[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <OF2C09B03F.97020D0F-ON65256E8F.0000B857-65256E8F.0000E5B1@tcs.com>
From: m.garg at tcs.com (m.garg@....com)
Subject: Registry Watcher
full-disclosure-admin@...ts.netsys.com wrote on 05/09/2004 04:30:57 AM:
> Hi,
>
> Any programs out there that "watches" changes to registry and can give
an
> alert?
>
>
>
> My intention for this is only because of my limited knowledge of the
windows
> registry. As I understand, no processes, applications, programs run with
out
> entries in to the registry.
this is not true. You need not touch registry to run any program. Programs
generally keep their config info in the registry.
> This it seems includes virus and Trojan installations. There are the
common
> entries that belong in the registry that
> the common installation inserts and all programs have values that must
be
> inserted. If a "watcher" would have a data base to follow and any odd or
> uncommon entries could be flagged. As far as I know all newly found
viruses
> insert registry entries and these could be placed in a data base that
would
> cause registry to deny and flag.
viruses generally attack registry first because most of the application
including
os use registry for running properly.. so registry is the favorite target.
but
a virus can do much harm without changing registry also.
> Wouldn't this in a sense be a firewall and
> virus protection method or am I really off base in my understanding. I
know
> that such use is used by AdWatch and other types of tools but I have
never
> seen anything mention for protection against backdoors, Trojans and
viruses.
> If such a program does not exist I'd appreciate any input on building
one.
>
>
>
> thank you
>
> Randall M
>
cheers,
Manu Garg
http://manugarg.freezope.org
ForwardSourceID:NT0000CDAE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040509/ff984f17/attachment.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040509/ff984f17/InterScan_Disclaimer.txt
Powered by blists - more mailing lists