Registry Protection Tip || Programers' Help Wanted

Discussion in 'other anti-malware software' started by LeAnDrO, Aug 12, 2005.

Thread Status:
Not open for further replies.
  1. LeAnDrO

    LeAnDrO Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    1
    Location:
    Brazil
    Hi ppl,

    I'd like to share with you a tip that lets you set your Registry so that no programs can change some registry keys (auto start keys). Ive protected some important keys and run RegTest (from GhostSecurity) and this program failed to change the keys. Its good because its free and since theres no program in your memory, it wont take resources from your computer.
    >> This tip will only work on Windows NT, Windows 2000, Win XP Pro, Win 2003 with partition NTFS on the drive which is installed your Windows. If you dont know whats the partition installed, go to My Computer -> Right Click on the partition where Win is installed (usually C:) -> Properties.

    >> My Windows is non-english so I dont know how to explain the steps in english .. I'll try to translate, so if anyone could correct this post, I would appreciate a lot.

    1) Start -> Execute -> Type regedit

    2) In this exemple, I'll consider the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run . The same steps apply to the other auto-start keys. So, in the Registry Editor, navigate to the mentioned key.

    3) Select the key "Run" and Right Click with the mouse. Click on Permissions.

    4) Click on the button Add; type All; Click on OK. Select that Group (All) and click on the button Advanced. Select the referred group (All) and click on the button Edit. Now, click on Deny for all checkboxes, except the first (total control) and the second one (consult value). Click on the OK button. Click on OK again. It will appear a dialog box, click on YES. Click on OK again in the next dialog. You're done.

    From now on, no program (including any malware) will be able to modify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , including creating subkeys/values and deleting. If you want to install a new program that will need permission to modify that key, you need to revert the operations mentioned (by deleting the group All on that key).

    As you can see, even though this tip is simple, its hard-working to apply this operation to the numerous auto-start keys. If I could programme, I would make a program to do this operation/revert and offer an option to customize which keys you want to protect automatically just by clicking on a single button. Then, I could share it with you. As I cant programme, I ask if any programmer on this forum thought that this idea is valid and, if so, could make this program and share with us.

    Bye.
     
Loading...
Thread Status:
Not open for further replies.