Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tracking Changes to a Windows System?

Posted by Cliff on from the following-your-registry dept.

The Watcher asks: "I was at my parents house over the weekend trying to remove various adware/spyware/annoying software, things like Kazaa, Bonzi Buddy, etc.. During this I thought it would be helpful to know things like exactly what files/folders were created/modified and what registry entries were created/modified by an installer program so that I would not have to rely on the supplied uninstaller that only removes a selected subset of what was installed. So what are some preferred utilities out there that work well for this purpose?"

8 of 86 comments (clear)

  1. SpyBot and Adaware do this for you: by peen · · Score: 1, Insightful
    SpyBot - http://www.safer-networking.org/

    Adaware - http://www.lavasoftusa.com/software/adaware/

    Both are freeware.

  2. Install is only part of the problem by GoRK · · Score: 3, Insightful

    Some of these programs create certain files and registry keys when they are installed; but many applications create MORE files and registry keys when they are first run or possibly even each time they are started... This is particularly true of spyware-containing applications that check to make sure the spyware is there and active each time they start up. Monitoring the installer is only half the battle.

  3. No admin! by Mr.+Darl+McBride · · Score: 3, Insightful
    Mom and dad should not have administrator accounts. Get them running 2000 or XP and lock stuff down so they can't add all that crapware.

    Give them an account named "install" that has admin, and explain that it's very dangerous to use that for anything but installing store-bought CD software.

    1. Re:No admin! by Kevster · · Score: 2, Insightful
      You obviously haven't had to administer Windows XP Home for Dad. My Dad downloads and installs software on his own all the time, and while that leads to disaster sometimes (Hotbar), it also means I don't have to run over there every time he needs a system change. He recently bought a 120 GB drive to upgrade his half-full 20 GB drive (his neighbours got a 80 GB drive and I guess he couldn't bear them having a larger hard drive than him), and asked me to install it for him, not realizing that it meant re-installing all of his software. This meant painstakingly locating all the software he downloaded to who-knows-where, and in some instances re-downloading it from a link in an ancient e-mail. I'm still not done after several visits.

      That's not all. Did you know that there are only two types of users in XP Home - computer administrators and users? And you can't create new groups with the built-in utilities, since Microsoft felt that no home user would need more than those two classes of users? And you can't disable accounts, only create and delete them? And you can't even grant Users read/write access to the necessary files and folders (for badly written programs that expect to be able to write to C:\Program Files\... as a regular user) because the right-click context menu for Security doesn't exist?

      Just try installing a random dozen off-the-shelf programs as Administrator and see how many work at all as a user. People here complain all the time how much better Windows is than Linux for home users, but they assume Win98 (with no real security) or WinXP used as administrator all the time.

      It's sad, really, since it's far from rocket science to write programs that only need My Documents and HKCU write access to run properly. This harkens back to another current topic about whether making Linux easier to use will make it more susceptible to viruses and the like. The answer is no, so long as those who write the programs and create the distributions have the self-discipline to stick to the correct user/root separation that has always been the hallmark of Unix programming.

      --
      I always equivocate. Well, almost always.
  4. Re:Use some security by obeythefist · · Score: 1, Insightful

    Don't rely on the security through obscurity that OS/X and *nix are enjoying right now.

    See, eventually Mac emulation of x86 will become so good that spyware will install just as readily on the mac.

    Or, alternatively, the marketing guys will realise that Mac users are great for spamming/spying on because we already know a couple of things about them that makes them great targets!

    For starters, we know they have lots of money because they bought a mac.

    Secondly, we know they would rather pay lots of money for a computer because it's "grape" or "blueberry", irrespective of actual real-world performance. These mac users are people who you can sell anything to if your marketing is right!

    Conversely, Linux users will be spared because we all know they're too cheap to *pay* for an O/S.

    Flame away!

    --
    I am government man, come from the government. The government has sent me. -- G.I.R.
  5. Re:Use some security by Gsus411 · · Score: 2, Insightful

    One, the operating system is Mac OS X, not "OS/X."

    Two, what are you talking about with x86 emulation? Sure, you can already get spyware running on a Mac by running Windows in VirtualPC. I somehow doubt, however, that Apple is building something like Wine into the OS and coupling it with x86 emulation. Even so, it would be like installing Windows spyware on a Linux box under Wine. Some simply won't work because they do tweaky stuff to the system at a low level. Others might be made to work through heavy tweaking. It wouldn't be something that users just blindly install without knowing what they are doing. If any Mac spyware is to be made, it's gonna have to be native to the OS. Windows and Mac OS X are far different architecturally to do what you claim will happen.

    Three, not all Mac users have lots of money. I myself am I high school student who works part time after school. My Mac is a 500 MHz iBook I bought used for $600 after working for a summer. I bought it simply because I adore Mac OS X and prefer it to any other OS. I didn't buy the iBook because it's pretty. Besides, your choice of color thing doesn't apply. This thing only came in white. The only thing Apple sells today with multiple colors are those new iPod minis.

    You seem to think performance is all that matters for some reason. If I wanted performance, I'd be trying to get big iron from Cray, NEC, SGI, IBM, or Sun. Maybe even huge linux based clusters. Why don't I have these kinds of things? One, I don't have the money. Two, I don't have a need for that kind of performance. This little iBook here meets my needs perfectly. It is small enough for me to carry around to all my classes, powerful enough to do the admin work I do after school, and it's a *nix environment where I can play around. It's a godsend in my Cisco cert classes. Not to mention how nifty Cocoa is....

  6. Re:installwatch pro by zero_offset · · Score: 2, Insightful

    If I understand it correctly, this is intended to be run manually before an intentional installation. It doesn't appear to just run in the background and log activity, as the article requests. (I didn't install it, so I might be wrong -- am I?)

    --

    Slashdot quality declines as the number of hot grits posts decreases. - Provolt's Law, Apr-09-2005

  7. Re:I'm a Big Fan Of GoBack by Chess_the_cat · · Score: 1, Insightful

    Windows XP ships with System Restore built right in. Same thing.

    --
    Support the First Amendment. Read at -1