Full Disclosure mailing list archives
Re: Registry Watcher
From: David <ph1 () cogeco ca>
Date: Sat, 08 May 2004 21:23:54 -0400
RandallM wrote:
Hi, Any programs out there that "watches" changes to registry and can give analert?
Spyboy Search & Destroy beta (RC5?) has some of this functionability -- "Spybot-SD Resident". So far I have gotten alerts about programs attempting to add startup commands into the registry. I don't know what else it watches for but you might want to check it out.
My intention for this is only because of my limited knowledge of the windows registry. As I understand, no processes, applications, programs run with out entries in to the registry. This it seems includes virus and Trojan installations. There are the common entries that belong in the registry that the common installation inserts and all programs have values that must be inserted. If a "watcher" would have a data base to follow and any odd or uncommon entries could be flagged. As far as I know all newly found viruses insert registry entries and these could be placed in a data base that would cause registry to deny and flag. Wouldn't this in a sense be a firewall and virus protection method or am I really off base in my understanding. I know that such use is used by AdWatch and other types of tools but I have never seen anything mention for protection against backdoors, Trojans and viruses. If such a program does not exist I'd appreciate any input on building one.thank you Randall M_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Registry Watcher RandallM (May 08)
- Re: Registry Watcher Marcel Krause (May 08)
- Re: Registry Watcher m . garg (May 08)
- RE: Registry Watcher "Kit" <full<dash>disclosure(at)smallfoxx (May 08)
- RE: Registry Watcher Aditya, ALD [Aditya Lalit Deshmukh] (May 08)
- Re: Registry Watcher Steve Menard (May 09)
- RE: Registry Watcher Alan Melia (Melmac) (May 09)
- Re: Registry Watcher David (May 08)
- Re: Registry Watcher Chris Porter (May 08)
- RE: Registry Watcher Aditya, ALD [Aditya Lalit Deshmukh] (May 08)
- Re: Registry Watcher Scott Manley (May 10)
- Re: Registry Watcher Troy Solo (May 11)
- RE: Registry Watcher Aditya, ALD [Aditya Lalit Deshmukh] (May 12)
- Re: Registry Watcher Scott Manley (May 10)
- Policy measurement and compliance tools n30 (May 09)
- Windows IPS personal use n30 (May 09)
- RE: Windows IPS personal use Aditya, ALD [Aditya Lalit Deshmukh] (May 10)