Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry lock VS AV software


  • Please log in to reply
5 replies to this topic

#1 unloco96

unloco96

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 04 December 2010 - 09:41 AM

I want to get other peoples opinions on this subject. I recently had a hard drive crash and I believe that a virus had something to do with it (using Avira at the time). While reconfiguring the new hard drive I did a little research and came across someones post who said that it is better to lock the registry than to have any anti virus program. He basically gave the analogy that its better to have a locked door that only the user can grant permission to allow others in the door. VS. AV software who leaves the door open and puts a security guard in front of it.

To me - it makes sense, and it will give my PC a boost in speed/performance; but I want to hear others thoughts/opinions. Looking forward to hearing them.

Mitch

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 PM

Posted 04 December 2010 - 09:49 AM

It's not a good idea, malware can install itself persistently on your machine without using the registry.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,743 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:45 PM

Posted 04 December 2010 - 10:14 AM

Try that trick against a file infector like Virut or Ramnit which typically infects thousands of .exe (including critical system files required for the operating system) and script files (.php, .asp, .htm, .html, .xml) by injecting code into them. In most cases, you will end up having to reformat and reinstall the OS[/b].

If I guide someone with Virut (or any other File Infector) present and their Antivirus cannot properly disinfect it, then I recommend a format and reinstall...dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall...After all, I think it would be irresponsible to let the malware "stew" (download/spread/run more malware) for another couple of days/weeks if you already know it's a lost case.

miekiemoes' Blog: Virut and other File infectors - Throwing in the Towel?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:02:45 PM

Posted 04 December 2010 - 12:44 PM

I was wondering how you would be locking the registry ?

#5 unloco96

unloco96
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 04 December 2010 - 02:50 PM

Thanks for the responses, So a virus/malware can in fact get by a locked registry without user granting permission. Thats what I was afraid of..I had some doubt on that analogies accuracy. Thanks for not letting me make a huge mistake.

@Bleepin' Janitor-thanks fortunately I have only had to deal with a few viruses in my lifetime, however my daughter doesnt have the safest browsing/downloading habits :wacko:

@Learning To Bleep- I did not have a program in mind, I was just looking for opinions on locking the registry prior to any action.

Currently running Twister AV/firewall now- any opinions on the software?

Thanks again!
Mitch

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,743 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:45 PM

Posted 05 December 2010 - 08:40 AM

QM7's MODUS OPERANDI: "Knowledge and the ability to use it is the best defensive tool anyone could have. An uninformed user can be their own worst enemy when acting in ignorance." :thumbup2:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users