| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ph1 at cogeco.ca (David) Subject: Registry Watcher RandallM wrote: > Hi, > > Any programs out there that "watches" changes to registry and can give an > alert? Spyboy Search & Destroy beta (RC5?) has some of this functionability -- "Spybot-SD Resident". So far I have gotten alerts about programs attempting to add startup commands into the registry. I don't know what else it watches for but you might want to check it out. > > > > My intention for this is only because of my limited knowledge of the windows > registry. As I understand, no processes, applications, programs run with out > entries in to the registry. This it seems includes virus and Trojan > installations. There are the common entries that belong in the registry that > the common installation inserts and all programs have values that must be > inserted. If a "watcher" would have a data base to follow and any odd or > uncommon entries could be flagged. As far as I know all newly found viruses > insert registry entries and these could be placed in a data base that would > cause registry to deny and flag. Wouldn't this in a sense be a firewall and > virus protection method or am I really off base in my understanding. I know > that such use is used by AdWatch and other types of tools but I have never > seen anything mention for protection against backdoors, Trojans and viruses. > If such a program does not exist I'd appreciate any input on building one. > > > > thank you > > Randall M > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists