Registry cleaner

Last updated

A registry cleaner is a class of utility software designed for the Microsoft Windows operating system, whose purpose is to remove redundant items from the Windows Registry.

Contents

Registry cleaners seem to no longer be supported by Microsoft, despite originally having made and distributed their own registry cleaner under the name of RegClean. Currently, vendors of registry cleaners claim that they are useful to repair inconsistencies arising from manual changes to applications, especially COM-based programs.

The effectiveness of Registry cleaners is a controversial topic. [1] The issue is further clouded by the fact that malware and scareware are often associated with utilities of this type. [2]

Advantages and disadvantages

Due to the sheer size and complexity of the Registry database, manually cleaning up redundant and invalid entries may be impractical, so Registry cleaners try to automate the process of looking for invalid entries, missing file references or broken links within the Registry and resolving or removing them.

The correction of an invalid Registry key (such as one or more that remain after uninstallation of a program application) can provide some benefits; but the most voluminous will usually be quite harmless, obsolete records linked with COM-based applications whose associated files are no longer present.

Registry damage

Some Registry cleaners make no distinction as to the severity of the errors, and many that do may erroneously categorize errors as "critical" with little basis to support it. [2] Removing or changing certain Registry data can prevent the system from starting, or cause application errors and crashes.

It is not always possible for a third-party program to know whether any particular key is invalid or redundant. A poorly designed Registry cleaner may not be equipped to know for sure whether a key is still being used by Windows or what detrimental effects removing it may have. This may lead to loss of functionality and/or system instability, [3] [4] [5] As well as application compatibility updates from Microsoft to block problematic Registry cleaners. [6] The Windows Installer CleanUp Utility was a Microsoft-supported utility for addressing Windows Installer related issues. [7] [8]

The use of any registry cleaner can be detrimental to a machine, and there is never a good reason to ‘clean’ a registry. It is not a source of load or lag on a system in any way and can lead to additional problems such as software not working or even Windows failing to work, if a registry backup has not been performed. [9]

Malware payloads

Registry cleaners have been used as a vehicle by a number of trojan applications to install malware, typically through social engineering attacks that use website pop-up ads or free downloads that falsely report problems that can be "rectified" by purchasing or downloading a Registry cleaner. [10] The worst of the breed are products that advertise and encourage a "free" Registry scan; however, the user typically finds the product has to be purchased for a substantial sum, before it will effect any of the anticipated "repairs". The rogue security software "WinFixer" including Registry cleaners has been ranked as one of the most prevalent pieces of malware currently in circulation. [11]

Scanners as scareware

Rogue Registry cleaners are often marketed with alarmist advertisements that falsely claim to have reanalysed your PC, displaying bogus warnings to take "corrective" action; hence the descriptive label "scareware". In October 2008, Microsoft and the Washington attorney general filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the "Registry Cleaner XP" scareware. [12] The lawsuit alleges that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.

Metrics of performance benefit

On Windows 9x computers, it was possible that a very large Registry could slow down the computer's start-up time. However, this is less of an issue with NT-based operating systems (including Windows XP and Vista), due to a different on-disk structure of the Registry, improved memory management, and indexing. [13] Furthermore, versions of Windows prior to Server 2003 may fail to start up if the Registry and kernel files are unable to fit within the first 16 MB of memory. [14] Slowdown due to Registry bloat is thus far less of an issue in modern versions of Windows.

Conversely, defragmenting the underlying Registry files (e.g. using the free Microsoft-supported PageDefrag tool), [15] rather than attempting to clean the Registry's contents, has a measurable benefit and has therefore been recommended in the past by experts such as Mark Russinovich.

The Windows Performance Toolkit is specifically designed to troubleshoot performance-related issues under Windows, and it does not include Registry cleaning as one of its optimizations. [16]

Undeletable registry keys

Most Registry cleaners cannot repair scenarios such as undeletable Registry keys caused by embedded null characters in their names; only specialized tools such as the RegDelNull utility (part of the free Sysinternals software) are able to do this. [17]

Recovery capability limitations

A Registry cleaner cannot repair a Registry hive that cannot be mounted by the system, making the repair via "slave mounting" of a system disk impossible.

A corrupt Registry can be recovered in a number of ways that are supported by Microsoft (e.g. Automated System Recovery, from a "last known-good" boot menu, by re-running setup or by using System Restore). "Last known-good" restores the last system Registry hive (containing driver and service configuration) that successfully booted the system.

Malware removal

These tools are also difficult to manage in a non-boot situation, or during an infestation, compared to a full system restore from a backup. In the age of rapidly evolving malware, even a full system restore may be unable to remove a rootkit from a hard drive.

Registry cleaners are likewise not designed for malware removal, although minor side-effects can be repaired, such as a turned-off System Restore. However, in complex scenarios where malware such as spyware, adware, and viruses are involved, the removal of system-critical files may result. [18]

Application virtualisation

A Registry cleaner is of no use for cleaning Registry entries associated with a virtualised application since all Registry entries in this scenario are written to an application-specific virtual Registry instead of the real one. [19] Complications of detailed interactions of real-mode with virtual also leaves the potential for incorrect removal of shortcuts and Registry entries that point to "disappeared" files, and consequent confusion by the user of cleaner products. There is little competent information about this specific interaction, and no integration. In general, even if Registry cleaners could be arguably considered safe in a normal end-user environment, they should be avoided in an application virtualisation environment.

See also

Related Research Articles

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">Scareware</span> Malware designed to elicit fear, shock, or anxiety

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

<span class="mw-page-title-main">Windows Registry</span> Database for Microsoft Windows

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.

<span class="mw-page-title-main">Norton Utilities</span> Computer utility software

Norton Utilities is a utility software suite designed to help analyze, configure, optimize and maintain a computer. The latest version of the original series of Norton Utilities is Norton Utilities 16 for Windows XP/Vista/7/8, released 26 October 2012.

<span class="mw-page-title-main">Shadow Copy</span> Microsoft technology for storage snapshots

Shadow Copy is a technology included in Microsoft Windows that can create backup copies or snapshots of computer files or volumes, even when they are in use. It is implemented as a Windows service called the Volume Shadow Copy service. A software VSS provider service is also included as part of Windows to be used by Windows applications. Shadow Copy technology requires either the Windows NTFS or ReFS filesystems in order to create and store shadow copies. Shadow Copies can be created on local and external volumes by any Windows component that uses this technology, such as when creating a scheduled Windows Backup or automatic System Restore point.

PageDefrag is a program, developed by Sysinternals, for Microsoft Windows that runs at start-up to defragment the virtual memory page file, the registry files and the Event Viewer's logs.

<span class="mw-page-title-main">Windows Live OneCare</span> Discontinued Microsoft security software

Windows Live OneCare was a computer security and performance enhancement service developed by Microsoft for Windows. A core technology of OneCare was the multi-platform RAV, which Microsoft purchased from GeCAD Software Srl in 2003, but subsequently discontinued. The software was available as an annual paid subscription, which could be used on up to three computers.

<span class="mw-page-title-main">System Restore</span> System recovery feature in Microsoft Windows

System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state to that of a previous point in time, which can be used to recover from system malfunctions or other problems. First included in Windows Me, it has been included in all following desktop versions of Windows released since, excluding Windows Server. In Windows 10, System Restore is turned off by default and must be enabled by users in order to function. This does not affect personal files such as documents, music, pictures, and videos.

<span class="mw-page-title-main">Mark Russinovich</span> Spanish-born American software engineer

Mark Eugene Russinovich is a Spanish-born American software engineer and author who serves as CTO of Microsoft Azure. He was a cofounder of software producers Winternals before Microsoft acquired it in 2006.

<span class="mw-page-title-main">WinFixer</span> Rogue security software

WinFixer was a family of scareware rogue security programs developed by Winsoftware which claimed to repair computer system problems on Microsoft Windows computers if a user purchased the full version of the software. The software was mainly installed without the user's consent. McAfee claimed that "the primary function of the free version appears to be to alarm the user into paying for registration, at least partially based on false or erroneous detections." The program prompted the user to purchase a paid copy of the program.

Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website was created in 1996 and was operated by the company Winternals Software LP, which was located in Austin, Texas. It was started by software developers Bryce Cogswell and Mark Russinovich. Microsoft acquired Winternals and its assets on July 18, 2006.

<span class="mw-page-title-main">User Account Control</span> Security software

User Account Control (UAC) is a mandatory access control enforcement feature introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows 11. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorises an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges and malware are kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorises it.

<span class="mw-page-title-main">Microsoft Drive Optimizer</span> Windows utility which defragments a hard drive

Microsoft Drive Optimizer is a utility in Microsoft Windows designed to increase data access speed by rearranging files stored on a disk to occupy contiguous storage locations, a technique called defragmentation. Microsoft Drive Optimizer was first officially shipped with Windows XP.

<span class="mw-page-title-main">MSConfig</span> Microsoft Windows System Configuration

MSConfig is a system utility to troubleshoot the Microsoft Windows startup process. It can disable or re-enable software, device drivers and Windows services that run at startup, or change boot parameters.

<span class="mw-page-title-main">PC Tools (company)</span> Australian software company

PC Tools was a software company founded in 2003 and acquired by Symantec in 2008; the new owner eventually discontinued the PC Tools name. Company headquarters were in Australia, with offices in Luxembourg, the United States, United Kingdom, Ireland, and Ukraine. The company had previously developed and distributed security and optimization software for the Mac OS X and Microsoft Windows platforms.

<span class="mw-page-title-main">CCleaner</span> Suite of utilities for cleaning disk and operating system environment

CCleaner, developed by Piriform Software, is a utility used to clean potentially unwanted files and invalid Windows Registry entries from a computer. It is one of the longest-established system cleaners, first launched in 2004. It was originally developed for Microsoft Windows only, but in 2012, a macOS version was released. An Android version was released in 2014.

<span class="mw-page-title-main">Microsoft Security Essentials</span> Discontinued antivirus product for Microsoft Windows

Microsoft Security Essentials (MSE) is a discontinued antivirus software (AV) product that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and Trojan horses. Prior to version 4.5, MSE ran on Windows XP, Windows Vista, and Windows 7, but not on Windows 8 and later versions, which have built-in AV components known as Windows Defender. MSE 4.5 and later versions do not run on Windows XP. The license agreement allows home users and small businesses to install and use the product free of charge.

<span class="mw-page-title-main">AVG PC TuneUp</span> Utility software suite for Microsoft Windows

AVG TuneUp, previously called AVG PC Tuneup, and TuneUp Utilities, is a utility software suite for Microsoft Windows designed to help manage, maintain, optimize, configure, and troubleshoot a computer system. It was produced and developed by TuneUp Software GmbH. TuneUp Software was headquartered in Darmstadt, Germany, and co-founded by Tibor Schiemann and Christoph Laumann in 1997. In 2011, AVG Technologies acquired TuneUp Software. AVG was then acquired by Avast in 2016 and became a part of larger company Gen Digital in 2022.

MS Antivirus is a scareware rogue anti-virus which purports to remove virus infections found on a computer running Microsoft Windows. It attempts to scam the user into purchasing a "full version" of the software. The company and the individuals behind Bakasoftware operated under other different 'company' names, including Innovagest2000, Innovative Marketing Ukraine, Pandora Software, LocusSoftware, etc.

References

  1. "Microsoft now detects CCleaner as a Potentially Unwanted Application".
  2. 1 2 "Symantec Report on Rogue Security Software" (PDF). Symantec. 2009-10-28. Archived from the original (PDF) on 2012-05-15. Retrieved 2010-04-15.
  3. "Error: "Internet Explorer Script Error..." when scanning after running a Registry cleanup utility". Symantec. October 2, 2002. Archived from the original on December 7, 2008. Retrieved 2008-05-19.
  4. "The .NET Framework 2.0 SP1 installation fails on a computer that has the .NET Framework 2.0 installed and that is running Windows XP, Windows Server 2003, or Windows 2000". Microsoft. April 24, 2008. Retrieved 2008-05-19.
  5. "OL2000: Error Message: "Outlook Caused an Invalid Page Fault in Module Msvcrt.dll" When Creating an Appointment". Microsoft. November 5, 2003. Retrieved 2008-05-19.
  6. "August 2009 Windows Vista and Windows Server 2008 Application Compatibility Update". Microsoft. 2009-09-01. Retrieved 2009-09-25.
  7. "Free Utility: Windows Installer CleanUp Utility". Microsoft. 8 September 2016.
  8. "How do I uninstall Office 2003, Office 2007 or Office 2010 suites if I cannot uninstall it from Control Panel?". Microsoft. 2010-06-29. Retrieved 2010-09-23.
  9. "Windows Maintenance". r/TechSupport Wiki. Retrieved 2024-04-24.
  10. "Fright Fight: Washington Attorney General leading battle against scareware with Microsoft" (Press release). Attorney General, Washington. 2008-09-29. Retrieved 2010-04-01.
  11. "WinFixer". StopBadware.Org. Retrieved 2008-06-21.
  12. Shiels, Maggie (2008-10-01). "Fighting the scourge of scareware". BBC News . Retrieved 2008-10-02.
  13. "Windows 2000 Registry: Latest Features and APIs Provide the Power to Customize and Extend Your Apps" . Retrieved July 19, 2007.
  14. "System may not start when creating a large number of logical units and volumes". support.microsoft.com. Archived from the original on 2007-02-27.
  15. Lance Whitney (September 2007). "Utility Spotlight PageDefrag". Microsoft. Retrieved August 29, 2008.
  16. "Windows Performance Analysis Tools". Microsoft. Retrieved August 8, 2010.
  17. Mark Russinovich (2006-11-01). "RegDelNull v1.1" . Retrieved 2008-12-08.
  18. Bryce Cogswell and Mark Russinovich (2006-11-01). "RootkitRevealer v1.71". Microsoft. Retrieved 2008-12-08.
  19. Anthony Kinney. "Getting Started with Microsoft Application Virtualization". Microsoft. Retrieved 2009-01-06.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.