Is there any way to lock down the Registry?

Topic

New Reply

I recently went to a an apparently reputable website to do a search for an old friend. However, the site was asking too many questions, and I didn’t feel comfortable continuing, so I left the site.

I immediately scanned my computer for malware, using several programs. Malewarebytes identified 2 PUP’s that had entries added to my registry. I understand that PUP’s are not necessarily harmful, but I immediately deleted them.

My question is, how can I lock down my registry to prevent ANYTHING from changing it without my permission?

Reply | Quote

Replies

You can protect your system with a good antivirus program and Firewall and safe browsing and create regular system images when the machine is good – as Holdum333 has already said in his Post #2

While no AV program is 100% effective, his advice is sound.

His signature is in blue and is about a back up image of your OS is the best friend you will ever have.

Reply | Quote

Sudo, I do regular system imaging using Acronis True Image, and create frequent restore points between images.

I use Avast antivirus (continually active in the background), and do on-demand scans with TDSS (Kaspersky), Malwarebytes, Spybot, and SuperAntiSpyware on a regular basis. I run SFC each time I do my on-demand scans.

I keep Windows Firewall active, and my ASUS router also provides firewall protection.

And, of course, I practice safe surfing.

Reply | Quote

Les,

One big thing you can do is to normally run your computer with a Standard User Account. This will automatically protect a good portion of the registry from change.

Logon to your Administrator account ONLY when you need to.

HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

For casual surfing, I use Time Freeze, which is a virtual (sandbox) environment. Turn it on, surf, turn it off and any changes made to the computer are lost on reboot, since the changes are only to the “virtual” registry and not the real registry. Any “sandbox” program would work..

Reply | Quote

RG, I understand why you suggest using a standard account. However, I prefer an administrator account (which I’ve set up my machine to automatically boot into without a password), since I’m the only one that ever uses this machine. I often make changes to my configuration (installing apps, updating, etc.), and I don’t want anything to prevent me from doing that, even having to log in as Admin. I’ve even disabled UAC. I understand that it’s a bit more risky than using a standard account, but I’m fairly careful in my computing habits and I’m willing to take that risk. In fact, if you’ve seen my other thread on this forum (Losing Permissions), you’ll see that I’m considering running as a “super Administrator” to eliminate the minor annoyance of occasionally losing my administrative permissions.

Reply | Quote

I prefer an administrator account … I’ve even disabled UAC.

That’s just asking for trouble.

Cheers,
Paul Edstein
[Fmr MS MVP - Word]

Reply | Quote

Hey Les (et al),

Another great piece of software not mentioned above is SandboxIE.
http://sandboxie.com/
It started life as a way to make IE safe(r) (thus the name), but blossomed into a great little sandbox program for running any application. I have been a user for years. The company was bought out a while ago, but from my perspective nothing has changed drastically, updates are still being offered.

I suggest that for any web sites that you do not trust (or even for every browser instance!) run a sandboxed version of the browser.

While running sandboxed, an application will _believe_ it is making changes to the registry and filesystem, but it is NOT! Changes are made safely within the sandbox only. When you delete the sandbox contents all those registry and filesystem changes are also deleted.

It has been a while since I played with it, but I also remember a SandboxIE add-in that would let you see all the registry and filesystem changes that an application _tried_ to make. It was a great way to do a test install of a new application; do the install inside a new sandbox, then you could scrutinize all the registry and filesystems changes the installer tries to make. And then, only if you trust it, you could run the installer un-sandboxed.

Stay vigilant and stay safe!

-brino

Reply | Quote

Thanks for the suggestion, brino.
I looked at their web site, and there’s a lot of info there that I need to look into before I try Sandboxie (including info about conflicts with some software). Since it doesn’t appear that I can download a trial (free) version, I want to do some homework before I make a purchase.

Reply | Quote

The Personal (Home Use) License for Sandboxie:

Is personal and is not transferable into computers or electronic media that you do not own;
Permits you to use Sandboxie on one (1) computer;
Covers the current version and all future versions of Sandboxie;
Removes the nag screen that initially appears after you have used Sandboxie for more than 30 days;
Enables the Forced Programs and Forced Folders features;
Allows you to run programs in more than one sandbox at the same time (see message SBIE1303);
But does not entitle you to any guaranteed level of technical support.
Price excludes VAT for European customers.
Price in USD and other currencies varies according to Euro conversion rate. Please enter the online store to see the actual price.

See also: FAQ Licensing. If you do not agree to these terms, you may continue to use Sandboxie free of charge, as long as you are not in violation of any of the conditions of the End-User License Agreement.

Check again :^_^:

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Thanks, wavy.

Reply | Quote

This suggestion is a bit “out there”, but here goes. If the Registry specifically is your concern, you can make backups of just that using the RegEdit tool. To do so, use the following:

Start | Search | RegEdit | UAC Warning: OK | (right click) Computer | Export | File: Full_Registry_Backup_(date).reg | Save

For Windows 10 you can search using Cortana, but the rest of the command sequence stays the same.

Reply | Quote

Thanks for replying, BHarder. Backing up the registry is not the issue (I already knew how to do that). My concern is if the registry gets modified and I don’t know about it (and therefore don’t use my backup).

Reply | Quote

Les,

Reading through this thread I think you may misunderstand the way the Registry is used.

In straightforward terms, it is the place where settings and usage information are stored both by Windows itself and by almost all applications.

So every time you start Windows, install open or remove an application, as well as when you make deliberate changes, changes will be made to the Registry.
You cannot simply “freeze” it, much though you’d like to for reasons I fully understand: Windows itself and your applications need to make changes all the time to function properly.

That leaves you with 5 things to do to protect yourself:

1. Be careful – as you say you are – in your use of your PC.
2. Protect yourself with a good AV and scan routinely for malware.
3. Take regular image backups so that you can restore your PC to a known good state in case of severe issues
4. Use software which alerts you to potential harmful changes to the Registry. My favourite is WinPatrol (free) which sits quietly in the background until a non-routine Registry change is attempted – at which point it flags up a warning and asks you whether or not you expected / approve it.
5. Stop using the Administrator account for everything and running with UAC turned off. That is just asking for trouble and will, one day, undo all your good work.
“eliminat(ing) the minor annoyance of occasionally losing my administrative permissions” is going even further down this reckless route and you may well end up with the massive annoyance of getting a trashed system.
There’s no point in giving you advice on the small things if this elephant in the room is ignored.

Reply | Quote

Martin, thanks for your post.

In response to your 5 recommendations:

1. Already doing that.

2. Already doing that.

3. Already doing that.

4. Good advice which I am planning to follow. I’m already looking into Sandboxie, and will also include WinPatrol in my research.

5. I have no intention of running my computer as anything but an administrator.
I believe that items 1, 2, and 3 address the “elephant in the room”, and item 4 will help. But I will continue to try to eliminate the “minor annoyance” of losing my administrative privileges, as that happens far more frequently than having to reinstall my system from an image, and is therefore more annoying to me.

Thanks again for your help.

Reply | Quote

I have no intention of running my computer as anything but an administrator.

OK, as you wish. But there’s no point in putting more and more locks on your back door if you are going to leave the front door wide open.

Reply | Quote

OK, as you wish. But there’s no point in putting more and more locks on your back door if you are going to leave the front door wide open.

About as useful as a padlock on a tent.

Cheers,
Paul Edstein
[Fmr MS MVP - Word]

Reply | Quote