Windows Registry

One of the most vital parts of the computer is the Windows registry, or simply “the registry,” which contains instructions regarding the many facets of the computer and its operation. Within the Windows registry you’ll find important data including details about different hardware and applications installed on the computer, the operating system, which will be some version of Windows, and user data such as the various settings and options available. Damage to the registry could render the computer unable to run Windows properly, or even at all.

Hives

A hive is the large part of the Windows registry that stores units of arrangement in sections. Hives, which contain the registry’s keys, subkeys, and values, are easily recognizable as they will begin with HKEY. An example of a registry hive would be: HKEY_LOCAL_MACHINE.

Values

Together with keys, values, which are name-data pairs, are the building blocks of the registry and contain the instructions for the installation of Windows. Although they are stored together with keys, the two are referenced independently of one another.

Keys

Along with values, keys (usually containing subkeys) comprise the entire make-up of the registry. In the example HKEY_LOCAL_MACHINE/Software/Microsoft/Windows, Software/Microsoft/Windows is the subkey while HKEY_LOCAL_MACHINE is its main key.

.REG

.REG files update the registry and can be created or modified using the RegEdit utility in Windows. Multiple .REG files are possible and also common as each deal with separate entries within the registry.

File Extension Record

A type of entry in the Windows registry, file extension records can be found within the HKEY_CLASSES_ROOT key. These records associate a certain file extension with a particular application. For example, the extension .txt is associated with the Notepad program, but it’s the file type record in the registry that will display the actual application used.

File Type Record

File type records specify not only the name and default icons for each and every file type on the computer, but their individual shell commands as well.

DLL

Dynamic Link Library (DLL) stands for a library of executable data or functions used by Windows applications. Frequently scanning the registry and correcting any DLL errors is highly recommended as they can quickly cause a system to become unstable.

Registry Backup

Especially needed before installing or removing new programs or drivers, or before making any configuration changes, a registry backup creates an archived copy of the registry and all of its information, allowing you to easily restore everything to normal in the event something is amiss.

System Restore

First introduced with Windows XP, system restore is an invaluable feature as it allows users to restore their computers to a previous date or time, before whatever problems encountered began. Along with the entire operating system, the registry is also restored to its previous state when using the system restore function.

Malware

Malware is the collective name for a type of software that has been specifically written to do some type of damage or harm to a computer. Some of the most popular types of malware include adware, keyloggers, rootkits, spyware, trojans, viruses, and worms. Stealthy by nature and difficult to detect, malware is also often hard to get rid of. As a general rule, malware software writes directly to the registry, which is usually the only noticeable sign of its existence.

Adware

Similar to malware, adware is a type of malware that displays unsolicited advertisements. Although there is a relatively low risk when it comes to security concerns and adware, some types do actually collect the user’s information in addition to showing the ads.

Keylogger

A keylogger is definitely one of the most harmful types of malware to be concerned with as these silent programs have the ability to capture every single keystroke made, putting all of your sensitive data at risk such as credit card or social security numbers, banking information, and passwords. Running stealthily in the background unbeknownst to the user, the only place traces of keyloggers are found is within the Windows registry.

Spyware

Spyware is perhaps one of the most common types of malware created today. As its name suggests, spyware electronically “spies” on the user while gathering behavioral data and then transmitting it back to the software’s creators. Spyware is often bundled with the installation of programs, which are usually free, and are also installed on the computer without the user’s knowledge or consent. However, like other forms of malware, evidence of spyware can be found in the Windows registry.

Trojan

Similar to spyware, trojans also run in the background without any visible traces of their presence, except, of course, in the registry. Named after the infamous Trojan horse that was used by Achilles and the ancient Greeks to take over the city of Troy, trojans are installed without the user’s knowledge, capture whatever type of data they were designed to steal, and then transmit it back to the creator.

COM/ActiveX

Component Object Model, or COM, is a type of technology that gives applications the ability to reuse or share common functionalities. ActiveX objects, or controls, which are visual components used by programmers, commonly utilize the COM technology. Unfortunately, both COM and ActiveX objects can be used for malicious purposes.

GUID

Stored within the Windows registry are Globally Unique Identifiers, or GUIDs, which are used to identify COM objects along with their respective interfaces. These 128-bit integer numbers are completely unique from one another on a global level.

INI File

Prior to Windows 95 and the introduction of the Windows registry, .INI files were used by programmers and developers to write, add, and adjust settings, data, or commands needed by applications. While there are some developers who still choose to use .INI files, their use has dropped considerably since the advent of the Windows 95 operating system.

Comments are closed.