You are insane

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #197,336 by broomberg 3/5/05 8:05:13 PM Reply	You are insane But we knew that.
Post #197,338 by drewk 3/5/05 8:24:06 PM Reply	No, just paranoid If I absolutely had to know what happened during an installation, it's the only method that would satisfy me. Worms and net-based malware are getting very sophisticated about hiding themselves from the OS. Even an application you install intentionally will frequently leave traces of itself around when you try an uninstall, and the Windows community only sees this as "not well behaved." Considering the people who are supposed to know the platform consider non-removable installations to be no worse than mis-behaving, I don't put a lot of trust in the tools they've come up with. Besides, you should only have to do the verification once. And it is a necessary step in a full-scale security audit. So how paranoid do you want to be? === Purveyor of Doc Hope's [link\|http://DocHope.com\|fresh-baked dog biscuits and pet treats]. [link\|http://DocHope.com\|http://DocHope.com]
Post #197,349 by pwhysall 3/6/05 4:07:49 AM Reply	Agreed. Files are easy - just m5sum them and account for interlopers and changes - but the Registry is a Hard Problem, because it changes all the time. Peter [link\|http://www.ubuntulinux.org\|Ubuntu Linux] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Home] Use P2P for legitimate purposes!

Windows installation monitor - (broomberg) - (30) - March 5, 2005, 05:59:16 PM EST

Sledgehammer approach - (drewk) - (3) - March 5, 2005, 07:00:40 PM EST

You are insane - (broomberg) - (2) - March 5, 2005, 08:05:13 PM EST

No, just paranoid - (drewk) - (1) - March 5, 2005, 08:24:06 PM EST

Agreed. - (pwhysall) - March 6, 2005, 04:07:49 AM EST

Hey, MS claims to have one for free! - (broomberg) - March 5, 2005, 08:07:50 PM EST

Try this. - (inthane-chan) - (2) - March 6, 2005, 12:05:52 AM EST

Err, this is a packager? - (broomberg) - (1) - March 6, 2005, 11:45:46 AM EST

Yep. - (inthane-chan) - March 7, 2005, 03:07:49 PM EST

Advanced Registry Trace - (hnick) - (12) - March 6, 2005, 07:51:55 AM EST

That sounds easy to write - (ben_tilly) - (11) - March 6, 2005, 02:42:03 PM EST

Here's the problem. - (pwhysall) - (7) - March 6, 2005, 02:58:32 PM EST

Good enough for this case though? - (ben_tilly) - (6) - March 6, 2005, 03:00:54 PM EST

Don't trust it - (broomberg) - (2) - March 6, 2005, 03:33:01 PM EST

VmWare? -NT - (Arkadiy) - (1) - March 6, 2005, 04:04:44 PM EST

Too slow - (broomberg) - March 6, 2005, 04:35:22 PM EST

Experiment time! - (pwhysall) - (2) - March 6, 2005, 03:34:08 PM EST

What was running while you did that? - (drewk) - (1) - March 6, 2005, 08:22:03 PM EST

Not much - (pwhysall) - March 7, 2005, 01:34:03 AM EST

Regedit itself can dump into a text file -NT - (Arkadiy) - (1) - March 6, 2005, 02:59:07 PM EST

I just did that, for curiosity's sake. - (pwhysall) - March 6, 2005, 03:02:34 PM EST

Probably is - (hnick) - March 6, 2005, 03:32:54 PM EST

can you peel apart the install? - (boxley) - (1) - March 6, 2005, 05:22:20 PM EST

Too hackish - (broomberg) - March 6, 2005, 06:05:58 PM EST

Maybe contact the company's tech support? - (Another Scott) - (4) - March 6, 2005, 06:15:43 PM EST

bwahahahahahaha - (broomberg) - (3) - March 6, 2005, 06:55:25 PM EST

I thought so. - (Another Scott) - (2) - March 6, 2005, 07:02:38 PM EST

Refer back to here - (broomberg) - (1) - March 6, 2005, 07:53:46 PM EST

Oh. Sorry. They've got you, don't they. :-( -NT - (Another Scott) - March 6, 2005, 08:25:27 PM EST

Filemon might help some - (FuManChu) - (1) - March 6, 2005, 07:10:39 PM EST

Yup, have it running - (broomberg) - March 6, 2005, 07:40:09 PM EST

Yes, no, maybe so.
53 ms