Modify registry permissions to strengthen the prevention of Trojans and viruses _ registration form

First, the question of the proposed

Most of the Trojan and part of the virus is through the registry from the start or file association or through the system services to achieve since the start, see the "Windows from the start", that there is a way to prevent Trojans or viruses to modify registry entries and increase service?

Ii. solution to the problem

The Windows2000/xp/2003 registry can set permissions, but we use less. Set permissions for the following registry key:

1, set the registry from the start item for everyone read only (Run, RunOnce, Runservice) to prevent Trojans, viruses launched from the start of the project
2, set up. txt,. com,. exe,. inf,. ini,. bat, and so on. File association for Everyone read-only, prevent Trojan, virus start by file association
3, set the registry HKLM\System\CurrentControlSet\Services for everyone read-only, to prevent Trojans, viruses to "service" way to start

The permissions settings for a registry key can be implemented in the following ways:

1, if in the domain environment, may through the Active Directory Group Policy implementation

2. Group Policy for the local computer (command line with Secedit)

3, this article through SETACL this program Add batch processing implementation, can download in http://www.helge.mynetcologne.de/setacl/

4. Manual operation can be done by regedt32 (Windows2000 system, "permission" under Menu "security") or Regedit (WINDOWS2003/XP, under the Edit menu, "permissions")

The batch code is given later.

If you have only the Users group permissions, the above key values are read-only, so you don't have to bother.

Third, the applicable crowd

1, the computer is not very familiar with, do not often install/uninstall software people

2. Friends who like to download software installation on the Internet

3, each computer operator has administrator rights, these people's computer level and uneven enterprise

Iv. problems that still exist

1, install anti-virus software, patching the time may be to those registry operation, so you have to restore permission settings, and then install, installation completed after reset. Not convenient

2, can not withstand 3721, I do not know whether 3721 of the permissions are too high (I heard that 3721 is launched through the driver, ring 0-level permissions)

3), only suitable for windows2000/xp/2003, the other is no way

4, only to deal with those simple viruses and trojans

V. Other

Read this article, you may not be able to scold: neuropathy, two or three words to finish the matter, must make like a paper, write such a large pile, wasting my time. If so, I'm really sorry. Just because the company is implementing ISO, I also feel that the ISO advocated something good, in order to standardize My documents, I will do more practice.

Packaged programs can go to:
https://www.xfocus.net/php/tools.php?sub=down&tid=741 download.

Six, batch processing source code

@goto start
==============================================================
Name: Anti-Trojan
Function:

1. Disable Startup items (Run RunOnce runservices)
2. Do not modify txt,. com,. exe,. inf,. ini,. bat, and so on file associations
3, prohibit the modification of "service" information

Principle: Set registry permissions to read-only

Version revision status

Version number revision date revision person revised content
1.0 2004-12-22 netu0 Create this script
==============================================================
: Start
@SETLOCAL
@rem Active code page is set to Chinese
@chcp 936>nul 2>nul
@echo.
@echo ************************************************************
@echo #
@echo # Welcome to the anti-Trojan program
@echo #
@echo #
@echo ************************************************************

: Chkos
@echo.
@ver "|find" > Nul 2>nul
@if "%errorlevel%" = "0" goto:2000
@ver |find "Microsoft Windows [version 5" > Nul 2>nul
@if "%errorlevel%" = "0" goto:2003
@ver |find "XP" > Nul 2>nul
@if "%errorlevel%" = "0" Goto:xp
@echo.
@echo One of the #您的操作系统不是Windows 2000/xp/2003 and cannot be used.
@goto quit

@rem to insert different commands for different systems in the following statement
: 2000
@set Updatepolicy=secedit/refreshpolicy Machine_policy>nul 2>nul
@goto Selection

: XP
@set Updatepolicy=gpupdate/force>nul 2>nul
@goto Selection

: 2003
@set Updatepolicy=gpupdate/force>nul 2>nul
@goto Selection

: Selection
@rem User Choice
@echo.
@echo Please enter the previous number in the following options
@echo.
@echo 1: Installing anti-Trojan protection
@echo 2: Remove anti-Trojan protection (restore default settings)
@echo 3: View technical information
@echo 4: Exit
@echo.
@set/P userselection= Enter your selections (1, 2, 3, 4)
@if "%userselection%" = = "1" goto Install
@if "%userselection%" = = "2" goto Uninstall
@if "%userselection%" = = "3" goto information
@if "%userselection%" = = "4" Goto quit
@rem Enter other characters
@cls
@goto Selection

: Information
@cls
@echo

============================================================
@echo #
@echo # Welcome to the anti-Trojan program
@echo #
@echo #功能:
@echo #
@echo # 1, set registry from startup to read Only (Run, RunOnce, Runservice),
@echo # Prevent Trojans and viruses from starting by starting the project
@echo # 2, setting. txt,. com,. exe,. inf,. ini,. bat, and so on, the file association is read-only.
@echo # Prevent Trojans and viruses from being started by file associations
@echo # 3, set registry HKLM\System\CurrentControlSet\Services to read-only
@echo # Prevent Trojans and viruses from starting in a "service" way
@echo #
@echo #注意事项:
@echo # Some installers will also use the above registry keys, please run this program before installation,
@echo # then select 2 to restore the default settings. After the installation is complete, rerun this program,
@echo # then select 1 to implement the anti-Trojan protection
@echo ==============================================================
@echo.
@echo Press any key to return to the selection
@pause >nul 2>nul
@cls
@goto Selection
: Install
@set Op=/grant everyone/read/p:no_dont_copy
@goto Doit
: Uninstall
@set Op=/revoke Everyone/read/p:yes
@goto Doit

:D oit
@echo.
@echo Performing operation ...
@rem HKLM
@setacl machine\software\microsoft\windows\currentversion\run/registry%op%>nul 2>nul
@ SetACL machine\software\microsoft\windows\currentversion\runonce/registry%op%>nul 2>nul
@setacl machine\ Software\microsoft\windows\currentversion\runservices/registry%op%>nul 2>nul
@setacl machine\SOFTWARE\ Microsoft\windows\currentversion\runex/registry%op%>nul 2>nul
@setacl machine\software\microsoft\ Windows\currentversion\runonceex/registry%op%>nul 2>nul
@setacl machine\software\microsoft\windows\ Currentversion\runservicesex/registry%op%>nul 2>nul

@rem HKCU
@setacl current_user\software\microsoft\windows\currentversion\run/registry%op%>nul 2>nul
@setacl current_user\software\microsoft\windows\currentversion\runonce/registry%op%>nul 2>nul
@ SetACL current_user\software\microsoft\windows\currentversion\runservices/registry%OP%>nul 2>nul
@ SetACL current_user\software\microsoft\windows\currentversion\runex/registry%OP%>nul 2>nul
@setacl Current_user\software\microsoft\windows\currentversion\runonceex/registry%op%>nul 2>nul
@setacl Current _user\software\microsoft\windows\currentversion\runservicesex/registry%op%>nul 2>nul
@setacl CURRENT_ User\software\microsoft\windows\currentversion\runservicesonce/registry%op%>nul 2>nul

@rem USERS
@setacl user\software\microsoft\windows\currentversion\run/registry%op%>nul 2>nul
@setacl user\software\microsoft\windows\currentversion\runonce/registry%op%>nul 2>nul
@setacl user\software\microsoft\windows\currentversion\runservices/registry%op%>nul 2>nul
@setacl user\software\microsoft\windows\currentversion\runex/registry%op%>nul 2>nul
@setacl user\software\microsoft\windows\currentversion\runonceex/registry%op%>nul 2>nul
@setacl user\software\microsoft\windows\currentversion\runservicesex/registry%op%>nul 2>nul
@setacl user\software\microsoft\windows\currentversion\runservicesonce/registry%op%>nul 2>nul

@rem Services
@setacl machine\system\currentcontrolset\services/registry%op%>nul 2>nul

@rem Classes_root
@setacl classes_root\exefile\shell\open\command/registry%op%>nul 2>nul
@setacl classes_root\inifile\shell\open\command/registry%op%>nul 2>nul
@setacl classes_root\txtfile\shell\open\command/registry%op%>nul 2>nul
@setacl classes_root\comfile\shell\open\command/registry%op%>nul 2>nul
@setacl classes_root\batfile\shell\open\command/registry%op%>nul 2>nul
@setacl classes_root\inffile\shell\open\command/registry%op%>nul 2>nul

@echo Updating account policies, audit policies ...
@REM [Refresh Local Security policy]
@%updatepolicy%>nul 2>nul
@echo account Policy, Audit policy update complete

: Complete
@echo Operation complete
@echo.
@echo.
@echo Please press any key to exit.
@pause >nul 2>nul

: Quit
@rem Clear
@del%systemroot%\system32\setacl.exe>nul 2>nul
@del%systemroot%\system32\antitrojanhorse.bat>nul 2>nul

@ENDLOCAL