Re: Vista, HKLM, VB6

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Paul Clement <UseAdddressAtEndofMessage@xxxxxxxxxxxxxx>
Date: Fri, 16 Mar 2007 09:56:37 -0500

On Wed, 14 Mar 2007 13:55:30 -0700, will f wrote:

¤ Isn't is possible that malicious code could break settings in the HKEY_CURRENT_USER hive, or corrupt files in C:\Users\user_name\Documents folders? I don't see how locking down HKLM or C:\Program Files prevents damage. Wouldn't malware just target the unprotected areas? Then what? Lock those down to? Why not require admin credentials to do everything?

HKLM contains autorun sections so it would be the most likely to be exploited by malware.

I'm not sure how you would exploit any of the HKCU sections either. Same for the User Data folders.
Perhaps you had something in mind?

From where is the malicious code to run?

Paul
~~~~
Microsoft MVP (Visual Basic)
.

References:
- Vista, HKLM, VB6
  - From: will f

Prev by Date: Issue with the image backgrounds
Next by Date: Re: Issue with the image backgrounds
Previous by thread: Vista, HKLM, VB6
Next by thread: Issue with the image backgrounds
Index(es):
- Date
- Thread

Relevant Pages

Re: How to disable the "What do you want to search for" search dialog in explorer?
... Yes, there are several complications, especially with the HKCU and HKLM stuff. ... Ramesh Srinivasan, Microsoft MVP [Windows Shell/User] ... to edit the new account template! ...
(microsoft.public.windowsxp.general)
Re: Registry Permissions Error
... I was not aware that users had full control in HKCU and limited access ... in HKLM. ... > security is "below" .net so applies to it also. ... the user is not able to create keys in the registry. ...
(microsoft.public.dotnet.security)
Re: product activation info
... The difference between HKCU and HKLM is apparently hard to ... You store settings that are user-specific in HKCU, ... store data in both roots for a single program. ...
(microsoft.public.vc.language)
Re: Registry-Rechte unter HKCR
... COM schaut zuerst im HKCU nach und danach erst in HKLM um so flexibler zu sein und eine höhere Sicherheit zu gewährleisten. ... In den Registry-Skripts im VC-Project steht zwar auch nur HKCR, aber es will sich nicht unter HKCU eintragen!? ... Das ist meist der unsichere Punkt, ein COM-Objekt, welches für ... Systemverzeichnisse oder auf Daten anderer Benutzer werden auch ...
(microsoft.public.de.vc)
FWBF + Registry Filter
... Registry Filter components. ... But I encountered when trying to put my own monitored keys in the ... Because my application sets the default settings in HKLM during ... installation and allows users to change it and save in HKCU. ...
(microsoft.public.windowsxp.embedded)