[Full-Disclosure] Registry Watcher
David
ph1 at cogeco.ca
Sun May 9 02:23:54 BST 2004
RandallM wrote:
> Hi,
>
> Any programs out there that "watches" changes to registry and can give an
> alert?
Spyboy Search & Destroy beta (RC5?) has some of this functionability --
"Spybot-SD Resident". So far I have gotten alerts about programs
attempting to add startup commands into the registry. I don't know what
else it watches for but you might want to check it out.
>
>
>
> My intention for this is only because of my limited knowledge of the windows
> registry. As I understand, no processes, applications, programs run with out
> entries in to the registry. This it seems includes virus and Trojan
> installations. There are the common entries that belong in the registry that
> the common installation inserts and all programs have values that must be
> inserted. If a "watcher" would have a data base to follow and any odd or
> uncommon entries could be flagged. As far as I know all newly found viruses
> insert registry entries and these could be placed in a data base that would
> cause registry to deny and flag. Wouldn't this in a sense be a firewall and
> virus protection method or am I really off base in my understanding. I know
> that such use is used by AdWatch and other types of tools but I have never
> seen anything mention for protection against backdoors, Trojans and viruses.
> If such a program does not exist I'd appreciate any input on building one.
>
>
>
> thank you
>
> Randall M
>
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Full-Disclosure is hosted and sponsored by Secunia.