[lotuseclat79]

Quote:

Originally Posted by JohnWill

True, but I remain unconvinced that RegDefend is the only way I'll be able to protect myself.

Now John,

When have I ever said that RegDefend is the ONLY way to protect yourself?

I'm just pointing out that here is probably a good test, and if you run it you will find out if your security measures are weak or strong against the test.

What method someone decides to use to protect themselves is up to them, and there are other ways to protect the registry that I have mentioned, e.g. HIPs, which is how I do it.

-- Tom

[lotuseclat79]

Quote:

Originally Posted by MNG0304

Perhaps Sysinternals has an adequate alternative HERE

Hi MNG0304,

RootkitRevealer cannot protect the registry, but it can find rootkits - most, but not all. Its a constantly changing landscape out there, i.e. the malware authors vs. the security analysts.

The purpose of defending the registry, but whatever means is to protect it from intrusion by malware. RootkitRevealer does not even protect against rootkits, it only is able to detect them after the fact.

Sysinternals does have a register monitor program, RegMon available here:
http://www.sysinternals.com/SystemIn...Utilities.html, but it is a real-time registry monitor, and I haven't tested its registry defense capabilities, if any, so it might be after-the-fact as well for all I know at this point in time without testing it.

-- Tom

[MNG0304]

Thanks for the clarification. Since I am not an IT professional I need such information before I attempt to help others here.

[Rollin' Rog]

The tools at System Internals are analytic only -- very useful when used knowledgeably, but they are not defensive tools.

IMHO, and I'll keep repeating this whenever the subject comes up, most of these anti this and that applications prove to be more of a pain in the kazoo then they are worth -- sooner or later.

Unless you are hell bent on looking for trouble, all you need is a reasonably up-to-date Security patched XP SP2 install, a "safe" browser, freeware antivirus and common sense.

[lotuseclat79]

Hi Rollin' Rog,

For the most part I would agree with you, however, your point-of-view only applies to the "rational" minded, and ignores the otherwise irrational behavior of most of us when we displace our normal behavior unintentionally. And one needn't be hell bent on looking for trouble.

I'm not shilling RegDefend here, I'm just trying to cover all of the bases which for your model of behavior is fine and dandy - if only all of us folks would follow it all of the time, and there were no profit incentive for the bad guys to create ever nastier ways to take over our computers.

Covering all of the bases to me means understanding all of the vectors of attack and seeing that a method is put into place to effectively counter those instances where an attack could occur irrespective of what behavior may keep you safe otherwise.

You model is a fine one to follow, but not everyone is capable of common sense when it is needed most to avoid an attack - even when you are well protected.

As an example, a good friend of mine was intruded up-front and personal when he noticed his router going bonkers - lights flashing abnormally. Lucky he was right there (Verizon DSL) to shut things down and save his computer. If he had taken a break and not been in front of his computer to respond to the atttack, his computer would have had to be OS reinstalled - I am sure, to wipe the pest off of his system. He now also runs a software firewall in addition to his hardware firewall router.

Just goes to show that if an attacker is determined and expert enough, they can bypass almost at will just about any firewall and get onto your system - unless you are well protected. All the more reason to make sure your hardware and software is properly configured so no open holes exist.

Besides, signature-based AVs are not well-equipped to avert Zero-Day infections, but in combination with a good heuristic-based AV can possibly save the day - and just in case you haven't noticed lately, freeware AV does miserable against known threats. Visit http://www.av-comparatives.org to find out how the better AVs compare against one another.

-- Tom

[JohnWill]

Gee Tom, given that statement you must think I'm one of those people that are incapable of exercising common sense when protection my network.

Note: Just kidding.

[lotuseclat79]

Hi John,

Gee, you make it sound like you walked into my broadside! I'm not aiming at anyone in particular, just what I view as common misguided assumptions that stick in my craw!

It's not you or Rollin' Rog I am concerned about. I suspect you both can take care of your computers yourselves. Its the general background readers who use freeware AVs and because someone at TSG swears by it and says it good without the experience of testing its limits or really knowing anything about either the reader's Internet behavior (using P2P or visiting dodgy websites - and then they wonder why they got infected) or their own lack of knowledge about the threats out there on the Internet (other than their own limited blinder viewpoint) vs what little protection they really have. One false step, and kaboom, you see the results everyday 24/7 in the Security forum - and its only going to get worse.

-- Tom

[new tech guy]

Hey tom,
Its really great the registry gaurd and all but i look at the malware and the rest of my pc this way, if disasters gonna strike, its gonna strike wether I have protection or no protection. Sure having the right tools can help but i figure though how is my registry going to be infected if along with spywareblaster, I have adaware to scan for stuff. If that detects somthing and repeated scans do not remove it that's when i go get the potent stuff to get rid of it. Because if spywareblaster is blocking the inlet for this stuff (the internet), there is no file to start an ifection, if there is no file there cannot be an infected registry as when the system sees the nasties coming towards it it simply slams the front door on it. Its good however to have knowledgeable people like you here to teach us. And as Rog said, if i go on a paranoya streak protecting every possible inlet of my pc it would eventually make every day tasks a royal pain to do because then i would have all these blocks and gaurds and whatnot going off at once and just wasting recources and cause sofware conflicts doing everyday tasks like installing a program. I will try your test though.

[lotuseclat79]

AdAware just had a critical article written about it at the Security Focus website - its not as good protection as you think it is - kinda like the swiss cheese that is IE.

SpywareBlaster all by itself is no panacea. What makes you think it protects you against everything?

Your description of all alarms full-steam ahead was indeed paranoid!

The purpose of having a tool is to do something proactive, and in the process you become more knowledgeable in its use and limitations. If it does not do the job you expect, you move on, and get a better tool.

-- Tom

[new tech guy]

Well there I was using an example with alarms and whatnot. But each to his own. I have been using the setup i previously stated for a while and its just hard to move from somthing you understood well and trusted to somthing new. But, even though we have our protection you also have to bear in mind that everything has a backdoor. Doesnt matter if its a registry gaurd or a simple scan with adaware. There's always a way around it. But each to his own opinion. I prefer adaware and spywareblaster and ccleaner on my machine and you use some more sophisticated pro tools but i find the KISS methood works best all the time. That's why i use such a simple setup. It just comes down to a matter of personal preference.

[JohnWill]

Well, my curiousity got the best of me, and I tried RegTest. As I suspected, the first test was successful at changing the registry contents. The second test ran, the computer threw up a whole bunch of error windows as it shutdown, but it was happening too fast to read what kind of exception was happening. When the computer rebooted, it came up to a blank desktop and didn't boot any farther. I rebooted, same result.

I restored my backup image (that was made for just this possibility), deleted all traces of RegTest, and made a mental note to stay far away from that site.

[Rollin' Rog]

I can certainly agree that there are situations where families are involved or folks don't have exclusive control over their systems and can benefit from a little extra defense. But they really ought to create profiles with limited priveleges or even boot in one themselves.

For the careless and impulsive, booting with full Administrative rights, there is no defense. No antivirus, no firewall, no antispyware can protect them when they are inclined to say "yes" to a an install prompt from an untrustworthy source.

Commercial programs are always one or two steps behind the malware specialists.

Check half the threads in the Security forum and see the latest AV and antispyware programs they already have when they come crying for help.

[lotuseclat79]

Quote:

Originally Posted by JohnWill

Well, my curiousity got the best of me, and I tried RegTest. As I suspected, the first test was successful at changing the registry contents. The second test ran, the computer threw up a whole bunch of error windows as it shutdown, but it was happening too fast to read what kind of exception was happening. When the computer rebooted, it came up to a blank desktop and didn't boot any farther. I rebooted, same result.

I restored my backup image (that was made for just this possibility), deleted all traces of RegTest, and made a mental note to stay far away from that site.

John,

I am truly sorry to hear that your computer had problems. Did you run the test from an Admin account priviledge?

-- Tom

[JohnWill]

I ran it from an admin account, though a reasonable test should crash the computer in any case. The fact that their test corrupts a previously working configuration doesn't inspire any confidence in their products.

Imagine is someone slightly less skeptical had done the same thing, only they didn't have a backup? It would obviously be a big problem! I remain totally unimpressed with the test and the company.

[new tech guy]

John my desktop crashed as well but after a few moments everything just loaded normally although i did run registry mechanic and found like 40 problems. But my system turned out fine.