Difference between revisions of "Talk:Microsoft Windows Registry Security"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
(software)
(HIPS - Host Intrusion Prevention System: new section)
 
(2 intermediate revisions by one user not shown)
Line 3: Line 3:
 
* Windows Sysinternals - [http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Procmon.exe] - Monitors registry keys in real-time.  Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
 
* Windows Sysinternals - [http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Procmon.exe] - Monitors registry keys in real-time.  Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
  
* Spybot Search and Destroy has registry monitoring capabilities.
+
* Spybot Search and Destroy has registry monitoring capabilities. Resident “TeaTimer” (Protection of over-all system settings) Active. TeaTimer part of Spybot S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future
  
 
* [http://www.jacobsm.com/mjsoft.htm MJ Registry Watcher] (freeware)- MJ Registry Watcher is a simple registry, file and directory hooker/poller, that safeguards the most important startup files, registry keys and values, and other more exotic registry locations commonly attacked by trojans.
 
* [http://www.jacobsm.com/mjsoft.htm MJ Registry Watcher] (freeware)- MJ Registry Watcher is a simple registry, file and directory hooker/poller, that safeguards the most important startup files, registry keys and values, and other more exotic registry locations commonly attacked by trojans.
Line 9: Line 9:
 
* [http://www.nirsoft.net/utils/reg_file_from_application.html RegFromApp v1.33] - RegFromApp monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes with RegEdit when it's needed.
 
* [http://www.nirsoft.net/utils/reg_file_from_application.html RegFromApp v1.33] - RegFromApp monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes with RegEdit when it's needed.
  
* [http://sourceforge.net/projects/regshot/ regshot] - sourceforge project, Win32 (MS Windows), Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product.
+
* [http://sourceforge.net/projects/regshot/ regshot] - sourceforge project, Win32 (MS Windows), Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product. RegShot - RegShot, a free Windows utility for monitoring your registry.  Take a snapshot of your registry before installing, then take another after you've put the new app in place. RegShot tells you what's changed in your registry, and can also monitor folders you specify for new and changed files
  
 
* Spy The Spy: http://www.mediachance.com/free/spythespy.htm
 
* Spy The Spy: http://www.mediachance.com/free/spythespy.htm
  
 
* Tigzy's DiffView: http://www.adlice.com/softwares/diffview/
 
* Tigzy's DiffView: http://www.adlice.com/softwares/diffview/
 +
 +
* RootkitRevealer v1.71 By Bryce Cogswell and Mark Russinovich
 +
 +
== HIPS - Host Intrusion Prevention System ==
 +
 +
Like curvy hips?  How about straight hips, or a straight forward Host Intrusion Prevention System?  HIPS is a program that alerts the user to a malware program such as a virus that may be trying to run on the user's computer, or that an unauthorized user such as a hacker may have gained access to the user's computer.
 +
 +
A HIPS program seeks to retain the integrity of the system in which it is installed by preventing changes to that system from unauthorized sources. Normally it does this by generating a security popup alert asking the user whether any change should be authorized.
 +
 +
Adding any HIPS program will generate more work in terms of configuration requirements and alert management. HIPS programs in general can be somewhat ambiguous with what they find so you should be prepared to confirm their findings. With only average knowledge you might find it a challenge to interpret the results.
 +
 +
* WinPatrol - objective is to warn you about alterations to your system which may be malware generated. It does this by taking a snapshot of your system settings and alerting you to any changes. WinPatrol operates using a heuristic approach which makes it more likely to find new malware than traditional signature based scanners which are heavily reliant on updates.
 +
 +
* MJ Registry Watcher - a simple registry, file and directory hooker/poller that safeguards the most important startup files, registry keys, and other more exotic registry locations commonly attacked by Trojans. It has very low resource use, and is set to poll every 30 seconds by default.  Exactly which keys and files are protected can be completely configured by the user, although the sets supplied with MJRW will cover most standard PCs.  Process Launch Monitoring, Folder and File Hooking, EMailing of Alerts and Quarantining of Files and Directories.  There is an active thread for this software at Wilders forum here: http://www.wilderssecurity.com/showthread.php?t=54666 The author, Mark Jacobs, also maintains a range of other free software on his website and will respond to emails for support if requested.
 +
 +
* SOURCE: [http://www.techsupportalert.com/content/hips-explained.htm gizmo's freeware, the best freeware reviewed and rated: HIPS Explained]

Latest revision as of 16:07, 23 December 2014

software

  • Windows Sysinternals - Procmon.exe - Monitors registry keys in real-time. Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
  • Spybot Search and Destroy has registry monitoring capabilities. Resident “TeaTimer” (Protection of over-all system settings) Active. TeaTimer part of Spybot S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future
  • MJ Registry Watcher (freeware)- MJ Registry Watcher is a simple registry, file and directory hooker/poller, that safeguards the most important startup files, registry keys and values, and other more exotic registry locations commonly attacked by trojans.
  • RegFromApp v1.33 - RegFromApp monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes with RegEdit when it's needed.
  • regshot - sourceforge project, Win32 (MS Windows), Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product. RegShot - RegShot, a free Windows utility for monitoring your registry. Take a snapshot of your registry before installing, then take another after you've put the new app in place. RegShot tells you what's changed in your registry, and can also monitor folders you specify for new and changed files
  • RootkitRevealer v1.71 By Bryce Cogswell and Mark Russinovich

HIPS - Host Intrusion Prevention System

Like curvy hips? How about straight hips, or a straight forward Host Intrusion Prevention System? HIPS is a program that alerts the user to a malware program such as a virus that may be trying to run on the user's computer, or that an unauthorized user such as a hacker may have gained access to the user's computer.

A HIPS program seeks to retain the integrity of the system in which it is installed by preventing changes to that system from unauthorized sources. Normally it does this by generating a security popup alert asking the user whether any change should be authorized.

Adding any HIPS program will generate more work in terms of configuration requirements and alert management. HIPS programs in general can be somewhat ambiguous with what they find so you should be prepared to confirm their findings. With only average knowledge you might find it a challenge to interpret the results.

  • WinPatrol - objective is to warn you about alterations to your system which may be malware generated. It does this by taking a snapshot of your system settings and alerting you to any changes. WinPatrol operates using a heuristic approach which makes it more likely to find new malware than traditional signature based scanners which are heavily reliant on updates.
  • MJ Registry Watcher - a simple registry, file and directory hooker/poller that safeguards the most important startup files, registry keys, and other more exotic registry locations commonly attacked by Trojans. It has very low resource use, and is set to poll every 30 seconds by default. Exactly which keys and files are protected can be completely configured by the user, although the sets supplied with MJRW will cover most standard PCs. Process Launch Monitoring, Folder and File Hooking, EMailing of Alerts and Quarantining of Files and Directories. There is an active thread for this software at Wilders forum here: http://www.wilderssecurity.com/showthread.php?t=54666 The author, Mark Jacobs, also maintains a range of other free software on his website and will respond to emails for support if requested.