madshi.net

[xrfang]

hi Mathias,

I am studying how to use madSecurity, and found in the forum that lots of people use madSecurity to control access to the registry!

My question is, if I want to protect certain keys in the registry (for parental control or anti-spyware purpose), should I use madCodeHook, or madSecurity? If both are possible, which one is better/simpler? (btw, does madSecurity work for win9x?)

Finally, if it can be done by using madSecurity, could you please give me a simple but complete example? (for example protect the HKLM\...\Run key).

Thanks a lot!
Shannon

[madshi]

You can try the madSecurity approach yourself by using RegEdit. Just limit the access for specific users. If that approach is good enough for your purpose - just go on and use it! Please test with some non-important test keys first, though, so that you don't hang up your OS accidently!

madSecurity generally also works in win9x. However, since the win9x OS family doesn't support registry access restrictions, this part of madSecurity will simply indicate failure in win9x.

madCodeHook is more difficult to realize and is the less clean solution, but it might also be more powerful.

[xrfang]

Thanks you....

I will do madSecurity test asap. 2 further questions:

1) As madSecurity in fact operate certain registry keys, this can also be acomplished by using the regedit. Is it possible that I disallow the usage of registry editor for some user? Further more, what will happen if a user use a 3rd party program (e.g., RegEditX by dcsoft) to edit the registry?

2) Is it convenient that you point me a way (an example) of madSecurity (like I said in the previous post)?

[madshi]

1) As madSecurity in fact operate certain registry keys, this can also be acomplished by using the regedit. Is it possible that I disallow the usage of registry editor for some user? Further more, what will happen if a user use a 3rd party program (e.g., RegEditX by dcsoft) to edit the registry?

The whole registry security access right scheme makes sense only if you fully take away the access rights to the keys for the current user. As a result even if the user can start regedit.exe, he can't himself get the access rights back. Only a user that still has rights to change the security attributes can change the settings again.

However, if you take away *all* access rights, auto run will not work, anymore, because then even the explorer can't read the run key, anymore. So ideally you should leave read rights intact, while only removing write/change rights. A bit tricky, but it should be possible.

2) Is it convenient that you point me a way (an example) of madSecurity (like I said in the previous post)?

Please first test with regedit.exe whether it works. If you find out that it does what you need, we can talk afterwards about how to realize this with madSecurity.