RegistryProt 2.0/Startup Monitor Question

I currently have Mike Lin's Startup Monitor installed to alert me to any registry changes associated with unwanted spyware/malware getting on my system. If I understand how Startup Monitor works, it alerts to any attempt to make a registry change that would have a program installed to the start up menu when windows starts up.

When I read how RegistryProt 2.0 works it suggests that it alerts to any attempted registry changes and not necessarily limited to registry changes with a program attempting to get into the start up menu.

I have several questions:

1) Is my understanding of the difference in how RegistryProt 2.0 and Stratup Monitor work correct

2)Does RegistryProt 2.0 offer a better alert to attempted registry changes than does Startup Monitor

3)Is there any advantage to running both RegistryProt 2.0 and Startup Monitor to provide a broader spectrum of alerts to attempted registry changes

4)If running both gives a broader spectrum of alerts, is there any potential conflicts in having both installed.


Thank you for any clarification and assistance

 

Sorry, Should have attached sites for program descriptions on RegistryProt 2.0 and Startup Monitor.

http://www.mlin.net/StartupMonitor.shtml

http://www.diamondcs.com.au/index.php?page=regprot

 

Hi,polak

I was using RegistryProt 2.0 on my Win98se box, because it was very light on resources.(It uses less than 20k bytes memory and 1% system resource.) I also carefully read RegistryProt2.0's help file, but I couldn't find what registry entry RegistryProt 2.0 monitor. I think RegistryProt 2.0 is very old application, it can't monitor enough registry entries.

I haven't used Startup Monitor, may I ask you one question? What registry entry can Startup Monitor monitor? Here is the good tutorial about "Places that viruses and trojans hide on start up"
http://www.security-forums.com/forum/viewtopic.php?t=3752&sid=d0a7c803821fd976b66bd8ebf117b03c

Now I'm using SSM(System Safety Monitor) as a startup monitoring tool on my WinXP and Win2K box. The below is the screen shot that SSM can monitor. SSM can monitor many registry entries, Services, INI Files, Start Up Folders. I really like SSM, Have you tried SSM? I think SSM is also good startup monitoring tool.

Best Regards.

 

Sumire,

It is my understanding that Startup Monitor monitors the registry entries for the the Startup Group.

From author's website:

"StartupMonitor is a small utility that runs transparently (it doesn't even use a tray icon) and notifies you when any program registers itself to run at system startup. It prevents those utterly useless tray applications from registering themselves behind your back, and it acts as a security tool against trojans like BackOrifice or Netbus."

FYI it also is a tiny program--60 kb.

 

Hi,polak

I also downloaded Startup Monitor and installed on my WinXP HE box. Yes, this program is very easy to use and light on resource. This is good point but I'm not so impressed with this program because according to the author's homepage,

I think StartupMonitor can monitor only Startup folders and the Run entries in the registry. Please look at the above tutorial's NO,7 start up method.(i.e.Registry Shell Spawning startup method) I presume Startup Monitor can't monitor this entry. This is not good because this startup method is widely used by today's modern backdoors like Sub7, Optix Pro, etc...

This is why I prefer SSM to Startup Monitor as a startup monitoring tool. In addition to this, SSM can monitor not only more startup methods but also programs activities. SSM has sandbox feature,too. SSM can successfully intercept malicious API calls like "CreateRemoteThread" , "SetWindowsHookEx". This is very useful to prevent modern dll injection backdoors (for example, Assasin, Beast, Coldfusion, etc...) from injecting malicious dlls into trusted host applications. Here is the excellent description about modern dll injection backdoors.
http://home.arcor.de/scheinsicherheit/dll.htm

If SSM and your preferred software firewall are put together, you can also block all these leak concept tools.
http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/pageweb/test.html

I really like SSM's features, BTW, polak, what OS do you use? If you use NT based OS(Win2k,XP), I think you don't need to concern about resource so much. SSM is not much memory drain program, on my WinXP box SSM uses about 10 Mbytes memories each time. If I were you, I would give SSM a try. I think SSM is one of the best security softwares I've ever seen, I really like this program. Yes, SSM is freeware program,too.

just my 2 cents worth
Best Regards

 

Sumire,

Thank you for your detailed response and additional information. Without a doubt, you have convinced me that the route to go is to use SSM.

I appreciate your thoughts and effort in responding to my question. BTW my OS is XP PRO

Thank You