Protecting the Registry

Discussion in 'other security issues & news' started by WilliamP, May 23, 2004.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    What is the best program to protect the registry? To tell the truth, I'm not sure I need anything as I have TDS3 ,NOD32,and Process Guard. I just want to be sure I have all my bases covered. Thank you.
     
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Excellent question, WillimaP. I use DCS RegProtect, but I'm not too confident it does a good job. It only seems to alert me when certain apps try to change the registry. When I install a new program, or upgrade, it stays silent, and I know things in the registry are changing.

    I've also used RegShot. It allows yout to take a snapshot before and after, and tt does a really good job of telling you what has changed, but it's not real-time protection.
     
  3. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I down loaded Regprot a while back and tried it. A couple of days later I started having serious problems. I can't say for sure but I did a System Restore to straighten out the mess. I,m not sure Regprot had anything to do with it, but things had been running so good for so long,then all of a sudden the problems. I removed Regprot and all is well.
     
  4. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    WP,

    Sorry to hear about your experience with RegProtect. I've not had any problems with it, but a the same time I'm too sure it's doing a good job of protecting my registry.

    If your looking for a good registry cleaner, you can't beat JV16 Power Tools. They also have a less expensive stand along registry cleaner that's OK as well. I've found JV16 to be MUCH better at cleaning than any of the freeware apps.

    If you want a good registry monitoring app, try REGMON. It allows real-time monitoring of the registry, but it's not really what I would call a security tool.
     
  5. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I just tried Regmon and I wasn't real pleased. I knew it wasn't a security program. I just wanted to learn something. It didn't seem to want to behave. It could be that I didn't know how to work with it. I couldn't get it stop logging.
     
  6. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Yeah - It's amazing how often (and incessently) things are being read from / written to the registry! :eek:
     
  7. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hopefully someone will suggest a superior PROTECTION app for the registry. I assume you are looking for an app that will warn you when something is attempting to change the registry (I sure am). At this point, the only one I'm familiar with is RegProtect, and we've already been down that road.
     
  8. lonewolf3367

    lonewolf3367 Guest

  9. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
  10. lonewolf3367

    lonewolf3367 Guest

  11. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    How do you get the registry protection with SSM without downloading SSM. I had run SSM in the recent past but changed to Abtrusion Protector. I liked AP a lot better. Now I have Process Guard for Execution Protection. Please help.
     
  12. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    WilliamP,

    In the beginnning, I tried / used various registry protection programs to keep unwanted apps from installing themselves, and to keep malware from modifying the registry. As you saw from viewing RegMon, there are sooo many changes made to the registry by 'good' programs, I would think it would be almost impossible to keep up with approving / disapproving all changes requested. Therefore, I'm wondering if the execution protection afforded by SSM or AP or PG isn't enough? What more could we possibly need? Just wondering out loud...o_O
     
  13. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    That is a valid question. I wonder the same thing. I'm looking at Grr! right now. It will take some checking to see if there has been any problems. I am not knowledgable enough to know if it is needed in addition to my other security. I certainly don't want to mess up my system now.
     
  14. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I understand completely about not wanting to mess up your system. Catchy name, thouogh (Grr). Please let me know what you find out about it. I sure wish someone from DCS would comment about their product (RegProtect). And if anyone could comment on what vunerabilities still exist (as far as the registry is concerned) with the software you (myself included) are currently running
     
  15. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    The Greyware Registry Rearguard website is really informative. The program looks good but so far I haven't found out anything from anyone who has used it. It can be tried free. Why don't you just jump in there!
     
  16. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I've used Grr! in the past, but switched to RegRun (Gold) a couple of years ago. Works very well with PG and BOClean. I highly recommend it.

    http://www.greatis.com/regrun3.htm

    Nick
     
  17. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Will,

    I've got so many apps running already, my system tray takes up half of the screen! :eek: To that I've just added a trial run of PG this morning - I'll probably wind up getting the full version before long (I like it!). Before I add yet another appy, I sure would like to know how bad I need it. Especially one that is constantly running in the background, if you know what I mean. :rolleyes:
     
  18. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Nick s , why did you drop Grr and go with Reg Run Gold?
     
  19. Rui

    Rui Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    141
    Location:
    Portugal
    Hi WilliamP

    I have Process Guard too, and I wonder whether Grr can provide any additional REgistry protection. Are you experimenting Grr? If so, I would like to know your impressions about it.
    Regards
    Rui
     
  20. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    When XP first came out, Grr! was not fully compatible (at least on my systems). The developers were not able to provide a fix that worked before my license expired, even though they acknowledged that there was a problem. I started looking at alternatives and went with RegRun. Registry protection is only one of RegRun's features, whereas Grr! only protects the registry. Take a look at the feature list here:

    http://www.greatis.com/regrun3detail.htm

    Nick
     
  21. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Let's divide registry protection software into three categories:
    1) Poller: It polls the registry periodically and compare with old values.
    2) Listener: It detects registry modification immediately after it was made, triggered by the change.
    3) Proxy: It intercepts registry modification attempts while they are made, and offer protection or confirmation dialogs even before the change entered the registry.

    My problem is that registry protection software usually do not state which category they belong to. I suspect that is because most of them belong to the weakest Poller category. Can somebody more knowledgable than me please put the above mentioned softwares into one of these categories I listed ??

    -hojtsy-
     
  22. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Hojtsy, from what I can read on the Grr web site it fits into last catagory. It stops a change and gives the opportunity to ok or deny the change. I would guess its a proxy. Their web site gives a lot of info.
     
  23. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hojtsy - Very well spoken. ;) While not a "Registry Protector" per se, doesn't Process Guard help to protect the registry by stopping unwanted programs before they load/execute. So, if you stop all unwanted programs, would it follow that you then stop all unwanted registry changes? o_O
     
  24. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Dazed_and_Confused

    Good Question.

    You should ask that on Process Guard Forum, I would ask it there myself but as it your Quote and Post I feel you have first right.

    With Regards,
    TheQuest :cool:
     
  25. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Quest,I asked the question on the PG forum and sofar have not gotten an answer. I sure would love to get some answers.
     
Loading...
Thread Status:
Not open for further replies.