Re: Dynamicism Of Windows Registry

[Eugene Nine <enine () ninefamily com>]

On Wednesday 21 June 2006 14:57, Jason T. Hallahan wrote:
> Hello and good day:
>
> I have a question. Exactly how dynamic is the Windows Registry?
> Specifically, if you were somehow able to monitor in real-time the
> changes made to the registry of a system on your network (HW/SW
> installation, Processes running, websites visited, etc.) would you be
> able to thwart an attack by that system (user), or would it be too
> little information, too late?
>
> Thanks for your help.
>
> Best regards,
> Jason
Pretty much like a software firewall but instead of monitoring ports your 
monitoring open reg/file handles.  There are tools which will display all 
registry keys open and changed.  Problem is how do you (or the average user) 
filter out what is good and bad.  For example you and I probably know better 
than to try to use Outlook Express but an end user would see application 
msimn.exe wanted to change hkey_local_machine\software\whatever and probably 
deny it not knowing what msimn is.  Then the next time they run it its 
blocked and doesn't work.  My office supplied laptop has over 80 processes 
running on it just after booting and logging in, imagine how many registry 
keys are getting changed at any one time while its running.
 


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------