This post was originally published by Kim Crawley.
Before I got into cybersecurity, I spent years as a technical support agent for Windows end users of Windstream, an American ISP. Although Windstream is an ISP, they also offered a general Windows client OS remote support service for their predominantly rural customers.
Many of my malware-related tickets were to fix problems caused by users who installed Trojans. A lot of Windows Trojans present themselves as useful utilities such as drefragmentation tools, registry fixers, and ironically, antivirus software.
The Windows registry has been a component of every client version of Windows from 3.1 to 10. It’s how the platform organizes low level configuration settings, and the settings of many first and third party Windows applications. I think of Windows registry keys as the rough equivalent of .conf files in Linux and UNIX based OSes, but with a set hierarchy.
The Windows Registry editor can be launched in Windows by executing “regedit” from the Run menu. The program is hidden from the GUI, perhaps as a way of preventing users who may not know what they’re doing from making changes that might break their operating system.
Whether or not Windows registry fixing utilities are actually useful is a controversial topic.
According to , Registry cleaners are “digital snake oil.” They believe that making changes to the registry with those utilities at best make improvements that are so subtle that they’re barely perceivable, and at worst do harm that can be significant enough to require a complete reinstallation of Windows. If users believe that their Windows performance is improved after running a utility, it’s a placebo effect.
says there’s no statistical evidence of the performance improvement claims of registry utility vendors. Each vendor has different criteria for what constitutes a “bad entry.” Some utilities don’t make a backup of the registry before making changes to it, so if something bad is done it cannot be easily reversed. Removing registry entries can make malware removal more difficult, and the usefulness of making changes to the Registry is overrated and can be dangerous.
official statement on third party registry utilities is that they don’t recommend their use. They aren’t liable for problems caused by those applications, but if one is used, they recommend backing up the registry first.
There are a lot of third-party applications that advertise themselves as registry fixing utilities that can be downloaded from the internet. They cannot all be malware, but I suspect that some of them are. I decided to do a little experiment of my own, to see if any popular registry utilities might threaten the security of Windows PCs.
I installed a virtual machine of Windows 10 Pro with Oracle VirtualBox under Kubuntu Linux. I gave my VM a 32GB virtual disk, and 2GB of RAM. I used all of the default settings during the installation process.