full-disclosure-admin@lists.netsys.com wrote on 05/09/2004 04:30:57 AM:
> Hi,
>
> Any programs out there that "watches" changes to registry and can give
an
> alert?
>
>
>
> My intention for this is only because of my limited knowledge of the
windows
> registry. As I understand, no processes, applications, programs run with
out
> entries in to the registry.
this is not true. You need not touch registry to run any program. Programs
generally keep their config info in the registry.
> This it seems includes virus and Trojan installations. There are the
common
> entries that belong in the registry that
> the common installation inserts and all programs have values that must
be
> inserted. If a "watcher" would have a data base to follow and any odd or
> uncommon entries could be flagged. As far as I know all newly found
viruses
> insert registry entries and these could be placed in a data base that
would
> cause registry to deny and flag.
viruses generally attack registry first because most of the application
including
os use registry for running properly.. so registry is the favorite target.
but
a virus can do much harm without changing registry also.
> Wouldn't this in a sense be a firewall and
> virus protection method or am I really off base in my understanding. I
know
> that such use is used by AdWatch and other types of tools but I have
never
> seen anything mention for protection against backdoors, Trojans and
viruses.
> If such a program does not exist I'd appreciate any input on building
one.
>
>
>
> thank you
>
> Randall M
>
cheers,
Manu Garg
http://manugarg.freezope.org
ForwardSourceID:NT0000CDAE
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2.1.8 : Sat May 08 2004 - 21:03:16 EDT
