Announcement

Collapse
No announcement yet.

OT - Windows Registry Size

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    My theory on the registry, is that it was primarily for security..... but "sold" on teh basis of efficiency.

    It allows the install programs to spray program pieces so widely over the disk as to render a "copy" from a working machine impossible. You have to have the original disks, unlike DOS or earlier windows where the program resided in one place.

    Sure, it is supposed to use one copy of any dll. But, let that be the WRONG dll version (with the same freaking name, of course!), and lots of programs may stop working.........

    Kind of a "safety paid for with slavery" approach... where the overseers can't add up your hours right....
    1601

    Keep eye on ball.
    Hashim Khan

    Comment


    • #17
      As I said earlier, it originally surfaced in Win16 and was used only to handle OLE binding information. NT 3.51 started using it for some system stuff. Then with Win95 and NT4.0 all hell broke loose and it became the "system database of choice" for any sort of application settings. The "common file tracking" (which was a disaster for reasons stated) came in with the Win95 era as well as a whole host of other things like Security hive and Local Machine (system services setting primarily). The Classes Root hive contains all the COM stuff that had it’s roots in the original registry supporting OLE.

      Exporting a “good registry” and later importing it can absolutely cause your system to become unstable. Any program you’ve installed since the export could have installed it’s own services, applied system patches, DirectX updates, and many other things that depend on settings that will no longer be there. If they “degrade” or recover gracefully with reasonable defaults then all is fine, but many programs are never tested with that scenario and are not prepared to deal with it since that is absolutely NOT a supported or expected action to be taken by the user. It’s akin to going through System32 and randomly deleting files because you don’t recognize the file name. It’s not supported and the results are “not defined”.

      Loading a DLL from anywhere is easy via. the LoadLibrary API, using COM binding, or the PATH (both explicit and implicit) as well as a few other options dependent on the technology (e.g. Fusion for DotNet). The problem comes in when depending on default Win32 loader binding by simple name (what you get with imp lib links). In that case, the loader just recurses the PATH until if finds a matching name based on COFF import tables. It has no way to know if it found the right binary and bad things can happen. This is one of the things that COM addressed by avoiding default Win32 loader binding.
      Russ
      Master Floor Sweeper

      Comment


      • #18
        Originally posted by BadDog
        Exporting a “good registryâ€‌ and later importing it can absolutely cause your system to become unstable. Any program you’ve installed since the export could have installed it’s own services, applied system patches,.

        Yep, I didnt mean to imply it could or should be used for a "rescue disk" type repair. I don’t throw programs on and off my compute much now that it is set with what I use.

        What having a "good" reg can do for you is to get you clear of a viciously embedded trojan or similar spy type ware. Lemme just say, I have been in contact with some malicious ware which is so intertwined through the reg that it took some long manual, discrete combing to clear it out. JRouche
        My old yahoo group. Bridgeport Mill Group

        https://groups.yahoo.com/neo/groups/...port_mill/info

        Comment


        • #19
          ...so it looks like the sky won't fall in if my registry expands to a massive 7.1Mb!

          Thanks guys,

          Ian
          All of the gear, no idea...

          Comment


          • #20
            Originally posted by Evan
            Ever since Windows 3.0 the problems caused by applications adding and changing files in the system directories has cause uncountable lost hours of productivity and headaches for IT people.
            Hi Evan,

            Sorry to disagree, but there's a fundamental flaw in your argument, to wit: Windoze is not an operating system, therefore it can't have "reserved structures" such as system directories and system files.

            The operating system is DOS, which is a single-user single-tasking OS with interrupt handlers. Windoze is a pseudo-multi-tasking applique which runs on top of DOS. Since DOS is not a multi-user environment in the first place, the concept of system security is meaningless.
            Leigh
            The entire content of this post is copyright by, and is the sole property of, the author. No assignment
            of title nor right of publication shall ensue from presentation of this material on any computer site.

            Comment


            • #21
              Sorry to disagree back at you.

              What you say is true of Win9x and it’s variants as well as Win16. But anything based on the NT kernel (NT, 2k, 2003, XP, etc.) is a fully functional multi-threaded, multi-user, OS in it’s own right with no DOS underpinnings of any kind.

              Something else the slashdot crowd will always harp on is security issues, but it also has fully integrated security top to bottom. With a few exceptions which exist in any complex software to varying degrees, very nearly ALL the Windows security flaws are a result of catering to lowest common denominator users where ease of use wins over security. These two goals are always in direct diametric opposition such that getting more of one almost always costs in terms of the other. With only a few relatively minor changes to the default config, my system has been running 24/7 since late last year with NO anti-virus, NO software fire wall (though I do have a router fire wall), and no other protective measures not built directly into windows. These are things that anyone could do having the same relative depth of Windows/Computer knowledge that the typical xNix operator MUST HAVE to get things running and keep them that way. The main point is not running as Admin, though there are others. In all that time, and sitting on a 5MB connection 24/7 for about 8 months now, I’ve not had a single successful attack, virus or otherwise...
              Russ
              Master Floor Sweeper

              Comment


              • #22
                Originally posted by BadDog
                Sorry to disagree back at you.

                In all that time, and sitting on a 5MB connection 24/7 for about 8 months now, I’ve not had a single successful attack, virus or otherwise...

                Ahhh, thats my slow up speed, usually 15M down JRouche
                My old yahoo group. Bridgeport Mill Group

                https://groups.yahoo.com/neo/groups/...port_mill/info

                Comment


                • #23
                  Welcome to registry 101. Take a seat.

                  I learned something about the computer tonite, right on. And the owner of this thread got his answers too. Forum life is good.
                  I seldom do anything within the scope of logical reason and calculated cost/benefit, etc- I'm following my passion-

                  Comment


                  • #24
                    very nearly ALL the Windows security flaws are a result of catering to lowest common denominator users where ease of use wins over security.
                    Uh, no. The vast majority of security vulnerabilities in Windows and associated Microsoft applications are the result of brain dead programmers and a fatally flawed system architecture. The largest category of hacks take advantage of simple buffer overflows. These dump data into ram where it is then executed as an executable.

                    Not only should strict buffer checking be done but it wasn't until XP service pack 2 that anything was done about data execution prevention. This isn't catering to the lowest common denominator. These are programming errors that even a rookie shouldn't be making and on a system that allows such errors to utterly compromise it.

                    Windows has more holes in it than a screen door. It has more patches on it than a raggedy ann doll. In the first year after Win XP release to manufacturing 305 serious problems were found. Five of those problems had the possibility of instantly on the next reboot scrambling the file system beyond recovery. Dozens of those problems were critical security vulnerabilities. The total number of critical security vulnerabilities that have been found in Windows of various versions numbers in the thousands.

                    As a point of comparison, in the first eight years after the OpenBSD operating system was released (a UNIX variant) only one significant security vulnerability was found. Just one (1).
                    Free software for calculating bolt circles and similar: Click Here

                    Comment


                    • #25
                      And do you realize that the vast majority of those exploits (which exist in all complex systems, even xNix, though generally found and fixed quicker and less severe since EVERYONE in that camp knows you don't run as root day in and out) are not viable without access to an admin token? If the security hole exists in an application using limited credentials, then the damage is also limited. WinNT Kernel security is quite robust in spite of the common opinion so many are so quick to trumpet. But when you do have a buffer overflow on the stack such that you can replace (typically) the return address and cause your code to execute, and that thread happens to be running with admin credentials, then you are OWNED. I've worked on these systems for years on both sides of the fence from DOS to mainframes and including xNix systems as well, wearing both black and white hats, and I can tell you flat out that 99% of the common vulnerabilities associated with modern windows system RELY on having access to an elevated token, and that is a direct result of users conditioned to think running as admin is acceptable.

                      As I said, I was challenged to put my “money where my mouth is” by a colleague over half a year ago. Due to lame programs from both MS and (mostly) third parties, running as non-admin, and particularly doing dev work as non-admin was quite painful in the beginning, but once I got a few things ironed out and some procedures in place, it’s not that bad. In that time, and I am on this machine CONSTANTLY with no protective software what so ever, I have had not one single issue with virus, Trojan, or spy/mal-ware associated problems. And that includes intentional exposures at the direction of some of my Linux head buddies who were predisposed to want to see this experiment fail. They are strangely silent on the matter now and I am actually quite surprised at how much better the system runs (stability and perf wise) without the anti-everything garbage and bloat-ware on the system. Frankly, I’ve come to realize that the low level hooks used by anti-whatever were what caused the marginal instabilities I had before my last repave and experiment. Since then, my system has BSOD twice in over 6 months of running, and both were due to an ATI video driver that was fixed with a update from ATI...
                      Russ
                      Master Floor Sweeper

                      Comment


                      • #26
                        Oh, and don't take that to mean I'm drinking the MS coolaid. I know they have flaws and have been far too slow to respond to issues like this (such as data page execution locking), you have no argument out of me there. My problem is with the endless legions of slashdot parrots overstating and skewing/exaggerating the problem and its causes simply from hear-say. You and anyone else are very welcome to your opinions, but I have quite another opinion based on my 20 odd years in all facets of the industry.
                        Russ
                        Master Floor Sweeper

                        Comment


                        • #27
                          Bad dog,

                          The most commonly used operating system for the home user at this time is XP Home. It doesn't have an option to run as anything other than admin. Yes, it has a "guest" account but that account is so restricted it is unusable and the permissions cannot be changed.

                          So, with XP Home you must run as admin, you have no choice. This automatically exposes all possible vulnerabilities. This is Microsoft's choice. It was an extraordinarily bad choice. It is consistent with their incredible lack of concern with security and reflects their long term inability to secure the system.

                          The experience with Open BSD does not depend on running at reduced privlege level. It is secure and security is the priority of the Open BSD community. You can safely run as root on an Open BSD system.

                          Having said that it is possible to secure a Windows system, at least an old one. I run my servers on Win 98. I have completely customized the system and don't even have file sharing enabled. I run them in the DMZ with only a software firewall. In four years they have never been compromised. The applications I run have no known vulnerabilities. Of course, none of the applications are from Microsoft.
                          Free software for calculating bolt circles and similar: Click Here

                          Comment


                          • #28
                            I am running XP Pro, and the window I'm using at this moment is running as a custom user account with very specific limited privileges that pretty much guarantee that I could click a link direct to a virus or trojan and it wouldn't be able to do a thing. There is another window running right now (at the same time) in the same "Windows Station" (which is the thing that has the Explorer desktop for it's UI) running with full admin privs.

                            I can’t speak for XP Home as I’ve had little cause to fool with it other than limited application defect reproduction and debugging (usually via network connection), but I’m pretty sure that while there may or may not be a user manager UI on the start menus, the config msc is still there for use should I choose to seek it out. Again, assuming I’m right (I lack motivation to load an image to see) the key to securing it would be a level of knowledge and skill comparable to the “average” Linux user.

                            But I whole heartedly agree that the default install, which is all most people will ever even think to use, is completely brain dead. That’s what I said earlier about the focus on making it as easy as possible, even at the expense of security. That’s not a flawed design or stupid programmers at MS, it’s the technological impact of a marketing decision. A rather successful one in spite of the consequences I might add. Whether it was the “right” decision is a debatable one and we won’t settle that here, but it’s not an inherent flaw or limitation in the system, but rather an artifact of default/typical config, which itself is a result of marketing pressures/requirements.

                            Funny that you feel a Win9x system can be secured, but not an NT Kernel system. On 9x, where there is no security sub system at all and no resources are protected in any way, ANY compromised process/thread can do anything in the system. And whether there are “known vulnerabilities” or not, I can pretty much feel confident in saying that if I were sufficiently motivated I (or anyone with knowledge and motivation, I’m by no means special) could “own” your W98 system without much difficulty even without social engineering (which I would assume you are to savvy to fall for easily, making a tech attack simpler in that case).

                            Finally, unbiased studies (plural, not just one) by security interested third parties (one of which was biased to find against MS and who I have worked for, though not on those studies) have shown that on the average, MS applications are no more generally susceptible to tech attacks than industry mean, and in some notable cases were actually MORE “secure” (various definitions) than other applications that were much more highly regarded in groups with strong anti-MS sentiments like the quintessential slashdot. The noted difference was that, because of the prevalence of the MS application’s (and OS) installed base, the motivation for identifying and sharing exploits of MS among the generally anti-MS hacker community is much, MUCH higher than for any other segment. And since the majority of the hacker community IS anti-MS and generally holding MS application security in low regard (rightly or wrongly, as we are discussing), they far more often target MS applications for their spelunking expeditions and internal rivalries. So, larger installed base and a perception of lack of security provides the impression of MUCH higher return on their investment to discover vulnerabilities. The only significant balancing force is the typically higher regard of their peers for finding exploits against those applications that are considered “more secure” in the community.

                            Your the first Nix proponent I’ve ever spoken to who feels consistently running as root would be ok. But then I’ve not been involved more than cursorily in that community for many years. But in any case, the statement that “is the priority of the Open BSD community” has absolutely nothing to do with the wisdom of running as root all the time. There is no way, none at all, that any complex system can be *known* to be 100% secure. Security” is ALWAYS a matter of degrees in an attempt to push “cost of success” to a level high enough to over balance the “perceived value” of conquering. Understanding this and determining this balance point is a big part of a process known as “risk assessment”. Claiming otherwise is to be wearing an enormous set of blinders and is best left for politicians and marketing directors. Assuming we can agree on that point (and if we can’t there is no point in this discussion), then running as “root” is just dangling that ripe fruit of full privs and eliminates the most difficult aspect of “hacking” a system, which is the effort to find a way to elevate your privileges to “root” once you’ve gained the ability to execute your arbitrary code. Generally, finding a way to execute your code on an arbitrary remote system (regardless of OS or software producer!) is not that hard to accomplish (modulo firewall restrictions and such). It’s finding a way to elevate your privs sufficiently to accomplish your goals that is FAR more difficult, and running as “root” eliminates that larger hurdle. Which brings us back to my initial assertion AND the reason anyone serious about security would/should never consider running as root/admin unless the process in question MUST have those privs.

                            It’s obviously far more complicated than either of us likely understand, or would care to take the time to express on a public forum even if we were convinced we had a full understanding, but making sweeping statements about the inherent inferiority of Windows security as was done on this thread is far to broad and absolutely incorrect.

                            On a positive note, the next MS OS uses a reduced priv “limited admin” account for the default operation of the computer, only elevating to “full admin” privs for applications where it is required. This seems to be a significant step in the “right direction” but it remains to be seen how the general consumer community will react to this as it does require a bit more interaction and awareness of security. Discussing it further would risk violation of NDAs so I’ll stop there...
                            Last edited by BadDog; 07-14-2006, 01:53 PM.
                            Russ
                            Master Floor Sweeper

                            Comment


                            • #29
                              There is no user manager or config.msc in XP Home. It is possible to control the registry remotely and the system can be somewhat more secured that way but that isn't possible at the normal home user level. This isn't just a matter of default configuration, the entire permissions and control substructure in XP Home has been kneecapped.

                              The problems in Windows are most certainly programming problems. The continuous parade of security vulnerabilities are based in sloppy programming. These mistakes run throughout the OS, everywhere from the TCP/IP stack to the graphics display subsytem. There was even one found last year nicknamed the "JPEG of Death" that allowed a complete compromise of nearly all windows versions by the user merely viewing a jpeg image, regardless of the source of the image and regardless of the Microsoft application used to view the image.

                              I don't advocate running as root on 'nix. Not all versions are as secure as Open BSD. Open BSD is an exception and has been developed from the start as a secure OS. Not a single vulnerability was found in the first six years. I'm talking about vulnerabilities to outside attack over a network connection, not from the console. A person at the console automatically owns the machine and nothing can be done to stop that.

                              As for securing Win 98, it isn't hard to do. The only ports that are open lead to the secure applications I run. Furthermore, those applications have been configured for maximum security. For instance, there is no admin account on the FTP server and no public anon account. Passwords are minimum 10 characters. Same goes for the web server and I do not run PHP or Pearl and no web admin. Nothing runs at default settings. All admin is done from the console or via FTP which is limited to file transfer. Access to the FTP server is IP masked.

                              People certainly have tried to break in but none have succeeded. I have considerable experience breaking systems and a lot of tools that will shortly be illegal in this country when they sign an international treaty this fall. I keep them under triple DES for security reasons.
                              Free software for calculating bolt circles and similar: Click Here

                              Comment


                              • #30
                                I can't imagine why you think 98 is easy to secure but XP is hard, but oh well. I would rather be beaten that ever run 98 again. I'll also concede the point on XP Home user manager and trust to your accuracy since I have no handy image and no inclination to apply the effort to either confirm or deny. I don't do any sort of IT work so it's not in my main sphere of knowledge.

                                Well, sounds like we are both professionals with strong backgrounds in the area but differing conclusions. Much like 2 experience auto professionals, one is a die hard GM fan, the other considers only Ford worth owning. Seems we agree on the important points, we just disagree on some of the OS specific applications of those points, so should probably just agree to disagree and let it go... One of my old colleagues used to say that “this is a point upon which reasonable people may disagree”. It IS good to see that you have knowledge on which to base your opinions rather than just parroting the anti-MS line like so many I run across.

                                It’s been a pleasure discussing this, but I use hands on machine work and fabrication to get a break from the virtual world of my professional career. Take care.
                                Last edited by BadDog; 07-14-2006, 05:12 PM.
                                Russ
                                Master Floor Sweeper

                                Comment

                                Working...
                                X