lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: m.garg at tcs.com (m.garg@....com)
Subject: Registry Watcher

full-disclosure-admin@...ts.netsys.com wrote on 05/09/2004 04:30:57 AM:

> Hi,
> 
> Any programs out there that "watches" changes to registry and can give 
an
> alert? 
> 
> 
> 
> My intention for this is only because of my limited knowledge of the 
windows
> registry. As I understand, no processes, applications, programs run with 
out
> entries in to the registry.

this is not true. You need not touch registry to run any program. Programs
generally keep their config info in the registry. 

> This it seems includes virus and Trojan installations. There are the 
common 
> entries that belong in the registry that
> the common installation inserts and all programs have values that must 
be
> inserted. If a "watcher" would have a data base to follow and any odd or
> uncommon entries could be flagged. As far as I know all newly found 
viruses
> insert registry entries and these could be placed in a data base that 
would
> cause registry to deny and flag. 

viruses generally attack registry first because most of the application 
including
os use registry for running properly.. so registry is the favorite target. 
but 
a virus can do much harm without changing registry also.

> Wouldn't this in a sense be a firewall and
> virus protection method or am I really off base in my understanding. I 
know
> that such use is used by AdWatch and other types of tools but I have 
never
> seen anything mention for protection against backdoors, Trojans and 
viruses.
> If such a program does not exist I'd appreciate any input on building 
one.
> 
> 
> 
> thank you
> 
> Randall M
> 

cheers,
Manu Garg
http://manugarg.freezope.org
ForwardSourceID:NT0000CDAE 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040509/ff984f17/attachment.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040509/ff984f17/InterScan_Disclaimer.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ