Difference between revisions of "Microsoft Windows Registry Security"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
Line 5: Line 5:
 
Trial software uses the Windows registry to create hidden data that can keep track of when you installed the software, if you have paid for the software, and if the software should be expired.  These entries are also retained so that if you attempt to remove and reinstall the software, expiration status can be retained.
 
Trial software uses the Windows registry to create hidden data that can keep track of when you installed the software, if you have paid for the software, and if the software should be expired.  These entries are also retained so that if you attempt to remove and reinstall the software, expiration status can be retained.
  
Using a Windows native API, registry keys can be created by software as the programmers intention, to hide or obfuscate data using embedded nulls in the key names.  In this way, even if the registry key name is known, it does not appear in the Windows registry editor and cannot be easily removed by the user.
+
Using a Windows native API, registry keys can be created by software as the programmers intention, to hide or obfuscate data using embedded nulls in the key names.  In this way, even if the registry key name is known, it does not appear in the Windows registry editor and cannot be easily removed by the user.  All Registry keys may be restricted by access control lists (ACLs), depending on user privileges, or on security tokens acquired by applications, or on system security policies.
 +
 
 +
== Microsoft Windows Predefined Root Keys ==
 +
 
 +
In a typical Windows XP/2000 machine.
 +
*HKEY_CLASSES_ROOT
 +
*HKEY_CURRENT_USER
 +
*KEY_LOCAL_MACHINE
 +
*KEY_USERS
 +
*HKEY_CURRENT_CONFIG
 +
 
 +
These keys remain fairly consistent in versions since XP - 2007.  The keys at the root level of the hierarchical database are generally named by their Windows API definitions, which all begin "HKEY".  The HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER hives have a similar structure to each other. 
 +
 
 +
Even though the Registry presents itself as an integrated hierarchical database, branches of the Registry are actually stored in a number of disk files called hives.  Some hives are volatile and are not stored on disk at all.  Individual settings for users on a system is stored in a hive as a file on the drive, one per user.

Revision as of 15:08, 23 December 2014

The registry is a database in Windows that contains information about system hardware, installed programs and settings, and profiles of each of the user accounts on your computer. Windows and most software running in windows continually refers to the information in the registry. It is not a requirement for a Windows application to use Windows Registry, although the Windows Registry is designed to store application settings in one logical repository.

Although there are many advantages to the Windows Registry hierarchical database, there are some critical disadvantages from the user point of view. Because the Windows registry is very obfuscated, often times intentionally, unwanted data entries can be added without the user's knowledge. Also, software that adds entries into the registry when installed, often fails to clean those entries up by removal when uninstalled. The Windows registry can become bloated with broken and unused entries. Furthermore, malicious software can embed entries into the registry, such as start-up entries for a virus.

Trial software uses the Windows registry to create hidden data that can keep track of when you installed the software, if you have paid for the software, and if the software should be expired. These entries are also retained so that if you attempt to remove and reinstall the software, expiration status can be retained.

Using a Windows native API, registry keys can be created by software as the programmers intention, to hide or obfuscate data using embedded nulls in the key names. In this way, even if the registry key name is known, it does not appear in the Windows registry editor and cannot be easily removed by the user. All Registry keys may be restricted by access control lists (ACLs), depending on user privileges, or on security tokens acquired by applications, or on system security policies.

Microsoft Windows Predefined Root Keys

In a typical Windows XP/2000 machine.

  • HKEY_CLASSES_ROOT
  • HKEY_CURRENT_USER
  • KEY_LOCAL_MACHINE
  • KEY_USERS
  • HKEY_CURRENT_CONFIG

These keys remain fairly consistent in versions since XP - 2007. The keys at the root level of the hierarchical database are generally named by their Windows API definitions, which all begin "HKEY". The HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER hives have a similar structure to each other.

Even though the Registry presents itself as an integrated hierarchical database, branches of the Registry are actually stored in a number of disk files called hives. Some hives are volatile and are not stored on disk at all. Individual settings for users on a system is stored in a hive as a file on the drive, one per user.