The following lines were added (+) and removed (-):
''Other aspect of Windows security is discussed on the [[Windows Security Page]].''== Specific Registry Keys ===== Startup Programs ===Software that is third-party which is loaded when Windows is loaded, or a user logs in can be stored in the registry. The following two registry keys are responsible for loading these auto-start programs.# HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run# KEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunIn the first the program would start on user login, and only for that user. The second will load for any user when the Windows session begins.A common example of a startup program is GoogleUpdate.exe which is added by Google software such as the Google Chrome web browser. The key pair looks like this:* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Google Update* REG_SZ "C:\Documents and Settings\nicole\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cAlthough GoogleUpdate.exe is generally considered benign, the risk is in what a virus hacker can do to disguise malware. The developer of a virus, being aware that people ignore GoogleUpdate.exe, may replace it will a virus using the same name. In this event, the virus is auto-loaded with Windows and the user sees only what is perceived to be the harmless GoogleUpdate program. Because GoogleUpdate runs silently in the background (TSR) there is no interface, also a trait of a virus.=== Checking the Default Web Browser ==={{:Windows Registry- Default Web Browser}}== Security ==Most commercial anti-virus includes some sort of active registry monitoring. It attempts to notify the user on changes to the registry that may be harmful such as the inclusion of startup keys by a virus. The success of such monitoring software largely depends on how threats are detected, often matching entries against an internal database. It is difficult to determine with complete accuracy what changes to the registry are legitimate by running software and what changes are malicious. There is also gray area depending on what a user considers to be malicious. Recommended Security Measures to Protect the Integrity of the Registry* Create regular manual backups of the registry hives* Use [[Microsoft System Restore]] which includes registry backup* Use Registry monitoring software such as a good Anti-Virus== Tracking Changes ==There are two fundamental approaches to detecting changes to the Windows registry. One is to take a snapshot of the registry, and then later take another and do a comparison. This approach is thorough but very slow. A second approach involves active, real-time monitoring. This approach may be slightly less reliable, however, is more useful for detecting changes as they happen. A disadvantage of real-time monitoring is that the TSR will utilize some resources as it runs and may make a slower PC seem to run even slower still.* snapshot and compare - no real-time performance loss, thorough, however a slow process to create the snapshot and compare.* real-time monitoring - quickly detect or even intercept changes to the registry. may negatively impact system speed.Detecting changes to the registry, and stopping unwanted changes is a common part of a Host Intrusion Prevention System. Most contemporary security tools to accomplish this are part of a larger commercial antivirus security suite or so-called host firewall. Individual utilities to accomplish this are also available, such as [http://www.jacobsm.com/mjsoft.htm MJ Registry Watcher] and [http://sourceforge.net/projects/regshot/ Regshot]. [[Category:Computer_Technology]][[Category:Microsoft]][[Category:Windows]][[Category:Security]]