Have you ever wondered why anti-spyware programs like
ParetoLogic's XoftSpySE
also scan your Windows Registry? You may ask, "spyware
programs are executable files, you cannot hide a program in
the registry, can you"?
Indeed, you can't, but many spyware programs do use the
Windows Registry in order to conceal themselves, or in order
to make better stowaways on your ship. There are various
ways in which spyware programs use the Windows Registry, to
find out how read on.
First of all, the Windows Registry stores system-wide
settings, which include a number of fairly important ones,
such as the keys which contain the programs to run upon the
system's start up sequence, or the registered browser helper
objects in the system. These keys are all public, meaning
that any program can write to them without restriction (or,
on systems where user hierarchy is enforced, programs with
Administrator or Power User privileges can write to them
without restriction). They are in fact used by installation
programs, so they are the target of both legitimate and
illegitimate installations.
However, this is still not the whole picture. The Windows
Registry contains several other system-wide settings, which
allow for programs to conceal themselves under different
identities or exploiting various vulnerabilities and to
start and run with elevated privileges so as to have access
to more of the computer's resources. Cont...
In addition to allowing programs to conceal themselves, the
Windows Registry is also an important source of information
and perhaps this is the most significant part. The registry
contains personal information, information about the
hardware and software of your system and in the case of some
applications, even sensitive personal information which is
stored in the registry in non-readable form in an attempt to
keep it secure. However, Windows is fairly liberal about
registry access, and with many users not enforcing security
settings, this information is readily available to any kind
of spyware programs.
Due to this liberality, it is possible to change many
sensitive system-wide settings. The registry is used to
store almost any kind of system-wide settings, security
settings included. It can be used not only to guess what
vulnerabilities does the system exhibit, but it can also be
used to open new ones, by simply manipulating settings
accordingly.
It is easy to see that the availability of data in a
readable form itself is reason enough for spyware-related
concerns. However, it is very difficult, if not completely
impossible to protect yourself from this kind of problem,
this is what the Windows Registry was created for in the
first place.
However, using a good registry-cleaning software can still
be helpful for cleansing purposes, in two cases, both of
them reasonable when the registry cleaning software is used
in conjunction with anti-spyware software. First of all,
when a system is disinfected, the spyware that has just been
purged does leave some tracks in the registry. Although
anti-spyware programs do as good a job as possible in
cleaning after them, they are not registry cleaning
software, and cleaning your registry after a successful
disinfection can prove very helpful. Furthermore, if the
registry is kept in good order, scanning it is faster and
more reliable. As a consequence, if you consistently use a
good registry cleaning program like
RegCure, your
anti-spyware program will be able to scan your registry
faster and more reliably.
