Applications that write to the registry, are they portable?

Discuss anything related to portable freeware here.
Message
Author
User avatar
Queue
Posts: 197
Joined: Mon Oct 08, 2007 2:41 am
Contact:

#61 Post by Queue »

Portable simply means it can be run without installation.

Heck, Merriam-Webster even has a definition for portable as it pertains to software:
usable on many computers with little or no modification

Things like settings persistence, leaving behind information or clutter and whatnot is all the realm of how "stealthy" (as TPFC seems to call it) a program is.

Personally, I'm anal about disturbing local settings or bloating up a registry with junk from a portable application so at the very least I create NSIS launchers to protect local settings, restore my portable settings, then clean up the registry (or local settings files in some cases) and restore the local settings for all the software I use portably.

However, my insistence that the software I use not leave behind traces (I don't mind if undelete-able traces are left) of use does not mean the software is or isn't portable. The "stealth"-purists need to recognize that that is what they are and accept that portability simply pertains to the ability for a given program to run without first being installed.

Queue

lajjal
Posts: 82
Joined: Sun Apr 13, 2008 12:18 pm

#62 Post by lajjal »

I think that, in general, this site has it right. Stealth is clearly listed and the entry is usually correct. I disagree with the notion that people who care about stealth are no more than esoteric "purists". Stealth just means that no trace of any kind is left on someone else's computer. If you use your own equipment mostly then stealth is irrelevant. If you find yourself on other people's systems mostly then stealth could be very important for anyone, not just purists. I, personally, prefer the no trace model. It's just a privacy thing.

User avatar
MiDoJo
Posts: 282
Joined: Thu Apr 17, 2008 2:36 pm

#63 Post by MiDoJo »

lajjal wrote:Stealth just means that no trace of any kind is left on someone else's computer
Very Much so. Many of us who consider, but don't always require (nirsoft we're looking at you ;) ), stealth are tech support or just (to paraphrase microshaft) "known as the computer guru" to those we know. Those of us like this would rather leave as little trace as possible, after all we all know that the majority of WinTell Problems arise from bloated under-cared-for registries and random ini files in the Application folders.


Andrew has a great system wherein he tells us exactly what a prog does (and leaves) on the host computer.

and if it doesn't fit into the little boxes he made for them HE JAMS THEM INTO THEM WITH A GIGANTIC AMOUNT OF FORCE :twisted: :twisted:
portablefreeware.com wrote:Note: ADRC Data Recovery Tools has the annoying habit of opening its user guide on the web in the web browser on startup. This behaviour (sic? or British?) cannot be disabled. It is not as stealthy as phoning home without your knowledge, but can be quite irritating nevertheless.

opsimathic
Posts: 50
Joined: Sun Feb 25, 2007 12:12 pm
Location: Uganda

#64 Post by opsimathic »

lajjal wrote:I think that, in general, this site has it right ... personally, prefer the no trace model. It's just a privacy thing.
I want to echo lajjal's comment that this site strikes a good balance. Also that Andrew does a fabulous job of letting us when applications are not stealthy and what the issue is. This gives us the information necessary to make our decisions wisely in accord with what we each deem important.

Personally, I am not overly concerned with completely stealthy applications BUT I AM VERY GLAD that the TPFC community has those who are absolutely determined to push for Stealthy apps at every opportunity. The overall standard of software on this site is enhanced by those who care passionately for this aspect. The recent forum postings about MoboPhoto illustrates this nicely with the developer responding the comments about lack of stealth with rapid modifications and a request for further feedback.

So ... Thank you to Andrew ... and Thanks to you Stealth 'Zealots' - long may to continue to be vigilant to help protect the rest of us.

/opsimathic

User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:

#65 Post by m^(2) »

lajjal wrote:Stealth just means that no trace of any kind is left on someone else's computer.
No, it doesn't. It just means that program itself doesn't leave anything, but Windows monitors programs running on it and saves what it finds important (like MRU lists and logs). So do some programs you can find installed on the host machine, I know sb. who has ProcessMonitor always on. In this case "stealth" sounds like a joke.

lajjal
Posts: 82
Joined: Sun Apr 13, 2008 12:18 pm

#66 Post by lajjal »

Nobody said it's a perfect world. Perfection is unachievable. Yes, Microsoft makes perfect stealth impossible but there is big difference between a permanent registry entry and a temporary MRU entry. Stealth should not be and issue because total stealth isn't possible? That's a straw argument.

User avatar
MiDoJo
Posts: 282
Joined: Thu Apr 17, 2008 2:36 pm

#67 Post by MiDoJo »

lajjal wrote:Stealth should not be and issue because total stealth isn't possible? That's a straw argument.
wait, are you trying to say that we shouldn't get rid of Cops because there is still crime??? LMAO!!! you're Sooooo silly. :roll: :roll: :wink: :roll: :twisted:
m^(2) wrote:I know sb. who has ProcessMonitor (sic) always on. In this case "stealth
Ummmm from Andrew's site
Process Monitor V1.31
Posted on 18th April 2008 - 2MB (uncompressed) - Popularity score (1297) - Suggested by ClausValca
Website - Screenshot - Download - Comments (3) - Post comment - Permalink


Category: System - Task Managers (16)

Synopsis: Process Monitor combines the features of FileMon and RegMon. It displays both file system and registry activities in real-time. Additional features includes non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, file logging etc.

Writes settings to: Windows registry

Dependencies: Administrator rights

How to extract: Download the ZIP package and extract to a folder of your choice. Launch procmon.exe

Stealth: No

License: Freeware
NOT STEALTH!!! So your statement sir/mam is a FLAWED UBERFAIL.
Sorry but at least use examples that are said to be stealth and not just a possibly Portable Program (and if that sb is always running it, it's probably not running portably anyway

lajjal
Posts: 82
Joined: Sun Apr 13, 2008 12:18 pm

#68 Post by lajjal »

Sorry, I don't get the cops reference. All I am saying is that even though absolute stealth is impossible it should still be pursued to the limits imposed by things about the Microsoft environment that we cannot change. Don't see how that makes me silly but I don't really care either.

User avatar
MiDoJo
Posts: 282
Joined: Thu Apr 17, 2008 2:36 pm

#69 Post by MiDoJo »

lajjal wrote:Sorry, I don't get the cops reference. All I am saying is that even though absolute stealth is impossible it should still be pursued to the limits imposed by things about the Microsoft environment that we cannot change. Don't see how that makes me silly but I don't really care either.
No worries lajjal, I was actually using sarcasm to agree with you. M^(2) saying that b/c there are some MRUs etc that stealth was a joke was being compared to the idea that: just 'cause the police are not 100% effective at stopping crime, we shouldn't bother with any law enforcement at all.

I guess since I had to explain it my simile was not as good as it could have been. :oops:

lajjal
Posts: 82
Joined: Sun Apr 13, 2008 12:18 pm

#70 Post by lajjal »

Sorry, I misundersood. I'm smiling now.

User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:

#71 Post by m^(2) »

MiDoJo wrote:
m^(2) wrote:I know sb. who has ProcessMonitor (sic) always on. In this case "stealth
Ummmm from Andrew's site
Process Monitor V1.31
Posted on 18th April 2008 - 2MB (uncompressed) - Popularity score (1297) - Suggested by ClausValca
Website - Screenshot - Download - Comments (3) - Post comment - Permalink


Category: System - Task Managers (16)

Synopsis: Process Monitor combines the features of FileMon and RegMon. It displays both file system and registry activities in real-time. Additional features includes non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, file logging etc.

Writes settings to: Windows registry

Dependencies: Administrator rights

How to extract: Download the ZIP package and extract to a folder of your choice. Launch procmon.exe

Stealth: No

License: Freeware
NOT STEALTH!!! So your statement sir/mam is a FLAWED UBERFAIL.
Sorry but at least use examples that are said to be stealth and not just a possibly Portable Program (and if that sb is always running it, it's probably not running portably anyway
You misunderstood my statement. ProcessMonitor is a program that basicly very carefully looks at working programs' hands and logs everything. When it's on, you can track VERY well what every app was doing. Also "stealth" one.
MiDoJo wrote:M^(2) saying that b/c there are some MRUs etc that stealth was a joke was being compared to the idea that: just 'cause the police are not 100% effective at stopping crime, we shouldn't bother with any law enforcement at all.
I just say that calling programs "stealth" is very misleading. Personally I say "clean".

User avatar
lococobra
Posts: 127
Joined: Fri Aug 03, 2007 10:42 am
Location: USA
Contact:

#72 Post by lococobra »

You know, even stealth programs leave crap in the prefetch...

Just throwing that out there...........

User avatar
tomcat
Posts: 10
Joined: Sun Sep 14, 2014 9:24 am
Location: Europe
Contact:

Re: Applications that write to the registry, are they portable?

#73 Post by tomcat »

A highly interesting topic, but which sometimes gets too theoretically involved with concepts. I shall try to revive it from a more practical approach.

In practice, a portable but non-stealth app that writes to the registry can be worse than one that needs installation, because there is no uninstaller for removing those registry entries. They’ll remain when the app is removed, while running registry cleaners is not only mostly ineffective but also inadvisable. Such an app is of limited value only in cases where you cannot install programs, not enough to justify the enormous popularity of portable apps.

Writing in its own folder and/or creating temporary files is of no concern.

So according to the above, I’d define a “usefully portable” app as one that:
When the app’s folder and any temporary files are deleted, no traces are left on the computer.

User avatar
Midas
Posts: 6710
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Applications that write to the registry, are they portable?

#74 Post by Midas »

tomcat wrote: In practice, a portable but non-stealth app that writes to the registry can be worse than one that needs installation, because there is no uninstaller for removing those registry entries.
Let me start by disagreeing with you on this.

You seem to be prioritizing stealth over ease of use. I have been through this debate before.

There are even cases where apps write to the system registry and are still worthwhile portable programs. Browsers and image viewers come to my mind. It mostly depends on the kind of information stored in the registry.

You can easily track registry changes with any one of several methods detailed elsewhere on the forums.

I, for one, make a case of exposing such info.

User avatar
Midas
Posts: 6710
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Applications that write to the registry, are they portable?

#75 Post by Midas »

From self titled "Windows Incident Response" blog, an in-depth look at autostarting registry entries -- with some implications for Sysinternals' Autoruns utility -- a topic most relevant for portability...
Analysts are familiar with the Run keys as autostart locations within the Windows Registry:

Code: Select all

[HKLM|HKCU]\Software\Microsoft\Windows\CurrentVersion\Run
Values beneath these keys are automatically run asynchronously upon system start and user login, respectively. This is something we've know for a while, and we've dutifully incorporated these autostart locations into our "indicators of program execution" artifact category. It turns out, that may not be the case.

Post Reply