Reply to: Latest Macro Virus Worm How Does It disable ....

Re: re

read/write rights to that file should be limited to Admin and internal system account.

re

but isnt the registry just a huge text file? ie. system.dat or something?

Well I get that

When I created a secure payments application
the NT Server had reasons to use the registry.

So as part of the code I put some very heavy security
around certain values in the registry.

The point was that in some cases the security was heaviest
around dummy values entered into the registry.

Thus any hacker would probably have been keen to get
at these values since they were so well protected.

What the article implied was not individual protection
on certain keys ( in which your post is very correct )

but the entire registry.

I kind of concluded that they could somehow get at the
administrators group on the local machine to actually
stop access to the registry.

re

not 100% sure what the question is here so if I'm way off, apologies now.

Each registry key can have privileges assigned to it, ie. who can read it, who can edit it, who can delete it etc. etc. When a program writes a value to the registry (new or existing) it can specify the privileges required to read/edit/delete etc. normally the program is running within the context of a user (the person running the program) and so the default security requirements for the registry key include the users security info. If you wanted to make a special registry key *extra* secure your code just supplies another security identifier, ie one other than the current users. this method will ensure that no-one or thing can access the registry key except for your code. I use this method regularly to store sensitive data in the registry (database connection attributes etc.) the only way that anyone can change these values is via the supplied 'admin' tool. This ensures that 'fred bloggs' can't go messing around in the system registry and completely **** up the application. It also helps to ensure that the sensitive data is kept hidden from prying eyes.

hope this explanation helps...

D

re

maybe something to do with the murky world of assembly code