Editing windows registry through a web page?

Is it possible to edit the windows registry (add, delete, and create keys and values) through a web page? It seems possible to do so, because a lot of spy-wares and ad-wares modify things in the windows registry, I’m not sure though? If it’s possible how do spy-wares and ad-wares modify the windows registry though a web page?

Have seen your other posts, i am very sceptical as to why you want such information.
Please state your reasons for wanting to know such details ?

Yes malware/spyware/adware do modify the registry.

Yes It is possible to modify the registry but ethically speaking only provided the user gives his explicit consent to this. If you notify him/her exactly what changes you are making it is ok. The way spyware and malware do it, is without the users consent and unethical not to mention illegal. Futher more spyware and malware usually exploit a flaw or unpatched system.

Tell us why we should share this information with you and i may not close this thread.

Moved to the AV forum at oneMSBi's request...

I'm trying to write a program that permanently blocks spy-wares and ad-wares and I thought to do so I need to know how could they possibly access windows registry without a user’s permission??

ok. There are several methods by which spyware/malware operate in general.

1) By exploiting flaws and bugs in the browser. Now some creaters of malware proactively find vulnerabilities in browsers, while others exploit known holes. The second class of code writers prey on systems that have not been patched or are not properly protected (ie.. the user has been lazy in applying security patches and updates). There is no protection against the first kind because they will exploit flaws that have not yet been detected, unless they choose to reveal the hole in the software (unlikely) they can continue to roam unchecked on a fully protected system. There is only detection and cleaning to be done for such kind of threats... but these are releatively few and generally aimed at corporates/corporate products/networks.

2) another way is where the software exploits user stupidity or lack of computer awareness to install software without the users express consent for all the components being installed. For example the user may choose to install a software which seems legitimate and has some features he wishes to use, but the same installtion alos without the users pemissions installs another application which collects information and monitors his surfing habits...

3) Active X objects are another commonly exploited method for malware go get installed on to user systems. Usually because the user does not bother to verify the signature or the signature is faked etc...

there are more options.. i think you are better of looking at the Microsoft security bulletins and announcements etc...Google is always the best place.. but if you want develop legitimate protection software i suggest you get a through understanding of how a bowser works.


This is a very very lofty ambition and one i dont think is fully obtainable.
A person would require years and years of experiance in the security and protection field before one can even produce a simple form of effective protection. It also requires programming skills and operating skills much much above average.