Registry cleaner

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A registry cleaner is a class of third party software utility designed for the Microsoft Windows operating system, whose purpose is to remove redundant items from the Windows registry.

Registry cleaners are not supported by Microsoft, but vendors of registry cleaners claim that they are useful to repair inconsistencies arising from manual changes to applications, especially COM-based programs.

The of registry cleaners is a controversial topic, with experts in disagreement over their benefits.[citation needed] The issue is further clouded by the fact that malware and scareware are often associated with utilities of this type.[1]

Advantages and disadvantages[edit]

Due to the sheer size and complexity of the registry database, manually cleaning up redundant and invalid entries may be impractical, so registry cleaners try to automate the process of looking for invalid entries, missing file references or broken links within the registry and resolving or removing them.[2]

The correction of an invalid[clarification needed] registry key can provide some benefits; but the most voluminous will usually be quite harmless, obsolete records linked with COM-based applications whose associated files are no longer present.

Registry damage[edit]

Some registry cleaners make no distinction as to the severity of the errors, and many that do may erroneously categorize errors as "critical" with little basis to support it.[1] Removing or changing certain registry data can prevent the system from starting, or cause application errors and crashes.

It is not always possible for a third party program to know whether any particular key is invalid or redundant. A poorly designed registry cleaner may not be equipped to know for sure whether a key is still being used by Windows or what detrimental effects removing it may have. This may lead to loss of functionality and/or system instability,[3][4][5] as well as application compatibility updates from Microsoft to block problematic registry cleaners.[6] The Windows Installer CleanUp Utility was a Microsoft-supported utility for addressing Windows Installer related issues,[7][8]

Malware payloads[edit]

Registry cleaners have been used as a vehicle by a number of trojan applications to install malware, typically through social engineering attacks that use website popups or free downloads that falsely report problems that can be "rectified" by purchasing or downloading a registry cleaner.[9] The worst of the breed are products that advertise and encourage a "free" registry scan; however, the user typically finds the product has to be purchased for a substantial sum, before it will effect any of the anticipated "repairs". Rogue registry cleaners "WinFixer" have been ranked as one of the most prevalent pieces of malware currently in circulation.[10]

Scanners as scareware[edit]

Rogue registry cleaners are often marketed with alarmist advertisements that falsely claim to have pre-analyzed your PC, displaying bogus warnings to take "corrective" action; hence the descriptive label "scareware". In October 2008, Microsoft and the Washington attorney general filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the "Registry Cleaner XP" scareware.[11] The lawsuit alleges that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.

Metrics of performance benefit[edit]

On Windows 9x computers, it was possible that a very large registry could slow down the computer's start-up time. However this is less of an issue with NT-based operating systems (including Windows XP and Vista), due to a different on-disk structure of the registry, improved memory management and indexing.[12] Furthermore, versions of Windows prior to Server 2003 may fail to start up, if the registry and kernel files are unable to fit within the first 16M of memory.[13] Slowdown due to registry bloat is thus far less of an issue in modern versions of Windows.

Conversely, defragmenting the underlying registry files (e.g. using the free Microsoft-supported PageDefrag tool),[14] rather than attempting to clean the Registry's contents, has a measureable benefit and has therefore been recommended in the past by experts such as Mark Russinovich. (A form of defragmentation capability is built directly into Windows since Vista.[clarification needed])

The Windows Performance Toolkit is specifically designed to troubleshoot performance-related issues under Windows, and it does not include Registry cleaning as one of its optimizations.[15]

Undeletable registry keys[edit]

Most registry cleaners cannot repair scenarios such as undeletable registry keys caused by embedded null characters in their names; only specialized tools such as the RegDelNull utility (part of the free Sysinternals software) are able to do this.[16]

Recovery capability limitations[edit]

A registry cleaner cannot repair a registry hive that cannot be mounted by the system, making the repair via "slave mounting" of a system disk impossible.

A corrupt registry can be recovered in a number of ways that are supported by Microsoft (e.g. Automated System Recovery, from a "last known good" boot menu, by re-running setup or by using System Restore). "Last known good" restores the last system registry hive (containing driver and service configuration) that successfully booted the system.

Malware removal[edit]

These tools are also difficult to manage in a non-boot situation, or during an infestation, compared to a full system restore from a backup. In the age of rapidly evolving malware, even a full system restore may be unable to rid a hard drive of a bootkit.

Registry cleaners are likewise not designed for malware removal, although minor side-effects can be repaired, such as a turned-off System Restore. However, in complex scenarios where malware such as spyware, adware and viruses are involved, the removal of system-critical files may result.[17]

Application virtualization[edit]

A registry cleaner is of no use for cleaning registry entries associated with a virtualised application since all registry entries in this scenario are written to an application-specific virtual registry instead of the real one.[18] Complications of detailed interactions of real-mode with virtual also leaves the potential for incorrect removal of shortcuts and registry entries that point to "disappeared" files, and consequent confusion by the user of cleaner products. There is little competent information about this specific interaction, and no integration. In general, even if registry cleaners could be arguably considered safe in a normal end-user environment, they should be avoided in an application virtualization environment.

See also[edit]

References[edit]

  1. ^ a b "Symantec Report on Rogue Security Software". Symantec. 2009-10-28. Retrieved 2010-04-15. 
  2. ^ "What Is The Windows Registry And Why Should I Use A Registry Cleaner?". Solvusoft. Retrieved 15 December 2014. 
  3. ^ "Error: "Internet Explorer Script Error..." when scanning after running a registry cleanup utility". Symantec. October 2, 2002. Retrieved 2008-05-19. 
  4. ^ "The .NET Framework 2.0 SP1 installation fails on a computer that has the .NET Framework 2.0 installed and that is running Windows XP, Windows Server 2003, or Windows 2000". Microsoft. April 24, 2008. Retrieved 2008-05-19. 
  5. ^ "OL2000: Error Message: "Outlook Caused an Invalid Page Fault in Module Msvcrt.dll" When Creating an Appointment". Microsoft. November 5, 2003. Retrieved 2008-05-19. 
  6. ^ "August 2009 Windows Vista and Windows Server 2008 Application Compatibility Update". Microsoft. 2009-09-01. Retrieved 2009-09-25. 
  7. ^ . Microsoft http://technet.microsoft.com/en-us/magazine/2008.08.utilityspotlight.aspx.  Missing or empty |title= (help)
  8. ^ "How do I uninstall Office 2003, Office 2007 or Office 2010 suites if I cannot uninstall it from Control Panel?". Microsoft. 2010-06-29. Retrieved 2010-09-23. 
  9. ^ "Fright Fight: Washington Attorney General leading battle against scareware with Microsoft" (Press release). Attorney General, Washington. 2008-09-29. Retrieved 2010-04-01. 
  10. ^ "WinFixer". StopBadware.Org. Retrieved 2008-06-21. 
  11. ^ Shiels, Maggie (2008-10-01). "Fighting the scourge of scareware". BBC News. Retrieved 2008-10-02. 
  12. ^ "Windows 2000 Registry: Latest Features and APIs Provide the Power to Customize and Extend Your Apps". Retrieved 2007-07-19. 
  13. ^ http://support.microsoft.com/kb/277222
  14. ^ Lance Whitney (September 2007). "Utility Spotlight PageDefrag". Microsoft. Retrieved 2008-08-29. 
  15. ^ "Windows Performance Analysis Tools". Microsoft. Retrieved 2010-08-08. 
  16. ^ Mark Russinovich (2006-11-01). "RegDelNull v1.1". Retrieved 2008-12-08. 
  17. ^ Bryce Cogswell and Mark Russinovich (2006-11-01). "RootkitRevealer v1.71". Microsoft. Retrieved 2008-12-08. 
  18. ^ Anthony Kinney. "Getting Started with Microsoft Application Virtualization". Microsoft. Retrieved 2009-01-06.