[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Registry Watcher
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Registry Watcher
- From: m.garg@xxxxxxx
- Date: Sun, 9 May 2004 05:37:48 +0530
full-disclosure-admin@xxxxxxxxxxxxxxxx wrote on 05/09/2004 04:30:57 AM:
> Hi,
>
> Any programs out there that "watches" changes to registry and can give
an
> alert?
>
>
>
> My intention for this is only because of my limited knowledge of the
windows
> registry. As I understand, no processes, applications, programs run with
out
> entries in to the registry.
this is not true. You need not touch registry to run any program. Programs
generally keep their config info in the registry.
> This it seems includes virus and Trojan installations. There are the
common
> entries that belong in the registry that
> the common installation inserts and all programs have values that must
be
> inserted. If a "watcher" would have a data base to follow and any odd or
> uncommon entries could be flagged. As far as I know all newly found
viruses
> insert registry entries and these could be placed in a data base that
would
> cause registry to deny and flag.
viruses generally attack registry first because most of the application
including
os use registry for running properly.. so registry is the favorite target.
but
a virus can do much harm without changing registry also.
> Wouldn't this in a sense be a firewall and
> virus protection method or am I really off base in my understanding. I
know
> that such use is used by AdWatch and other types of tools but I have
never
> seen anything mention for protection against backdoors, Trojans and
viruses.
> If such a program does not exist I'd appreciate any input on building
one.
>
>
>
> thank you
>
> Randall M
>
cheers,
Manu Garg
http://manugarg.freezope.org
ForwardSourceID:NT0000CDAE
DISCLAIMER: The information contained in this message is intended only and
solely for the addressed individual or entity indicated in this message and for
the exclusive use of the said addressed individual or entity indicated in this
message (or responsible for delivery
of the message to such person) and may contain legally privileged and
confidential information belonging to Tata Consultancy Services. It must not be
printed, read, copied, disclosed, forwarded, distributed or used (in whatsoever
manner) by any person other than the addressee.
Unauthorized use, disclosure or copying is strictly prohibited and may
constitute unlawful act and can possibly attract legal action, civil and/or
criminal. The contents of this message need not necessarily reflect or endorse
the views of Tata Consultancy Services on any subject matter.
Any action taken or omitted to be taken based on this message is entirely at
your risk and neither the originator of this message nor Tata Consultancy
Services takes any responsibility or liability towards the same. Opinions,
conclusions and any other information contained in this message
that do not relate to the official business of Tata Consultancy Services shall
be understood as neither given nor endorsed by Tata Consultancy Services or any
affiliate of Tata Consultancy Services. If you have received this message in
error, you should destroy this message and may please notify the sender by
e-mail. Thank you.