RegistryProt 2.0/Startup Monitor Question

Discussion in 'other software & services' started by polak, Jan 26, 2004.

Thread Status:
Not open for further replies.
  1. polak

    polak Registered Member

    Joined:
    Sep 1, 2003
    Posts:
    38
    Location:
    Canada
    I currently have Mike Lin's Startup Monitor installed to alert me to any registry changes associated with unwanted spyware/malware getting on my system. If I understand how Startup Monitor works, it alerts to any attempt to make a registry change that would have a program installed to the start up menu when windows starts up.

    When I read how RegistryProt 2.0 works it suggests that it alerts to any attempted registry changes and not necessarily limited to registry changes with a program attempting to get into the start up menu.

    I have several questions:

    1) Is my understanding of the difference in how RegistryProt 2.0 and Stratup Monitor work correcto_O

    2)Does RegistryProt 2.0 offer a better alert to attempted registry changes than does Startup Monitoro_O

    3)Is there any advantage to running both RegistryProt 2.0 and Startup Monitor to provide a broader spectrum of alerts to attempted registry changeso_O

    4)If running both gives a broader spectrum of alerts, is there any potential conflicts in having both installed.


    Thank you for any clarification and assistance
     
  2. polak

    polak Registered Member

    Joined:
    Sep 1, 2003
    Posts:
    38
    Location:
    Canada
    Sorry, Should have attached sites for program descriptions on RegistryProt 2.0 and Startup Monitor.

    http://www.mlin.net/StartupMonitor.shtml

    http://www.diamondcs.com.au/index.php?page=regprot
     
  3. Sumire

    Sumire Registered Member

    Joined:
    Sep 26, 2002
    Posts:
    43
    Location:
    Japan
    Hi,polak

    I was using RegistryProt 2.0 on my Win98se box, because it was very light on resources.(It uses less than 20k bytes memory and 1% system resource.) I also carefully read RegistryProt2.0's help file, but I couldn't find what registry entry RegistryProt 2.0 monitor. I think RegistryProt 2.0 is very old application, it can't monitor enough registry entries.

    I haven't used Startup Monitor, may I ask you one question? What registry entry can Startup Monitor monitor? Here is the good tutorial about "Places that viruses and trojans hide on start up"
    http://www.security-forums.com/forum/viewtopic.php?t=3752&sid=d0a7c803821fd976b66bd8ebf117b03c

    Now I'm using SSM(System Safety Monitor) as a startup monitoring tool on my WinXP and Win2K box. The below is the screen shot that SSM can monitor. SSM can monitor many registry entries, Services, INI Files, Start Up Folders. I really like SSM, Have you tried SSM? I think SSM is also good startup monitoring tool.

    Best Regards.
     

    Attached Files:

    • SSM.jpg
      SSM.jpg
      File size:
      81.4 KB
      Views:
      589
  4. polak

    polak Registered Member

    Joined:
    Sep 1, 2003
    Posts:
    38
    Location:
    Canada
    Sumire,

    It is my understanding that Startup Monitor monitors the registry entries for the the Startup Group.

    From author's website:

    "StartupMonitor is a small utility that runs transparently (it doesn't even use a tray icon) and notifies you when any program registers itself to run at system startup. It prevents those utterly useless tray applications from registering themselves behind your back, and it acts as a security tool against trojans like BackOrifice or Netbus."

    FYI it also is a tiny program--60 kb.
     
  5. Sumire

    Sumire Registered Member

    Joined:
    Sep 26, 2002
    Posts:
    43
    Location:
    Japan
    Hi,polak :)

    I also downloaded Startup Monitor and installed on my WinXP HE box. Yes, this program is very easy to use and light on resource. This is good point but I'm not so impressed with this program because according to the author's homepage,

    I think StartupMonitor can monitor only Startup folders and the Run entries in the registry. Please look at the above tutorial's NO,7 start up method.(i.e.Registry Shell Spawning startup method) I presume Startup Monitor can't monitor this entry. This is not good because this startup method is widely used by today's modern backdoors like Sub7, Optix Pro, etc...

    This is why I prefer SSM to Startup Monitor as a startup monitoring tool. In addition to this, SSM can monitor not only more startup methods but also programs activities. SSM has sandbox feature,too. SSM can successfully intercept malicious API calls like "CreateRemoteThread" , "SetWindowsHookEx". This is very useful to prevent modern dll injection backdoors (for example, Assasin, Beast, Coldfusion, etc...) from injecting malicious dlls into trusted host applications. Here is the excellent description about modern dll injection backdoors.
    http://home.arcor.de/scheinsicherheit/dll.htm

    If SSM and your preferred software firewall are put together, you can also block all these leak concept tools.
    http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/pageweb/test.html

    I really like SSM's features, BTW, polak, what OS do you use? If you use NT based OS(Win2k,XP), I think you don't need to concern about resource so much. SSM is not much memory drain program, on my WinXP box SSM uses about 10 Mbytes memories each time. If I were you, I would give SSM a try. I think SSM is one of the best security softwares I've ever seen, I really like this program. Yes, SSM is freeware program,too. :)

    just my 2 cents worth
    Best Regards
     
  6. polak

    polak Registered Member

    Joined:
    Sep 1, 2003
    Posts:
    38
    Location:
    Canada
    Sumire,

    Thank you for your detailed response and additional information. Without a doubt, you have convinced me that the route to go is to use SSM.

    I appreciate your thoughts and effort in responding to my question. BTW my OS is XP PRO

    Thank You
     
Loading...
Thread Status:
Not open for further replies.