Allowing Registry Modifications

G

Greg Wilkerson

Can I configure Windows Defender to ask for my approval BEFORE any changes to
the run sections of the registry are modified? Ad-Aware is excellent at
this. Windows Defender tells me about the modifications, but then I have to
go into the program and search through the running programs to get it out.
Quite honestly, I don't want ANY program modifying my startup group or the
run sections of the registry without my approval. Period.

I'm specifically referring to programs like ActiveSync and the stuff that is
used to detect my iPods when I connect them.

TIA,

Greg
 
B

Bill Sanderson

I don't think so.

I've said before that Windows Defender is not a tool to allow the user to
choose what specific behaviors to allow on their system. It is based on
classification of the running code--and the kinds of issues you mention are
with code which is not classed as malware, and which you have knowingly
chosen to allow to run (or at least related to processes you've
allowed!)--but has specific behaviors you want to suppress.
 
G

Greg Wilkerson

Thanks Bill,

Interesting. You mentioned code that I "have knowingly chosen to allow to
run". I don't recall knowingly allowing any of this stuff to run; the
decision was made for me. I would like a little control of what is
allows/disallowed. That seems to be very, very limited. Just being notified
that something modified the run sections of my registry isn't enough.

I suppose I'm trying to justify using this program to replace some of the
other malware detection stuff I have. This doesn't completely accomplish
that. Also, it seems a little too "Big Brother" for me.

--
Greg Wilkerson



Bill Sanderson said:
I don't think so.

I've said before that Windows Defender is not a tool to allow the user to
choose what specific behaviors to allow on their system. It is based on
classification of the running code--and the kinds of issues you mention are
with code which is not classed as malware, and which you have knowingly
chosen to allow to run (or at least related to processes you've
allowed!)--but has specific behaviors you want to suppress.
Click to expand...
 
B

Bill Sanderson

You've chosen, say, to run Apple's Itunes-but you don't like that it puts
something out there to connect to your Ipod. Itunes is listed in your add
or remove programs listing, and can easily be removed.

So--your installation of Itunes was presumably voluntary, although the
additional and undesired (by you) behavior was unexpected. You're expecting
Microsoft to enable you to change the behavior of Apple's software on your
system--can you see why this might be a problem? Microsoft is providing the
OS, which is supposed to be an even playing field for all app vendors.

Can you expand a bit on the "big brother" remark? I think I know what you
mean--the question is how does an app get on the "bad" list.

Microsoft claims this is an objective process, and describes it here:

http://www.microsoft.com/windows/products/winfamily/defender/analysis.mspx



Greg Wilkerson said:
Thanks Bill,

Interesting. You mentioned code that I "have knowingly chosen to allow to
run". I don't recall knowingly allowing any of this stuff to run; the
decision was made for me. I would like a little control of what is
allows/disallowed. That seems to be very, very limited. Just being
notified
that something modified the run sections of my registry isn't enough.

I suppose I'm trying to justify using this program to replace some of the
other malware detection stuff I have. This doesn't completely accomplish
that. Also, it seems a little too "Big Brother" for me.
Click to expand...
 
G

Greg Wilkerson

Hi Bill,

I see your point on my voluntary installation of iTunes. So, Windows
Defender automatically assumes anything I have installed is permitted.
That's nice to know and I'm fine with that. The behavior of software that I
do not like by iTunes, and many other progrems, is repeatedly modifying the
run section of my registry everytime I start them. This is really systemic
problem with software vendors as a whole. In the case of ActiveSync, it
blocks the use of my "phone as a modem" functions and it's too big a pain to
shut down (you actually have to go to task manager). So, I choose to start
it manually. But, everytime I do it modifies the run section of my registry.
That's what I want to stop.

As for the "Big Brother" comment, the thing to remember is this is MY
computer. Not Microsoft's, not Apple's, not Adobe's, but mine. I'm not
comfortable, nor happy about changes being made to the operation of my
computer for what is perceived as in my best interests. I do understand that
I do not know everything about it and some decisions have to be made by the
software vendors. But, when it comes to software that "autostarts" itself,
I'm more than capable of making the decisions on whether I want that to
happen or not. I'm sure you are aware of what happens when you blindly check
all the boxes when installing something like Live Messenger, or Yahoo
Messenger, or even Adobe Acrobat Reader. After 10 or so installations of
stuff like this, the system has 10 shortcuts on the desktop, a bunch of
autostart services, IE toolbars ... you get my point. Neither me nor you are
going to solve that. I would like a "defender" program to allow ME to decide
whether I want a program autostarting. Not someone else. That's one of the
things I really like about AdAware. Windows defender gives the end user no
control over that; those decisions are being made by someone (not necessarily
Microsoft) who does not know my preferences. I could care less what the
majority of users think when it comes to modifying my registry; identifying
malware, a great idea!

Maybe what I ask is outside the scope of Windows Defender. But, since it
notifies me that the registry change has been made, why not ask me if I want
to allow it or not. I suppose in a round about way, it does, but I have open
Defender, search for the program and remove it. Too many clicks.

Thanks,

Greg
 
B

Bill Sanderson

I hear you.

And I definitely agree with most if not all of what you have to say. The
checkboxes that you must UNcheck in order to install patches to keep your
system secure (sun Java, Apple anything) are something I've griped about
forever. It doesn't do much good to gripe to Microsoft about them--you
notice they, in general, don't do that--especially in security related
areas. The one exception is the overwhelming push for Silverlight--and the
main thing I find a pain about that is you get the push ads even when it is
already installed and active...

So--we need to gripe to Apple and Sun. and since most of us are not paying
customers of theirs, we may have a little less weight.

What you are asking for has been a top request throughout the history of
Windows Defender--which is a good many years now. Microsoft has to tread
very carefully. They've spent a substantial amount of money and time in
creating an industry body that defines spyware in an objective way--when
Windows Defender was created, that definition did not exist--and since it
has been, a substantial industry of competitors has been created.

So--I'd look to the third-party apps that have been referenced in this
thread to handle the stuff that annoys you. Windows Defender is quite
good at what it does, in general, but it doesn't do all the things we'd want
it to do.

I don't mean to suggest that your feedback isn't welcome, either--Windows
Defender has grown and changed even since release, and will continue to do
so with new Windows releases. There's always a chance that somebody will
read these messages in a new light and figure out a way to provide what the
customers are asking for--this stuff does get read.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with the same program being detected over and over. 8
Windows defender allows all intrusions? 1
Defender running but not in taskbar, not popping up 1
Scan Schedule 5
Adware.BMCentral not detected 8
XP Windows Defender problems- cannot uninstall fully, cannot reins 1
Unscheduled Scan of Defender 5
I am getting an error code fromm windows defender 0x8007000d 1

Top