Sunday, December 23, 2007

The many panes of Windows, Pt 4, The Registry

In the beginning was a frill. Windows 95 "enriched the user interface" by permitting every file to display a custom file icon, something that Windows 3.1 did not support. For Explorer to paint the file icons, it needs to find each icon on disk, and suck it up to the screen. It was decided to create a fast, ram resident database to hold all the needed file pointers. Such a data base, dubbed "the registry" was troublesome to create, so it was generalized to support any program's need to remember things while running. For instance, Windows programs want to remember the size and position of their window (full screen or something less), what files they had open, and what options the users had set, and where the home directory was. Provisions were made to hold patches to the code, and user authorizations, and to start programs.
The major attraction of using the registry is copy protection. The application's install program writes the needed keys into the registry. The program checks for the presence of these keys in the registry as evidence that the program hasn't been pirated. You cannot get MS Office to run on another machine by the simple trick of copying all the MS Office files to the other computer.
The copied program will note the absence of registry keys and refuse to run. Writing the needed keys into the registry by hand is theoretically possible, but in practice it is just too hard. Presto, instant copy protect for programs. The utility of this copy protection became obvious to every programmer and every Windows application uses it now.
Downside. Every program or virus running on the machine can change the registry, and the changes stick, making the damage permanent. The registry is very powerful, it can run anything on the hard drive, alter the code in any program, and change many important windows defaults, such as the default web site web browsers visit upon startup. Coding errors in ordinary applications can do things to the registry that break windows, windows applications , drivers and hardware. The S32EVNT1.dll bug was caused by a faulty registry key. The opportunities for malware to damage the system thru registry modifications are enormous. The registry is one humungous security hole waiting for a place to bite.
And we are stuck with it forever. Changing the powers of the registry would break many programs. For good commercial reasons Microsoft works hard to make each new version of windows run last year's programs, so the registry security hole is with us forever.

No comments: