Small businesses cannot afford the constant contact with IT support that larger companies enjoy. To that end, it is imperative to proactively protect one of the most important points of contact within the Windows operating system: the Registry.
Every time an application is installed, it adds new entries to the Registry. In some instances, applications venture into sensitive areas of the registry -- most importantly, the startup area. Or, worse, an application is hiding malware that will write its entry to the Registry to enable it to auto-start at boot. There are cases when legitimate software writes to the startup so it will start upon boot; you delete it, only to find it automatically rewrites itself. The best way to circumvent disaster is to not allow that entry to be written, but sometimes you have no idea it's happening. Fortunately, Registry Alert can sit in the background and watch for applications attempting to make those changes.
Registry Alert's features
The easy to use tool can:
- Monitor Registry keys for changes
- Create automatic rules for specific programs (i.e., allow or deny access to the Registry)
- Stop running processes and configure the program to never allow the process to start
- Restore removed keys
- Display popups to warn you of suspect Registry entries
- Offer a first-run auto scan
- Monitor registry keys outside of the startup entries
Install Registry Alert
Registry Alert can be installed on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows 7. There is no trick to installing Registry Alert; it's as simple as any other Windows application installation.After Registry Alert is installed, you will probably see popups warning you of current Registry entries in the startup (Figure A). Figure A
Registry Alert catching a legit app (Rocket Dock) in startup.
For each of these alerts, you can click No if you don't want to delete the entry or click Yes to delete the entry. If you delete the entry, you have three options:
- Always Delete The Option prevents the application from ever writing an entry to the startup Registry.
- Stop This Running Process stops the currently running process one time (this does not delete the registry key).
- Always Stop prevents the application from ever starting.
If the application is legitimate and you want it to start, click No. At first run, you will have to go through this process with every application listed in the Registry's startup section. After you complete this step, Registry Alert will sit in your system tray, waiting for an application to attempt to write to the startup section.
Add custom alerts
To add alerts to sections of the Registry other than startup, follow these steps:
- Right-click the Registry Alert icon in the system tray.
- Click Add New Alerts.
- Navigate to the Registry location to be monitored (Figure B).
- Click the + button to add the alert.
You can add as many custom alerts and monitor any location within the Registry. (Click the image to enlarge.)
Registry Alert will now monitor the location you chose for any new entries. When an installation attempts to write to that location, the standard Registry Alert popup will grace your desktop and await your input.
Registry Alert is a must have for any SMB. You may have to train end users on how to react upon receiving an alert (if they are allowed to install software), though it's worth the time and the effort.Note: You should always have a verified backup before making any changes to the Registry.
Jack Wallen is an award-winning writer for Techrepublic and Linux.com. As an avid promoter/user of the Linux OS, Jack tries to convert as many users to open source as possible. His current favorite flavor of Linux is Bodhi Linux (a melding of Ubuntu and Enlightenment). When Jack isn't writing about Linux he is hard at work on his other writing career -- writing about zombies, various killers, super heroes, and just about everything else he can manipulate between the folds of reality. You can find Jack's books on Amazon, Barnes & Noble, and Smashwords. Outnumbered in his house one male to two females and three humans to six felines, Jack maintains his sanity by riding his mountain bike and working on his next books. For more news about Jack Wallen, visit his website Get Jack'd.