Registry cleaner

A registry cleaner is a class of utility software designed for the Microsoft Windows operating system, whose purpose is to remove redundant items from the Windows Registry.

Registry cleaners seem to no longer be supported by Microsoft, despite originally having made and distributed their own registry cleaner under the name of RegClean. Currently, vendors of registry cleaners claim that they are useful to repair inconsistencies arising from manual changes to applications, especially COM-based programs.

The effectiveness of Registry cleaners is a controversial topic.[1] The issue is further clouded by the fact that malware and scareware are often associated with utilities of this type.[2]

Advantages and disadvantages

[edit]

Due to the sheer size and complexity of the Registry database, manually cleaning up redundant and invalid entries may be impractical, so Registry cleaners try to automate the process of looking for invalid entries, missing file references or broken links within the Registry and resolving or removing them.

The correction of an invalid Registry key (such as one or more that remain after uninstallation of a program application) can provide some benefits; but the most voluminous will usually be quite harmless, obsolete records linked with COM-based applications whose associated files are no longer present.

Registry damage

[edit]

Some Registry cleaners make no distinction as to the severity of the errors, and many that do may erroneously categorize errors as "critical" with little basis to support it.[2] Removing or changing certain Registry data can prevent the system from starting, or cause application errors and crashes.

It is not always possible for a third-party program to know whether any particular key is invalid or redundant. A poorly designed Registry cleaner may not be equipped to know for sure whether a key is still being used by Windows or what detrimental effects removing it may have. This may lead to loss of functionality and/or system instability,[3][4][5] As well as application compatibility updates from Microsoft to block problematic Registry cleaners.[6] The Windows Installer CleanUp Utility was a Microsoft-supported utility for addressing Windows Installer related issues.[7][8]

The use of any registry cleaner can be detrimental to a machine, and there is never a good reason to ‘clean’ a registry. It is not a source of load or lag on a system in any way and can lead to additional problems such as software not working or even Windows failing to work, if a registry backup has not been performed.[9]

Malware payloads

[edit]

Registry cleaners have been used as a vehicle by a number of trojan applications to install malware, typically through social engineering attacks that use website pop-up ads or free downloads that falsely report problems that can be "rectified" by purchasing or downloading a Registry cleaner.[10] The worst of the breed are products that advertise and encourage a "free" Registry scan; however, the user typically finds the product has to be purchased for a substantial sum, before it will effect any of the anticipated "repairs". The rogue security software "WinFixer" including Registry cleaners has been ranked as one of the most prevalent pieces of malware currently in circulation.[11]

Scanners as scareware

[edit]

Rogue Registry cleaners are often marketed with alarmist advertisements that falsely claim to have reanalysed your PC, displaying bogus warnings to take "corrective" action; hence the descriptive label "scareware". In October 2008, Microsoft and the Washington attorney general filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the "Registry Cleaner XP" scareware.[12] The lawsuit alleges that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.

Metrics of performance benefit

[edit]

On Windows 9x computers, it was possible that a very large Registry could slow down the computer's start-up time. However, this is less of an issue with NT-based operating systems (including Windows XP and Vista), due to a different on-disk structure of the Registry, improved memory management, and indexing.[13] Furthermore, versions of Windows prior to Server 2003 may fail to start up if the Registry and kernel files are unable to fit within the first 16 MB of memory.[14] Slowdown due to Registry bloat is thus far less of an issue in modern versions of Windows.

Conversely, defragmenting the underlying Registry files (e.g. using the free Microsoft-supported PageDefrag tool),[15] rather than attempting to clean the Registry's contents, has a measurable benefit and has therefore been recommended in the past by experts such as Mark Russinovich.

The Windows Performance Toolkit is specifically designed to troubleshoot performance-related issues under Windows, and it does not include Registry cleaning as one of its optimizations.[16]

Undeletable registry keys

[edit]

Most Registry cleaners cannot repair scenarios such as undeletable Registry keys caused by embedded null characters in their names; only specialized tools such as the RegDelNull utility (part of the free Sysinternals software) are able to do this.[17]

Recovery capability limitations

[edit]

A Registry cleaner cannot repair a Registry hive that cannot be mounted by the system, making the repair via "slave mounting" of a system disk impossible.

A corrupt Registry can be recovered in a number of ways that are supported by Microsoft (e.g. Automated System Recovery, from a "last known-good" boot menu, by re-running setup or by using System Restore). "Last known-good" restores the last system Registry hive (containing driver and service configuration) that successfully booted the system.

Malware removal

[edit]

These tools are also difficult to manage in a non-boot situation, or during an infestation, compared to a full system restore from a backup. In the age of rapidly evolving malware, even a full system restore may be unable to remove a rootkit from a hard drive.

Registry cleaners are likewise not designed for malware removal, although minor side-effects can be repaired, such as a turned-off System Restore. However, in complex scenarios where malware such as spyware, adware, and viruses are involved, the removal of system-critical files may result.[18]

Application virtualisation

[edit]

A Registry cleaner is of no use for cleaning Registry entries associated with a virtualised application since all Registry entries in this scenario are written to an application-specific virtual Registry instead of the real one.[19] Complications of detailed interactions of real-mode with virtual also leaves the potential for incorrect removal of shortcuts and Registry entries that point to "disappeared" files, and consequent confusion by the user of cleaner products. There is little competent information about this specific interaction, and no integration. In general, even if Registry cleaners could be arguably considered safe in a normal end-user environment, they should be avoided in an application virtualisation environment.

See also

[edit]

References

[edit]
  1. ^ "Microsoft now detects CCleaner as a Potentially Unwanted Application".
  2. ^ a b "Symantec Report on Rogue Security Software" (PDF). Symantec. 2009-10-28. Archived from the original (PDF) on 2012-05-15. Retrieved 2010-04-15.
  3. ^ "Error: "Internet Explorer Script Error..." when scanning after running a Registry cleanup utility". Symantec. October 2, 2002. Archived from the original on December 7, 2008. Retrieved 2008-05-19.
  4. ^ "The .NET Framework 2.0 SP1 installation fails on a computer that has the .NET Framework 2.0 installed and that is running Windows XP, Windows Server 2003, or Windows 2000". Microsoft. April 24, 2008. Retrieved 2008-05-19.
  5. ^ "OL2000: Error Message: "Outlook Caused an Invalid Page Fault in Module Msvcrt.dll" When Creating an Appointment". Microsoft. November 5, 2003. Retrieved 2008-05-19.
  6. ^ "August 2009 Windows Vista and Windows Server 2008 Application Compatibility Update". Microsoft. 2009-09-01. Retrieved 2009-09-25.
  7. ^ "Free Utility: Windows Installer CleanUp Utility". Microsoft.
  8. ^ "How do I uninstall Office 2003, Office 2007 or Office 2010 suites if I cannot uninstall it from Control Panel?". Microsoft. 2010-06-29. Retrieved 2010-09-23.
  9. ^ "Windows Maintenance". r/TechSupport Wiki. Retrieved 2024-04-24.
  10. ^ "Fright Fight: Washington Attorney General leading battle against scareware with Microsoft" (Press release). Attorney General, Washington. 2008-09-29. Retrieved 2010-04-01.
  11. ^ "WinFixer". StopBadware.Org. Retrieved 2008-06-21.
  12. ^ Shiels, Maggie (2008-10-01). "Fighting the scourge of scareware". BBC News. Retrieved 2008-10-02.
  13. ^ "Windows 2000 Registry: Latest Features and APIs Provide the Power to Customize and Extend Your Apps". Retrieved July 19, 2007.
  14. ^ "System may not start when creating a large number of logical units and volumes". support.microsoft.com. Archived from the original on 2007-02-27.
  15. ^ Lance Whitney (September 2007). "Utility Spotlight PageDefrag". Microsoft. Retrieved August 29, 2008.
  16. ^ "Windows Performance Analysis Tools". Microsoft. Retrieved August 8, 2010.
  17. ^ Mark Russinovich (2006-11-01). "RegDelNull v1.1". Retrieved 2008-12-08.
  18. ^ Bryce Cogswell and Mark Russinovich (2006-11-01). "RootkitRevealer v1.71". Microsoft. Retrieved 2008-12-08.
  19. ^ Anthony Kinney. "Getting Started with Microsoft Application Virtualization". Microsoft. Retrieved 2009-01-06.