| Registry | The Registry is a crucial element of Windows. Loss of the Registry will mean that few applications on the hard disk can be used without re-installing them.
The Windows Registry is a set of data files used to store the settings that Windows uses to control hardware, software, and Windows itself. These files are special files that are treated as a "database". A database is a collection of data stored in files with a specific structure to them.
The Registry data files cannot be read by simply opening them in a text editor such as Notepad or Microsoft Word. These special files must be read from, and written to, using a special program written specifically for that purpose. Windows includes such a utility in all versions that make use of the Registry. This utility is called regedit.exe.
The Windows Registry is organized in a tree-like folder structure, similar to what you see in Windows Explorer when looking for a file on your computer. The top level "folders" of the Registry are called "hives". The most important hives to know if you need to edit your Registry are
HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER.
Subfolders of these top-level "hives" are called "keys". Subfolders of keys are called "sub-keys". And finally, the actual data stored within the keys, such as specific settings, are called "values".
You should always use extreme caution when editing your Registry as there is no "save" function. All the changes you make are immediately effective as soon as you type them; so if you make a mistake in the wrong place, you could cause your computer to become unstable, or worse, prevent it from even starting up. That said, in most cases, if you carefully follow instructions, you CAN safely edit the Registry.
Spyware, adware, Trojans and other pests will normally seek to start up automatically each time you start your computer. Windows uses a special Registry key to store the settings for the programs to start automatically on booting up. Using the Registry editor (regedit.exe), you can navigate to this key using the following path:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Each value in this key is a different program that will run at start-up. Often when trying to remove various forms of spyware or adware, Trojans, etc., you will need to locate the offending program in this key and delete it.
To back up the Registry, back up user.dat and system.dat, which are hidden files in the windows directory. These 2 files comprise the Registry. Alternatively, use the 'Export Registry File' menu option within regedit itself. |
| Registry key | A cell of information used internally by the operating system; it may contain different type of data. |
| Remote Administration | A system's capability of being administered (operated) via a connection from a remote external terminal.
This is a legitimate requirement, and there are many legitimate software applications that can provide this facility. However, it s also a function of many Trojan Horses (such as Back Orifice and Sub7). In some cases, the developers of such software attempt to reclassify their products as commercial 'remote administration' tools. This is normally done by 'selling' the tool openly via a website. The purpose is almost certainly to make it more difficult for anti-virus producers to automatically remove them as malicious Trojans, since removal of a legitimate remote administration tool would have legal implications. (The better AV products are likely to detect the product and ask the user if he or she would like it removed.)
As a rule of thumb, we would suggest that any remote administration tool that openly declares itself is probably legitimate, while those that disguise themselves and hide from the user should be classified as Trojans.
Ironically, many security administrators consider the feature-rich Back Orifice Trojan to be the best remote administration tool available. |
| Retro-virus | A retro-virus is a virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state. |
| Root | Root is the name given to the 'superuser' account on a Unix system. The account ignores permission bits, so anybody using this account has complete freedom within the system. Gaining root is thus the primary aim for anybody attacking a Unix system.
“Whoever has root sets the permissions; whoever sets the permissions has control of the entire system. If you have compromised root, you have seized control of the box (and maybe the entire network).”
Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network. |
| Rootkit | Rootkit is a cracker tool that captures passwords and message traffic to and from a computer.
It is software designed to replace specific components of an operating system, so that once installed it creates back doors in the compromised system, allowing continuous system access to the cracker.
Usually, the installation of a Rootkit is the first step performed by a cracker after penetrating a system, allowing the cracker to re-access the system, even if the root password is changed, or if a system reconfiguration is performed.
Rootkit is a classic example of a Trojan Horse. |
| Router | A hardware device connected to a host on a LAN that acts as a gateway between two different networks. |
| RTF - Rich Text Format File | This is an alternative format to the DOC file (see DOC) which is supported by Microsoft Word. Files can be saved, with most of their formatting information intact, and then loaded back into Word as RTFs instead of DOCs.
RTF files are actually made up of ASCII text, with formatting commands embedded in them. For example, a word that appears in boldface would be marked in an RTF file using the characters . RTF files cannot contain macros, so they cannot be infected with a macro virus.
This provides a useful way of communicating with people outside your company. By sending documents in RTF, you effectively do away with the possibility that you might transmit a virus by mistake. Your recipients will be able to read your file directly into Word, and even to convert it back to a DOC file if they wish. But if it is then found to be infected, you will know that the infection was introduced after it reached them.
Note that the process of converting from DOC to RTF is imperfect. Some formatting features that are possible in Word do not survive the journey from DOC to RTF and back. Before committing to using RTF for sending and receiving email attachments, you may need to experiment with the conversion of common company documents. This will soon reveal any potential layout problems. You may need to simplify some formatting tricks that you are accustomed to using, but you will almost always find there is a simpler way to achieve the same result.
There is an important caveat here -- you cannot assume that a file really is in RTF simply because its has an RTF extension. There are some macro viruses which intercept the attempt to save a file as RTF and force it to be saved as a DOC file, but with an RTF extension. If someone sends you such a file via email, and you double-click it, Word will attempt to load the file. Since Word recognizes it as a DOC file, despite its name, it loads it as a DOC file and activates the virus.
Fortunately, it is easy to check for yourself that an RTF really is what it claims. Try looking at a DOC file and an RTF file using NOTEPAD. The RTF file will load as legible ASCII text, starting with |
Powered by