First let me clarify something. I've been aware of RegRun for several years but never had a chance to try it out. But looking at the program's description I have a pretty good idea of what it does and it shouldn't be mistaken for a Registry Cleaner. I agree with the majority of staff at BC that regcleaners often do more harm than good. In the last year or two it's been the new snake oil. RegRun sounds to me more like an automated startup manager. Except for the automation it is more like HijackThis and AutoRuns. Basics of malware removal is that malware has to set itself to start/load somehow as users aren't going to run it if they know what it is. So you use programs like RegRun, HJT or AutoRuns to look thru areas of the registry for where any file/program can be set to run automatically. You prevent the malware from running, you prevent its unwanted behavior.
HJT and AutoRuns only enumerate startup locations and what is there. The user must decide or be advised of what to remove--what is normal and what is malicious. That can take a good bit of knowledge that is not always easy to gain. But I would still be leary of RegRun automating this process and here's why. As someone who has trained people to use HJT as malware removal specialists, I'm aware of some website's that try to automate the analyses of HJT. There are a few--some better than others, but they all have a big drawback; no recognition of totally new and unknown malware. HJT and similar tools have been used to discover new malware, it's one of it's prime purposes. I believe RegRun has a huge whitelist--I run across their database of whether files are malicious or not fairly often--but even so a second problem is false positives. There is lots of stuff that wants to reside in your SystemTray and it is well nigh impossible to document them all. And then consider that you can have a malware file the same name as a legitimate file but be in the wrong folder--does RegRun check location as well as file name?
And lastly, even if malware is correctly identified, sometimes when it's removed it can cause major problems. A prime example is the rash in the last year or so of malware writing to userinit.ini--rather than edit the test of that file, it was getting deleted which prevented people from being able to log on to Windows. Not easy to fix.
I have to say that RegRun does not have a bad reputation--which is actually saying a lot now with all the rogues out there. It does have some features that sound really nice. It may do a better job than I think. I can't really say since I've not used it. You seem to like it but it's not for me. I know I would never pay for it, but that is up to you. And of course Trend, as well as all AV companies are going to turn their noses up at other security software--that's just in their own best interest. AnitVir tried to tell people not to use SpywareBlaster when it was finding its reg entries as false positives. To be fair, tho, their mindset is that more than one security program will conflict, which is true when you're talking more than one On Access antivirus scanner . As far as RegRun's main function, I don't see where it would conflict with Trend--but I could be wrong--plus don't know about all the bells and whistles that come with security programs now.
As far as flames, this statement could start one from fanboys of other programs:
Seems like these two programs are the complete defense and cure for malware.
No such animal exists--certainly not any program or combination thereof. The closest you can get is to modify your own behavior so that malware doesn't get in in the first place. Otherwise the only cure is to not use the internet and don't let anyone else access the computer and/or its USB ports. The perfect firewall is wirecutters.
I'm glad to hear you like Trend. I've not run it either, which is why I hesitated to respond to this thread. Personally I could care less how well it removes malware. What I care about is how well does it prevent it from getting in? You get infected with an information stealer like a banker trojan, usually your vital info is already in someone else's hands by the time you find and remove it.
Edited by Papakid, 28 August 2009 - 01:03 AM.