How to protect our windows registry being accessible to third party?

Hi guys,

Would like to know whether CFP protect our windows registry entries and values being accessible to outsider or within the same network? there has been quite a number of tools (be it free or paid) are availble in the market to spy our system by crawling data through our registry as well as saved username and password in Internet Explorer. I think this apply to Firefox too. I wonder what are the steps to prevent this and to get ourself protected? I wonder whether there is any other specific tools from Comodo to attend to this issue?

Thanks.

Regards,
Jenson

Hi,

If you mean preventing modifications to the registry, the most straightforward and effective approach is running Windows as a limited user instead of administrator. If you run as administrator there are programs such as Windows Defender or Spybot S&D Teatimer that monitor the Windows registry.

If you mean preventing data leak, well I guess you’re looking for an antispyware program. You could try BOClean. CFP also helps to prevent data leak since any malware wishing to transmit back, even if it’s managed to run unimpeded, will have to get through CFP’s app monitor and behaviour analysis.

Hi,

you can try an excellent little program: MJ Registry Watcher.

“MJ Registry Watcher is a system tray program that monitors and alerts you to changes to any registry keys files or folders. The default set of keys and files should ensure that nothing gets run at startup without your knowledge and important boot up files don’t get changed behind your back, but you can configure it to suit your own needs. The program can also keep a full history of alerts in a log file.”

Starting from V1.2.5.5, MJ Registry Watcher has turned payware. The last freeware version (V1.2.5.4) has been make available for direct download here:
http://www.portablefreeware.com/?id=703

Hi guys,

What I mean is to prevent data leak, so if I have the CFP I don’t need another tools since it block everything unless otherwise allowed by me?

Regards,
Jenson

Yes, but if by mistake you allow to start unknown malware, an utility like that is necessary to know registry changes, and so discover that started software is malicious (If antivirus or firewall have not malware signature).

Create regular System Restore points. A “Restore Point” is an image of the Registry for that particular date and time.

Thanks for the replies guys.

Btw ZIto, what I mean is to safeguard it from exploitation and third party manipulation. My office PC is joined to company domain, and hence it has exposure to threats if the server and domain controller, and etc are infected and strike the network and spread across to infect other PCs under them.

I would afraid that the registry might changed. Also, is that possible that a domain server with malware or spyware, and etc running could ever read from my registry and make changes without my knowledge? How can I go about securing my registry from such attempts?

Thanks.

Regards,
Jenson

PS: Sorry for the late reply.

A simple solution to prevent access to your registry from the network, is to run services.msc and disable the Remote Registry service. Doing this, your registry can only be modified by someone sitting at your PC.

Be careful, however, some services need this option to be enabled.

Toggie

Edit: Take a look at this: http://support.microsoft.com/kb/314837

Hey Toggie,

Thanks for the reply =)

I will try to do what you mean and see whether it affects anything or not.

Regards,
Jenson

Have try out it and not sure about the outcome yet and seems like most of the steps are already done maybe by group policy. So it would still be risk where the server is exploited and hence the malware (and etc) can come in to my office PC and access my Registry. Hmm…

Btw, can they access my Registry if they VPN or remote into my computer?

If your ‘Remote Registry’ service is disabled via Group Policy, anyone attempting to gain access (even if it were possible) would have to change the Group Policy settings on the Domain server, ensure the changes were distributed and require a logoff/logon from you for the changes to take effect.

Btw, can they access my Registry if they VPN or remote into my computer?

First, they’d have to be given the right to access your PC remotely, that is, made part of the Remote Access User group. Second, you (or someone) would have had to configured Remote Access/VPN so that they can gain access that way. Third, only if they have appropriate rights on your PC. If they’re not members of the Domain/Administrators, Local/Administrators, they won’t be able to.

I think your worrying too much :slight_smile:

Toggie

Hi Toggie,

Ok. I always worry too much I think. I just want to play safe rather than sorry. Since according to you, it wouldn’t cause any much problems, then is it safe to say that as long as I have CFP on, it should be safe enough?

Thanks.

Regards,
Jenson

Hi Jenson.

A firewall, properly configured, should keep most unwanted requests from getting in, and most undesirable nasties getting out, that’s what it’s does.

Your concern, as far as I can tell, is someone being able to access your registry remotely. To do this they will need access. That includes bypassing all the barriers I mentioned before and of course, being able to penetrate your firewall.

Toggie

Hi Toggie,

Looks like I’m worrying too much. So I think now I can feel relieved as the firewall protect me from remote registry changes too.

Thanks for all the time and efforts spent on explaining all these to me =)

So far I’m quite safe with Comodo Firewall Pro on, but the browser is not well-protected, I used to have Kaspersky Antivirus and it helps me in preventing malicious scipts from attacking my PC through web browser. I wonder when will Comodo come out with this feature =)

Regards,
Jenson

If you use MS Internet Explorer or Mozilla Firefox, and you don’t want to bother configuring FF yourself, you can use Spyware Terminator for that.

Firefox plus the Noscript extension…

That’s the reason I want to see this feature available in CFP next time, as I don’t want to use NoScript for firefox =)

Btw, if I really use it, but when I’m using I Internet Explorer I will have to worry about that too. Yes, installing a third party software like what Japo mentioned - Spyware Terminator will solve it, but I hope to minimize the total number of app running and have CFP cater for that problem for me instead =)

Anyway, thanks for all the replies from Japo and Toggie =)

Regards,
Jenson

You could always NOT use IE :slight_smile:

Noscript works very well, btw. :slight_smile:

Ok, No prob. My Firefox is installed with No Script ever since I used it for the first time =)

Seems like I cannot get rid of it now, but to restrict myself from using IE.

Thanks.

Regards,
Jenson

I use Script Sentry. Nothing gets past that.

http://www.jasons-toolbox.com/programs.asp?Program=Script%20Sentry

Ken: