Re: Registry Watcher

[m.garg () tcs com]

full-disclosure-admin () lists netsys com wrote on 05/09/2004 04:30:57 AM:

> Hi,
>
> Any programs out there that "watches" changes to registry and can give 
an
> alert? 
>
>
>
> My intention for this is only because of my limited knowledge of the 
windows
> registry. As I understand, no processes, applications, programs run with 
out
> entries in to the registry.

this is not true. You need not touch registry to run any program. Programs
generally keep their config info in the registry. 

> This it seems includes virus and Trojan installations. There are the 
common 
> entries that belong in the registry that
> the common installation inserts and all programs have values that must 
be
> inserted. If a "watcher" would have a data base to follow and any odd or
> uncommon entries could be flagged. As far as I know all newly found 
viruses
> insert registry entries and these could be placed in a data base that 
would
> cause registry to deny and flag. 

viruses generally attack registry first because most of the application 
including
os use registry for running properly.. so registry is the favorite target. 
but 
a virus can do much harm without changing registry also.

> Wouldn't this in a sense be a firewall and
> virus protection method or am I really off base in my understanding. I 
know
> that such use is used by AdWatch and other types of tools but I have 
never
> seen anything mention for protection against backdoors, Trojans and 
viruses.
> If such a program does not exist I'd appreciate any input on building 
one.
> thank you
>
> Randall M

cheers,
Manu Garg
http://manugarg.freezope.org
ForwardSourceID:NT0000CDAE

Attachment: InterScan_Disclaimer.txt
Description: