At some point, if you work in the computer security arena, you will be asked – hey we just got some software can you check it out to see if it is okay to use? So what do you do.
This task can be broken down into 3 parts - determine how the software affects the computer, determine the software’s vulnerabilities, and determine the network resources required to operate the software. As a side note I am going to limit this discussion to windows, since that is 90% of the world and what you often see in the business environment. Also the focus is on desktop software, web and server software is a whole another ballpark. One more assumption the source code is not available to us.
The first step; determine how the software modifies the computer’s current configuration.
There are a couple of ways to track changes in windows:
- Use regedit to export registry settings- Install the software
- Use regedit to export registry settings
- Use windiff to find differences in the two registry files
- Determine file changes by using the search command to search for all files *.* , select when it was modified and enter the date the software was installed. Then sort the search results by date modified. Using the timestamps you can tell what files where modified by the installation of the software.
Now that is one way, but an easier way is to use an automated program that can perform all these functions at once. InstallWatch is a free software program that will track all registry and file changes, and provides an easy to use interface. The program will also allow you to export the data into text file, for an automated means of processing.
InstallWatch Process
- Install InstallWatch
- Use Installwatch to take a Snapshot of the computer
- Install the software
- Use Installwatch to take a Snapshot of the computer
- Installwatch will automatically compare the two snapshots and you can Review the results
0 comments:
Post a Comment