Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

RE: Registry Watcher
From: "Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh () online gateway technolabs net>
Date: Sun, 9 May 2004 09:35:18 +0530
the common installation inserts and all programs have values that must be
inserted. If a "watcher" would have a data base to follow and any odd or
uncommon entries could be flagged. As far as I know all newly found viruses
insert registry entries and these could be placed in a data base that would
cause registry to deny and flag. 



viruses generally attack registry first because most of the application including 
os use registry for running properly.. so registry is the favorite target. but 
a virus can do much harm without changing registry also. 




hey for this sort of thing i use a program called as proport, it watches all the autostart up registry entries and 
alerts u when any new program is added to it. this program sits in the system tray so it is not obstrusive download it 
from www.tudpage.com u dont want regmon but proport for this sort of thing

-aditya


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]