| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040509021639.74650.qmail@web12821.mail.yahoo.com>
From: onestepto at yahoo.com.au (Paul)
Subject: registry watcher
Spybot does that and much more for free, Adware6 Pro has adwatch but costs. There are numerous other.
one step at a time...
---------------------------------
Find local movie times and trailers on Yahoo! Movies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040509/9ff155a6/attachment.html
From dot Sun May 9 03:08:08 2004
From: dot ("Kit" <full<dash>disclosure(at)smallfoxx)
Subject: [Full-Disclosure] Registry Watcher
In-Reply-To: <OF2C09B03F.97020D0F-ON65256E8F.0000B857-65256E8F.0000E5B1@....com>
Message-ID: <ALEJJCAELMOEKGCLLIAEGENICGAA.full<dash>disclosure(at)smallfoxx<dot>com@...aliddomain.com>
Call me crazy, but what about the built-in auditting function?
http://www.cert.org/security-improvement/implementations/i028.04.html
http://www.winnetmag.com/Article/ArticleID/14742/14742.html
Still, as Manu points out, you don't *need* to touch the registry for any
reason. It's really just designed as an organized set of INI files. Good
place to put configuration information, but never needed just to run an
executable.
Now, if you want to proactive and monitor the registry and prevent things
from modifying key areas, Greyware Automation makes a good tool called
"GRR!" (Greyware Registry Rearguard). It watches all the key startup
entries that most viruses try to put themselves in so that they can't
restart when your system does:
http://www.greyware.com/software/grr/
They have a free trial version so you can look it over.
-Kit
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of m.garg@....com
Sent: Saturday, May 08, 2004 7:08 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Registry Watcher
full-disclosure-admin@...ts.netsys.com wrote on 05/09/2004 04:30:57 AM:
> Hi,
>
> Any programs out there that "watches" changes to registry and can give
an
> alert?
>
>
>
> My intention for this is only because of my limited knowledge of the
windows
> registry. As I understand, no processes, applications, programs run with
out
> entries in to the registry.
this is not true. You need not touch registry to run any program. Programs
generally keep their config info in the registry.
> This it seems includes virus and Trojan installations. There are the
common
> entries that belong in the registry that
> the common installation inserts and all programs have values that must
be
> inserted. If a "watcher" would have a data base to follow and any odd or
> uncommon entries could be flagged. As far as I know all newly found
viruses
> insert registry entries and these could be placed in a data base that
would
> cause registry to deny and flag.
viruses generally attack registry first because most of the application
including
os use registry for running properly.. so registry is the favorite target.
but
a virus can do much harm without changing registry also.
> Wouldn't this in a sense be a firewall and
> virus protection method or am I really off base in my understanding. I
know
> that such use is used by AdWatch and other types of tools but I have
never
> seen anything mention for protection against backdoors, Trojans and
viruses.
> If such a program does not exist I'd appreciate any input on building
one.
>
>
>
> thank you
>
> Randall M
>
cheers,
Manu Garg
http://manugarg.freezope.org
ForwardSourceID:NT0000CDAE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040508/cda35a4f/attachment.html
Powered by blists - more mailing lists