters it will accept.

As a side note, if you're going to take the time to set up an automated registry restore for an NT system, you might also consider cleaning, compacting, and removing all of the MRUs from that backup registry. Keep an ERUNT copy of your as-is registry in case the cleaning process causes problems.