Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    4 Star Lounger
    Join Date
    Jun 2010
    Location
    Littleton, Colorado
    Posts
    492
    Thanks
    33
    Thanked 6 Times in 6 Posts

    Is there any way to lock down the Registry?

    I recently went to a an apparently reputable website to do a search for an old friend. However, the site was asking too many questions, and I didn't feel comfortable continuing, so I left the site.

    I immediately scanned my computer for malware, using several programs. Malewarebytes identified 2 PUP's that had entries added to my registry. I understand that PUP's are not necessarily harmful, but I immediately deleted them.

    My question is, how can I lock down my registry to prevent ANYTHING from changing it without my permission?

  2. #2
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,618
    Thanks
    147
    Thanked 875 Times in 837 Posts
    You can protect your system with a good antivirus program and Firewall and safe browsing and create regular system images when the machine is good - as Holdum333 has already said in his Post #2

    While no AV program is 100% effective, his advice is sound.

    His signature is in blue and is about a back up image of your OS is the best friend you will ever have.

  3. The Following 2 Users Say Thank You to Sudo15 For This Useful Post:

    holdum333 (2016-03-19),RolandJS (2016-03-19)

  4. #3
    4 Star Lounger
    Join Date
    Jun 2010
    Location
    Littleton, Colorado
    Posts
    492
    Thanks
    33
    Thanked 6 Times in 6 Posts
    Sudo, I do regular system imaging using Acronis True Image, and create frequent restore points between images.

    I use Avast antivirus (continually active in the background), and do on-demand scans with TDSS (Kaspersky), Malwarebytes, Spybot, and SuperAntiSpyware on a regular basis. I run SFC each time I do my on-demand scans.

    I keep Windows Firewall active, and my ASUS router also provides firewall protection.

    And, of course, I practice safe surfing.

  5. #4
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Les,

    One big thing you can do is to normally run your computer with a Standard User Account. This will automatically protect a good portion of the registry from change.

    Logon to your Administrator account ONLY when you need to.

    HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  6. The Following User Says Thank You to RetiredGeek For This Useful Post:

    holdum333 (2016-03-20)

  7. #5
    Lounger akjudge's Avatar
    Join Date
    Jan 2014
    Posts
    41
    Thanks
    1
    Thanked 8 Times in 7 Posts
    For casual surfing, I use Time Freeze, which is a virtual (sandbox) environment. Turn it on, surf, turn it off and any changes made to the computer are lost on reboot, since the changes are only to the "virtual" registry and not the real registry. Any "sandbox" program would work..

  8. The Following User Says Thank You to akjudge For This Useful Post:

    holdum333 (2016-03-20)

  9. #6
    4 Star Lounger
    Join Date
    Jun 2010
    Location
    Littleton, Colorado
    Posts
    492
    Thanks
    33
    Thanked 6 Times in 6 Posts
    RG, I understand why you suggest using a standard account. However, I prefer an administrator account (which I've set up my machine to automatically boot into without a password), since I'm the only one that ever uses this machine. I often make changes to my configuration (installing apps, updating, etc.), and I don't want anything to prevent me from doing that, even having to log in as Admin. I've even disabled UAC. I understand that it's a bit more risky than using a standard account, but I'm fairly careful in my computing habits and I'm willing to take that risk. In fact, if you've seen my other thread on this forum (Losing Permissions), you'll see that I'm considering running as a "super Administrator" to eliminate the minor annoyance of occasionally losing my administrative permissions.

  10. #7
    Star Lounger
    Join Date
    Feb 2010
    Location
    near Ottawa, Ontario, Canada
    Posts
    73
    Thanks
    111
    Thanked 15 Times in 14 Posts
    Hey Les (et al),

    Another great piece of software not mentioned above is SandboxIE.
    http://sandboxie.com/
    It started life as a way to make IE safe(r) (thus the name), but blossomed into a great little sandbox program for running any application. I have been a user for years. The company was bought out a while ago, but from my perspective nothing has changed drastically, updates are still being offered.

    I suggest that for any web sites that you do not trust (or even for every browser instance!) run a sandboxed version of the browser.

    While running sandboxed, an application will _believe_ it is making changes to the registry and filesystem, but it is NOT! Changes are made safely within the sandbox only. When you delete the sandbox contents all those registry and filesystem changes are also deleted.

    It has been a while since I played with it, but I also remember a SandboxIE add-in that would let you see all the registry and filesystem changes that an application _tried_ to make. It was a great way to do a test install of a new application; do the install inside a new sandbox, then you could scrutinize all the registry and filesystems changes the installer tries to make. And then, only if you trust it, you could run the installer un-sandboxed.

    Stay vigilant and stay safe!

    -brino

  11. The Following User Says Thank You to brino For This Useful Post:

    LesF (2016-03-30)

  12. #8
    4 Star Lounger
    Join Date
    Jun 2010
    Location
    Littleton, Colorado
    Posts
    492
    Thanks
    33
    Thanked 6 Times in 6 Posts
    Thanks for the suggestion, brino.
    I looked at their web site, and there's a lot of info there that I need to look into before I try Sandboxie (including info about conflicts with some software). Since it doesn't appear that I can download a trial (free) version, I want to do some homework before I make a purchase.

  13. #9
    Silver Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    2,373
    Thanks
    235
    Thanked 147 Times in 136 Posts
    The Personal (Home Use) License for Sandboxie:

    Is personal and is not transferable into computers or electronic media that you do not own;
    Permits you to use Sandboxie on one (1) computer;
    Covers the current version and all future versions of Sandboxie;
    Removes the nag screen that initially appears after you have used Sandboxie for more than 30 days;
    Enables the Forced Programs and Forced Folders features;
    Allows you to run programs in more than one sandbox at the same time (see message SBIE1303);
    But does not entitle you to any guaranteed level of technical support.
    Price excludes VAT for European customers.
    Price in USD and other currencies varies according to Euro conversion rate. Please enter the online store to see the actual price.

    See also: FAQ Licensing. If you do not agree to these terms, you may continue to use Sandboxie free of charge, as long as you are not in violation of any of the conditions of the End-User License Agreement.
    Check again
    David

    Just because you don't know where you are going doesn't mean any road will get you there.

  14. The Following User Says Thank You to wavy For This Useful Post:

    LesF (2016-03-30)

  15. #10
    4 Star Lounger
    Join Date
    Jun 2010
    Location
    Littleton, Colorado
    Posts
    492
    Thanks
    33
    Thanked 6 Times in 6 Posts
    Thanks, wavy.

  16. #11
    4 Star Lounger
    Join Date
    Jan 2010
    Location
    Fort McMurray, Alberta, Canada
    Posts
    559
    Thanks
    51
    Thanked 68 Times in 66 Posts
    This suggestion is a bit "out there", but here goes. If the Registry specifically is your concern, you can make backups of just that using the RegEdit tool. To do so, use the following:

    Start | Search | RegEdit | UAC Warning: OK | (right click) Computer | Export | File: Full_Registry_Backup_(date).reg | Save

    For Windows 10 you can search using Cortana, but the rest of the command sequence stays the same.

  17. #12
    4 Star Lounger
    Join Date
    Jun 2010
    Location
    Littleton, Colorado
    Posts
    492
    Thanks
    33
    Thanked 6 Times in 6 Posts
    Thanks for replying, BHarder. Backing up the registry is not the issue (I already knew how to do that). My concern is if the registry gets modified and I don't know about it (and therefore don't use my backup).

  18. #13
    5 Star Lounger
    Join Date
    Jan 2004
    Location
    Praha
    Posts
    988
    Thanks
    56
    Thanked 105 Times in 90 Posts
    Les,

    Reading through this thread I think you may misunderstand the way the Registry is used.

    In straightforward terms, it is the place where settings and usage information are stored both by Windows itself and by almost all applications.

    So every time you start Windows, install open or remove an application, as well as when you make deliberate changes, changes will be made to the Registry.
    You cannot simply "freeze" it, much though you'd like to for reasons I fully understand: Windows itself and your applications need to make changes all the time to function properly.

    That leaves you with 5 things to do to protect yourself:

    1. Be careful - as you say you are - in your use of your PC.
    2. Protect yourself with a good AV and scan routinely for malware.
    3. Take regular image backups so that you can restore your PC to a known good state in case of severe issues
    4. Use software which alerts you to potential harmful changes to the Registry. My favourite is WinPatrol (free) which sits quietly in the background until a non-routine Registry change is attempted - at which point it flags up a warning and asks you whether or not you expected / approve it.
    5. Stop using the Administrator account for everything and running with UAC turned off. That is just asking for trouble and will, one day, undo all your good work.
    "eliminat(ing) the minor annoyance of occasionally losing my administrative permissions" is going even further down this reckless route and you may well end up with the massive annoyance of getting a trashed system.
    There's no point in giving you advice on the small things if this elephant in the room is ignored.

  19. The Following User Says Thank You to MartinM For This Useful Post:

    LesF (2016-03-31)

  20. #14
    4 Star Lounger
    Join Date
    Jun 2010
    Location
    Littleton, Colorado
    Posts
    492
    Thanks
    33
    Thanked 6 Times in 6 Posts
    Martin, thanks for your post.

    In response to your 5 recommendations:

    1. Already doing that.

    2. Already doing that.

    3. Already doing that.

    4. Good advice which I am planning to follow. I'm already looking into Sandboxie, and will also include WinPatrol in my research.

    5. I have no intention of running my computer as anything but an administrator.
    I believe that items 1, 2, and 3 address the "elephant in the room", and item 4 will help. But I will continue to try to eliminate the "minor annoyance" of losing my administrative privileges, as that happens far more frequently than having to reinstall my system from an image, and is therefore more annoying to me.

    Thanks again for your help.

  21. #15
    5 Star Lounger
    Join Date
    Jan 2004
    Location
    Praha
    Posts
    988
    Thanks
    56
    Thanked 105 Times in 90 Posts
    I have no intention of running my computer as anything but an administrator.
    OK, as you wish. But there's no point in putting more and more locks on your back door if you are going to leave the front door wide open.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •