General Registry Monitoring Protection

[leinad31]

If they persevere they can always compare the registry entries before and after install/run. Just encrypt the registry values.

[schoolbusdriver]

There are at least 2 ways in which a registry valuename/value can be written that are effectively hidden from the average user - at least users of RegEdit or any other software that does not entirely use the Native APIs. I don't know about all the editors and monitors out there. The different methods use either the Native or Normal APIs. I think I've mentioned this to you once in a PM - I hope you've deleted it. I won't post any code on this, as the operating system still recognises the entries as valid - values put in ....\Current Version\Run WILL be executed... It can be used for malicious purposes.

Before you even think of doing anything other than simply writing encrypted values, consider the case against Sony (google "sony rootkit court"), who used rootkits to prevent the OS from seeing what their music copyright software was doing. Because they couldn't possibly know all the hardware/software variations out there, thousands of PCs ended up with disabled hardware. Inevitably, they were caught out. The last time I bothered to look they were facing a number of class actions in the courts. Honesty is usually the best policy .

Also, there's nothing to stop someone just using System Restore.....