How Secure is the Vista Registry?

Dennis Faas's picture

We've noted in the past how easy Windows Vista makes it to track your computing habits and all the information it maintains. Joe Wilcox from Microsoft Watch has a disturbing article that shows how dangerous the Windows Vista registry can be.

After searching his Windows Vista registry he found some disturbing personal information such as his name, address and phone number, online account user names, software registration codes and some information that identified some of his online accounts. Needless to say, coming across that information didn't give him a warm and fuzzy feeling.

This time, none of the information he found was put there by Windows Vista. All the information was created by third-party software or services.

Yankee Group Security Research program manager Andrew Jaquith says the Windows registry makes application developers' lives easier by providing a centralized API (application user interface) for reading and writing configuration settings. All a developer has to do is make a few Win32 API calls in their code and Windows will take care of managing all of that information for you.

"The registry is a relic of a bygone era. I suspect that Microsoft knows this, and indeed in Vista certain aspects of the registry are 'virtualized.' User-specific registry calls now redirect the physical read-write operations to files that reside in user directories, although from the developer perspective the API calls are basically the same." Jacquith said. He also noted that even with Windows Vista the registry is still a dumping ground for who-knows-what.

From the information contained in his registry about the accounts, someone else could get passwords or other information with little difficulty.

Can your privacy be compromised by registry entries?

Absolutely. "Because the registry centralizes application configuration information and user preferences, it also becomes a natural target for malicious parties who want to mine the registry for information, install 'run keys' that execute spyware when the computer starts up and the like" Jaquith warned.

Sunbelt Software president Alex Eckelberry warned of possible registry mining in spite of Microsoft's efforts to harden Windows Vista security.

"Probably the biggest issue with the registry is the Protected Storage Area. I've personally seen data in keylogger files that are directly from this area—and since it stores all the form data from Internet Explorer, it can be quite compromising. Users can turn off IE from storing this data but many people don't even realize it's stored in this manner" Eckelberry said.

Jacquith also emphasized the fact that "unless and until third-party developers stop doing dumb things, we're going to see more and more registry issues pop up."

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet