Search code examples
c#.netsecurityregistryregedit

Hiding registry activity


The Project: I am currently developing a security system and the system relies on the registry for support.

The Problem: If someone managed to locate the registry key I am using, that person could bypass the system. I need to be able to avoid Registry Monitors and other software so that activity with the registry key would be hidden.

Does anyone know how to do this or is there a better method I could use for this purpose?

Thank you.


Solution

  • Why are you trying to hide your software from administrators? The administrator owns the machine, and normally only malware tries to hide itself from machine owners.

    There are rootkit-type techniques that will work against most detection attempts. But if you have to resort to that type of technique, your software will resemble a true rootkit. This is normally a bad thing - in fact, some AV (and tools like RootkitRevealer) will find your software and kill it. Are you sure you want to engage in that type of battle?

    It's hard to advise on a suitable alternative without knowing what you're trying to protect or prevent. Your first action should be to create a threat model. Then you might want to look at techniques involving a digital certificate to keep your private information secret and free from non-detectable tampering. Your app can legitimately install its own digital certificate without your customer ever being aware.

    Edit: In answer to your comment, the best way of ensuring that certificate removal is detected is to "phone home" during install with a hash of the machine's identity. The hash identifies the machine uniquely without giving you any information about the machine. There are licensing schemes that will do all this for you, such as Desaware's licensing system.