Security Basics mailing list archives
Re: Dynamicism Of Windows Registry
From: "Colin Bean" <ccbean () gmail com>
Date: Thu, 22 Jun 2006 15:14:27 -0700
You can monitor the registry in real time using RegMon from SysInternals: http://www.sysinternals.com/Utilities/Regmon.html Spybot Search and Destroy also has a helper application (TeaTimer) that hooks registry changes and allows you to permit or deny them as they happen. http://www.safer-networking.org/en/index.html So it's possible to monitor the registry and prevent changes; although I'm not sure if this answers your question. Perhaps you could clarify what you mean by "thwart an attack by that system"? I've installed RegMon on a system infected with malware that would automatically regenerate its startup keys, and I could see the malware continuously polling the registry to see if its keys were still there. Didn't help me to remove the malware, but was interesting to see :) Regards, -Colin On 6/21/06, Jason T. Hallahan <jthallah () gmail com> wrote:
Hello and good day: I have a question. Exactly how dynamic is the Windows Registry? Specifically, if you were somehow able to monitor in real-time the changes made to the registry of a system on your network (HW/SW installation, Processes running, websites visited, etc.) would you be able to thwart an attack by that system (user), or would it be too little information, too late? Thanks for your help. Best regards, Jason --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Dynamicism Of Windows Registry Jason T. Hallahan (Jun 22)
- RE: Dynamicism Of Windows Registry Roger A. Grimes (Jun 23)
- Re: Dynamicism Of Windows Registry Colin Bean (Jun 23)
- RE: Dynamicism Of Windows Registry Vijender Yadav (Jun 26)
- Re: Dynamicism Of Windows Registry Eugene Nine (Jun 23)
- Re: Dynamicism Of Windows Registry Philippe De Ryck (Jun 23)
- Re: Dynamicism Of Windows Registry Neil (Jun 23)
- <Possible follow-ups>
- RE: Dynamicism Of Windows Registry Eric Cooper (Jun 23)