madSecurity or madCodeHook

delphi package - easy access to security apis

madSecurity or madCodeHook

Postby xrfang » Thu Mar 30, 2006 1:56 pm

hi Mathias,

I am studying how to use madSecurity, and found in the forum that lots of people use madSecurity to control access to the registry!

My question is, if I want to protect certain keys in the registry (for parental control or anti-spyware purpose), should I use madCodeHook, or madSecurity? If both are possible, which one is better/simpler? (btw, does madSecurity work for win9x?)

Finally, if it can be done by using madSecurity, could you please give me a simple but complete example? (for example protect the HKLM\...\Run key).

Thanks a lot!
Shannon
xrfang
 
Posts: 68
Joined: Mon Feb 28, 2005 7:29 am

Postby madshi » Thu Mar 30, 2006 5:05 pm

You can try the madSecurity approach yourself by using RegEdit. Just limit the access for specific users. If that approach is good enough for your purpose - just go on and use it! Please test with some non-important test keys first, though, so that you don't hang up your OS accidently!

madSecurity generally also works in win9x. However, since the win9x OS family doesn't support registry access restrictions, this part of madSecurity will simply indicate failure in win9x.

madCodeHook is more difficult to realize and is the less clean solution, but it might also be more powerful.
madshi
Site Admin
 
Posts: 9645
Joined: Sun Mar 21, 2004 5:25 pm

Thanks

Postby xrfang » Fri Mar 31, 2006 2:22 am

Thanks you....

I will do madSecurity test asap. 2 further questions: :D

1) As madSecurity in fact operate certain registry keys, this can also be acomplished by using the regedit. Is it possible that I disallow the usage of registry editor for some user? Further more, what will happen if a user use a 3rd party program (e.g., RegEditX by dcsoft) to edit the registry?

2) Is it convenient that you point me a way (an example) of madSecurity (like I said in the previous post)?
xrfang
 
Posts: 68
Joined: Mon Feb 28, 2005 7:29 am

Re: Thanks

Postby madshi » Fri Mar 31, 2006 7:41 am

xrfang wrote:1) As madSecurity in fact operate certain registry keys, this can also be acomplished by using the regedit. Is it possible that I disallow the usage of registry editor for some user? Further more, what will happen if a user use a 3rd party program (e.g., RegEditX by dcsoft) to edit the registry?

The whole registry security access right scheme makes sense only if you fully take away the access rights to the keys for the current user. As a result even if the user can start regedit.exe, he can't himself get the access rights back. Only a user that still has rights to change the security attributes can change the settings again.

However, if you take away *all* access rights, auto run will not work, anymore, because then even the explorer can't read the run key, anymore. So ideally you should leave read rights intact, while only removing write/change rights. A bit tricky, but it should be possible.

xrfang wrote:2) Is it convenient that you point me a way (an example) of madSecurity (like I said in the previous post)?

Please first test with regedit.exe whether it works. If you find out that it does what you need, we can talk afterwards about how to realize this with madSecurity.
madshi
Site Admin
 
Posts: 9645
Joined: Sun Mar 21, 2004 5:25 pm


Return to madSecurity

Who is online

Users browsing this forum: No registered users and 1 guest