Protect Windows' Achilles' Heel Grr! (Greyware Registry Rearguard) automatically protects the vulnerable Windows 9x/ME/Windows NT4/2K/XP/2003 Registry and other vital system config files from unauthorized changes by viruses/worms/trojans, spyware, hackers, and even mistakes you might make yourself! Grr! works stand-alone or alongside existing virus scanners to alert the user (or the system administrator) of potentially malicious activity. Grr! also catches and allows the user (or administrator) to reject unwanted startup program entries from software installation routines - either automatically or case-by-case. Disclaimer Grr! works quietly in the background -- running as a service on either Windows NT4/2K/XP/2003 or Win95/Win98/WinME -- watching all changes to these vital system areas. When a change is detected, Grr! pops up a dialog box letting you either accept or reject the change. Pop-up Warning Screen Grr! can also be set to automatically reject any changes that occur when you are not logged on. This helps protect your machine against attacks over the network. When the Grr! alert box pops up, you can also choose to disable protection temporarily. This function comes in handy when you are installing software that is supposed to modify the registry or system files (such as applying a service pack), and you don't want to be alerted for every change. The service is automatically reenabled when you log off or reboot your machine, and you can also reenable it from the Control Panel applet. For security reasons, you cannot disable the service other than by clicking the Disable button when the alert box pops up. This helps prevent hackers from disabling Grr! without your knowing it. When a change attempt is detected, Grr! shows you exactly where the change was attempted, and how that area of your drive or registry is used. The Grr!Details screen describes the proposed change in plain language. Details Screen showing full explanation of warnings You can also set the program to record full details of all activity -- changes both accepted and rejected -- in a log file for later review. Dozens of Doors with No Locks Because of the way Windows (both NT and Win95/98) are organized, you can have almost any number of startup directories and places in the registry where programs can be set to load automatically. For example, a plain stand-alone Win98 machine without individual profiles turned on has 4 startup files, 2 startup directories, and 21 registry keys that allow programs to run without your knowledge or consent. NT machines have 2 additional registry keys in the HKEY_LOCAL_MACHINE hive, and 2 more in each user hive. If your machine is connected to the network, or has multiple users set up (always the case on NT), there are even more. As a result, it is incredibly easy for malicious programs to install themselves, and Windows provides no protection at all. Grr! Stands Guard Virus scanners generally cannot monitor these sensitive, vital areas (particularly the registry). It is impractical -- if not impossible -- for individuals to monitor them manually. Grr! was written specifically to combat many of the recent worms and trojan horse programs that have slipped past even the most up-to-date virus checkers. Grr! is not designed to replace virus scanners, but to add crucial second-level protection. Think of your virus scanner as a bank guard who watches the faces of customers entering the lobby and frisks anyone who's on his list of known criminals. If the crook isn't yet on his list, he'll let 'em right on in. This is how many people get infected by viruses too new to be included in the vendor's virus latest update (or if they forgot to download it). Grr! is like a motion-sensing automatic alarm in the vault - it lets you know someone is in there that you might not want - even if it's a new, unknown virus that slipped past the guard at the door. Only Grr! can give you the added protection you need. Grr! protects these vital areas of your system: Files and Directories autoexec.bat config.sys winstart.bat (Win95/98 only) autoexec.nt (NT only) config.nt (NT only) win.ini (Win95/98 only) system.ini boot.ini wininit.ini (Win95/98 only) msdos.sys (Win95/98 only) All startup directories Registry, both HKEY_LOCAL_MACHINE and for each user key LOAD= lines RUN= lines Run keys RunOnce keys RunOnceEx keys RunServices keys RunServicesOnce keys Environment variables Winlogon key (NT only) BootExecute, WinLogon, PendingFileRenames (NT only) Common file associations (.dl_, .dll, .inf, .bat, .bmp, .cmd, .pif, .exe, .com, .doc, .dot, .xls, .mdb, .ppt, .txt, .wav, .mpg, .jpg, .gif, .mov, .avi, .url, .lnk, .reg, .vbs, .js, .chm, .hlp, .stf, .wsc, .vbe, .jse, .wsf, .scr, .asx, .wmd, and .wmz -- and you can add your own) For even more protection, you may also add additional Files, Directories, and File Associations of your own choosing to the list of items Grr! monitors. Requirements Win95/98/Windows NT4/2K/XP/2003. Both Intel and Alpha supported for NT4. TCP/IP must be installed on any machine running Grr!. In order for network client/server mode to work (optional), the client and server machines must be members of the same domain or workgroup. Version History 1.3.b.20040902 - maintenance release. Fixed text report misspelling; corrected internal bug. 1.3.b.20040406 - maintenance release. Updated graphics. Upgrade optional. 1.3.b.20040308 - maintenance release. Added workaround for occasional XP shutdown problem. 1.3.b.20030116 - Recommended upgrade. Added workaround for bug in XP registry functions. No other changes. If you are not using Windows XP, there is no reason to upgrade. 1.3.b.20030115 - withdrawn in favor of 20030116 (see above). 1.3.b.20020518 - Optional upgrade. Added Windows.Net support (Intel architecture only). 1.3.b.20020401 - Optional upgrade. Added log file viewer; replaced splash and warning graphics with new images. 1.3.b.20010826 - Optional upgrade. Added several new common file extensions to the defaults; added dialog for configuring ExtraAssociations, ExtraFiles, and ExtraDirs; added color to text in alert dialog to make finding changes easier. Added support for non-English folder names; added support for relocated profile folders in Windows 2K/XP/2003. 1.2.b.20000528 - added support for multiple email servers and non-standard SMTP ports. 1.2.b.20000505 - cosmetic change: different colors on GRR-dog. 1.2.b.20000205 - cosmetic fix: added line break after each item in a directory list. 1.2.b.20000203 - minor upgrade. Added automatic limiting of logfile size. Default setting is 128 KB. Value may be changed by editing the registry value "Max Logfile Size (in KB)" in the Parameters subkey. 1.2.b.20000114 - minor upgrade. Added monitoring of msdos.sys. Added code to ignore non-threatening changes to system.ini, including screen saver changes, password list updates, and paging file settings (among others). 1.2.b.19991218 - minor upgrade. Added support for control panel's Add/Remove Programs, and added support for remote install/removal on NT machines. 1.2.b.19991117 - maintenance release. Clarified error messages produced when user double-clicks the executable file when the service is already running. No changes in functionality. 1.2.b.19991026 - maintenance release. Fixed bug in NT version that could produce an access violation if service was suspended from the GRR Alert screen. 1.2.b.19991001 - added additional support for Norton utilities; reduced overall memory footprint. 1.2.b.19990915 - fixed bug in email code that could prevent sending mail if modem not present. 1.2.b.19990913 - added server settings and email for easier LAN administration. Added code to detect Norton's SpeedDisk and Disk Doctor programs as well as Microsoft's ScanDisk and Defrag. 1.1.b.19990808 - enhanced setup dialog boxes; added advanced settings dialog to the control panel applet. 1.1.b.19990805 - added code to force release of registry keys between multiple logins without reboots. Earlier versions could sometimes prevent roaming profiles from flushing properly, leading to increased resource usage and locking of certain keys during the logon sequence. Added LogoffWait value to Timings subkey and StatFormat to Parameters key. 1.1.b.19990714 - added code to prevent interfererence with ScanDisk and Defrag on Win95/Win98. 1.1.b.19990705 - added monitoring for winlogon key and environment variables on NT; added monitoring for boot.ini. Created setup.exe and new setup procedure. 1.1.b.19990623 - added monitoring for common file association changes (to help catch PrettyPark/W32-Explorer-zip and similar worms). Also added support for auto-reject on Win95 and Win98 when no foreground user is logged on. Exposed registry settings for user-supplied additional settings. 1.0.b.19990620 - first public release.