Microsoft Windows is dominating the software industry market with their wide collection of operating systems and software applications. However, even with the success of the company, several people talented in using computers concluded that Windows operating systems are lame and prone to malicious attacks compared to other operating systems such as the Mac series.
Windows system registry or simply coined as Windows registry is the backbone of every Microsoft operating systems. It contains settings for files, functions, and how the operating system should perform its function. These settings can be as simple as changing the path for the screen saver on your desktop and can be as complex as networking standards and managing guest accounts.
Windows registry is included in modern Windows operating systems to replace the older INI files which also contained system configuration. Let's concentrate on the structure and purpose of Windows System Registry and show some concerns that makes it vulnerable to attacks.
Windows registry is a hierarchical database containing information or configuration of hardware and software settings for the operating system and other software applications. The registry is presented through a Graphical Unit Interface (GUI) application regedit.exe. This application makes modifying any value in registry an easy task.. Windows registry also contains settings including those for the hardware, software, users, and other preferences on a computer. Whenever a new application is installed or an administrator changes some settings from the Control Panel, corresponding changes with the settings of the computer?s preferences are made to the registry.
The registry is divided into sections or most commonly known as hives. There are five major hives in most Windows operating systems including Windows XP however, few were added and other hives were changed as Microsoft continues to develop reliable and secure operating systems. The major hives include HKEY_CLASSES_ROOT (HKCR), HKEY_CURRENT_USER (HKCU), HKEY_LOCAL_MACHINE (HKLM), HKEY_USERS (HKU), and HKEY_CURRENT_CONFIG (HKCC). Older operating systems including Windows 95, Windows 98, and Windows ME contain the HKEY_DYN_DATA hive which contained Plug and Play devices information.
Hives are considered the higher level key and contain sub keys with their corresponding value. A sub key may contain one or more value with different data types. REG_UNKNOWN, REG_SZ, REG_FILE_NAME, REG_LINK, REG_MULTI_SZ, REG_QWORD, REG_NONE, and REG_DWORD are among the many data types used with the registry.
HKEY_CLASSES_ROOT contains information and configuration of registered applications including file association and object linking and embedding (OLE). It connects the file to the right application that can open the file when using Windows Explorer.
HKEY_CURRENT_USER contains information for the currently logged-in users. Control Panel settings are also stored here along with the user?s folder and screen color. It is some times tagged as the user?s profile.
HKEY_LOCAL_MACHINE contains information of the computer shared among its users. Sub keys include hardware, SAM, security, software, and system.
HKEY_USERS contains information and settings of all users of the computer. HKEY_CURRENT_USER is a sub key of HKEY_USERS where it only contains settings for a specific user.
HKEY_CURRENT_CONFIG contains hardware profile information used during system startup. Sub keys include software and system.
Like any other executable in Windows, the registry can be accessed by using the Run box and issuing the regedit.exe or regedt32.exe command. Other way of opening the application is by directly accessing the path where it is located. Is most computers, the registry can be accessed through C:\WINDOWS\ considering C: as the drive where Windows is installed.
Once registry is loaded, entries can be manually updated by the user and results will take effect immediately. As a precautionary measure, if a user is curious about updating registry entries, it is strongly recommended to keep a back up of the existing setting. Accidentally changing any registry settings can change the performance of an application and worst, it can even ruin the entire computer system.
Because of the popularity of Windows operating systems, many computer enthusiasts are experimenting several ways to hack the systems. One of the best targets by these attackers is the registry since it contains all configurations necessary for the computer to function normally.
Some lowly coded worms and viruses are making their ways in changing registry settings and causing devastating effects on a victim?s computer. Most worms created with *.vbs extensions are able to make changes to the registry by simply running the source file. Some of these viruses are attachments through emails.
Now that you know the importance of Windows registry, you may do minor settings directly by accessing the application. But be aware of the effects caused when wrong information is set.