Registry cleaner
Encyclopedia
A registry cleaner is a type of software utility designed for the Microsoft Windows
operating system
, the purpose of which is to remove redundant or unwanted items from the Windows registry
.
A registry cleaner is demonstrably useful for frequent manual changes in file system, start menu, and COM
-based programs. A virtual machine
or virtual application
is often a faster and more reliable means of reverting an operating system to a previous good known state in a testing or application sequencing scenario; however, setting up and using a virtual machine can be somewhat tricky and intimidating for the amateur user, who may not have the benefit of expert, hands-on guidance.
The necessity and usefulness of registry cleaners is a controversial topic, with experts in disagreement over their benefits. The problem is further clouded by the fact that malware
and scareware
are often associated with utilities of this type.
The correction of an invalid registry key can provide some benefits, as listed above; but the most voluminous will usually be quite harmless, obsolete records linked with COM-based applications whose associated files are no longer present.
There is a popular misconception that the value of registry cleaning lies in reducing "registry bloat". Even a neglected registry will seldom contain more than two or three thousand redundant entries. Bearing in mind that the modern registry may contain more than a million entries, the elimination of two or three thousand is not going to save any noticeable amount of scanning time. The value of a cleaner resides in the quality of the entries it eradicates, not in their quantity.
It is not always possible for a third party program to know whether any particular key is invalid or redundant. A poorly-designed registry cleaner may not be equipped to know for sure whether a key is still being used by Windows or what detrimental effects removing it may have. This may lead to loss of functionality and/or system instability, as well as application compatibility updates from Microsoft to block problematic registry cleaners. The Windows Installer CleanUp Utility was a Microsoft-supported utility for addressing Windows Installer
related issues, however the program has subsequently been deprecated because of unintended damage that it caused.
The level of skill necessary to use a registry cleaner to actually improve the performance of a machine is higher than the level of skill necessary to configure an easy incremental backup
solution. With such a solution, the OS can be restored if any recent changes proved to be bad ones. This is safer than most registry cleaners. While it is true that some registry cleaners are safe, these cleaners do not improve performance. The rest are a mix of powerful and dangerous tools unsuited to non-professionals, snake-oil, and actual malware.
applications to install malware
, typically through social engineering
attacks that use website popups
or free downloads that falsely report problems that can be "rectified" by purchasing or downloading a registry cleaner. The worst of the breed are products that advertise and encourage a "free" registry scan; however, the user typically finds the product has to be purchased for a substantial sum, before it will effect any of the anticipated "repairs". Rogue registry cleaners "WinFixer
" have been ranked as one of the most prevalent pieces of malware currently in circulation.
". In October 2008, Microsoft
and the Washington attorney general
filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the "Registry Cleaner XP" scareware. The lawsuit alleges that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.
computers, it was possible that a very large registry could slow down the computer's startup time. However this is far less of an issue with NT
-based operating systems (including Windows XP
and Vista
) due to a different on-disk structure of the registry, improved memory management and indexing
. Slowdown due to registry bloat is thus far less of an issue in modern versions of Windows. Defragmenting the registry files (e.g. using a Microsoft-supported tool such as PageDefrag
), has likewise been de-emphasized due to this increased efficiency, and is largely an automated process under Vista.
The Windows Performance Toolkit is specifically designed to troubleshoot performance-related issues under Windows.
A corrupt registry can be recovered in a number of ways that are supported by Microsoft (e.g. Automated System Recovery
, from a "last known good" boot menu, by re-running setup or by using System Restore
). "Last known good" restores the last system registry hive (containing driver and service configuration) that successfully booted the system.
Registry cleaners are likewise not designed for malware removal, although minor side-effects can be repaired, such as a turned-off System Restore
. However, in complex scenarios where malware such as spyware
, adware
and viruses
are involved, the removal of system-critical files may result.
since all registry entries in this scenario are written to an application-specific virtual registry instead of the real one. Complications of detailed interactions of real-mode with virtual also leaves the potential for incorrect removal of shortcuts and registry entries that point to "disappeared" files, and consequent confusion by the user of cleaner products. There is little competent information about this specific interaction, and no integration. In general, even if registry cleaners could be arguably considered safe in a normal end-user environment, they should be avoided in an application virtualization environment.
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, the purpose of which is to remove redundant or unwanted items from the Windows registry
Windows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
.
A registry cleaner is demonstrably useful for frequent manual changes in file system, start menu, and COM
Component Object Model
Component Object Model is a binary-interface standard for software componentry introduced by Microsoft in 1993. It is used to enable interprocess communication and dynamic object creation in a large range of programming languages...
-based programs. A virtual machine
Virtual machine
A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". Modern virtual machines are implemented with either software emulation or hardware virtualization or both together.-VM Definitions:A virtual machine is a software...
or virtual application
Application Virtualization
Application virtualization is an umbrella term that describes software technologies that improve portability, manageability and compatibility of applications by encapsulating them from the underlying operating system on which they are executed. A fully virtualized application is not installed in...
is often a faster and more reliable means of reverting an operating system to a previous good known state in a testing or application sequencing scenario; however, setting up and using a virtual machine can be somewhat tricky and intimidating for the amateur user, who may not have the benefit of expert, hands-on guidance.
The necessity and usefulness of registry cleaners is a controversial topic, with experts in disagreement over their benefits. The problem is further clouded by the fact that malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
and scareware
Scareware
Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at...
are often associated with utilities of this type.
Advantages and disadvantages
Due to the sheer size and complexity of the registry database, manually cleaning up redundant and invalid entries would be impractical, so registry cleaners automate the process of looking for invalid entries, missing file references or broken links within the registry and resolving or removing them.The correction of an invalid registry key can provide some benefits, as listed above; but the most voluminous will usually be quite harmless, obsolete records linked with COM-based applications whose associated files are no longer present.
There is a popular misconception that the value of registry cleaning lies in reducing "registry bloat". Even a neglected registry will seldom contain more than two or three thousand redundant entries. Bearing in mind that the modern registry may contain more than a million entries, the elimination of two or three thousand is not going to save any noticeable amount of scanning time. The value of a cleaner resides in the quality of the entries it eradicates, not in their quantity.
Registry damage
Some registry cleaners make no distinction as to the severity of the errors, and many that do may erroneously categorize errors as "critical" with little basis to support it. Removing or changing certain registry data can prevent the system from starting, or cause application errors and crashes.It is not always possible for a third party program to know whether any particular key is invalid or redundant. A poorly-designed registry cleaner may not be equipped to know for sure whether a key is still being used by Windows or what detrimental effects removing it may have. This may lead to loss of functionality and/or system instability, as well as application compatibility updates from Microsoft to block problematic registry cleaners. The Windows Installer CleanUp Utility was a Microsoft-supported utility for addressing Windows Installer
Windows Installer
The Windows Installer is a software component used for the installation, maintenance, and removal of software on modern Microsoft Windows systems...
related issues, however the program has subsequently been deprecated because of unintended damage that it caused.
The level of skill necessary to use a registry cleaner to actually improve the performance of a machine is higher than the level of skill necessary to configure an easy incremental backup
Incremental backup
An incremental backup preserves data by not creating multiple copies that are based on the differences in those data: a successive copy of the data contains only that portion which has changed since the preceding copy has been created.-Incremental:...
solution. With such a solution, the OS can be restored if any recent changes proved to be bad ones. This is safer than most registry cleaners. While it is true that some registry cleaners are safe, these cleaners do not improve performance. The rest are a mix of powerful and dangerous tools unsuited to non-professionals, snake-oil, and actual malware.
Malware payloads
Registry cleaners have been used as a vehicle by a number of trojanTrojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
applications to install malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, typically through social engineering
Social engineering (security)
Social engineering is commonly understood to mean the art of manipulating people into performing actions or divulging confidential information...
attacks that use website popups
Pop-up ad
Pop-up ads or pop-ups are a form of online advertising on the World Wide Web intended to attract web traffic or capture email addresses. Pop-ups are generally new web browser windows to display advertisements...
or free downloads that falsely report problems that can be "rectified" by purchasing or downloading a registry cleaner. The worst of the breed are products that advertise and encourage a "free" registry scan; however, the user typically finds the product has to be purchased for a substantial sum, before it will effect any of the anticipated "repairs". Rogue registry cleaners "WinFixer
WinFixer
WinFixerAlso known under various other names including: WinAntiVirusPro, ErrorSafe, SystemDoctor, WinAntiSpyware, AVSystemCare, WinAntiSpy, Windows Police Pro, Performance Optimizer, StorageProtector, PrivacyProtector, WinReanimator, DriveCleaner, WinspywareProtect, PCTurboPro, FreePCSecure,...
" have been ranked as one of the most prevalent pieces of malware currently in circulation.
Scanners as scareware
Rogue registry cleaners are often marketed with alarmist advertisements that falsely claim to have pre-analyzed your PC, displaying bogus warnings to take "corrective" action; hence the descriptive label "scarewareScareware
Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at...
". In October 2008, Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
and the Washington attorney general
Attorney General
In most common law jurisdictions, the attorney general, or attorney-general, is the main legal advisor to the government, and in some jurisdictions he or she may also have executive responsibility for law enforcement or responsibility for public prosecutions.The term is used to refer to any person...
filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the "Registry Cleaner XP" scareware. The lawsuit alleges that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.
Metrics of performance benefit
On Windows 9xWindows 9x
Windows 9x is a generic term referring to a series of Microsoft Windows computer operating systems produced since 1995, which were based on the original and later modified Windows 95 kernel...
computers, it was possible that a very large registry could slow down the computer's startup time. However this is far less of an issue with NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
-based operating systems (including Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
and Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
) due to a different on-disk structure of the registry, improved memory management and indexing
Index (database)
A database index is a data structure that improves the speed of data retrieval operations on a database table at the cost of slower writes and increased storage space...
. Slowdown due to registry bloat is thus far less of an issue in modern versions of Windows. Defragmenting the registry files (e.g. using a Microsoft-supported tool such as PageDefrag
PageDefrag
PageDefrag is a program, developed by Sysinternals , for Microsoft Windows that runs at start-up to defragment the virtual memory page file, the registry files and the Event Viewer's logs .Defragmenting these files may improve performance...
), has likewise been de-emphasized due to this increased efficiency, and is largely an automated process under Vista.
The Windows Performance Toolkit is specifically designed to troubleshoot performance-related issues under Windows.
Undeletable registry keys
Registry cleaners cannot repair scenarios such as undeletable registry keys caused by embedded null characters in their names; only specialized tools such as the RegDelNull utility (part of the Sysinternals software) are able to do this.Recovery capability limitations
A registry cleaner cannot repair a registry hive that cannot be mounted by the system, making the repair via "slave mounting" of a system disk impossible..A corrupt registry can be recovered in a number of ways that are supported by Microsoft (e.g. Automated System Recovery
Automated System Recovery
Automated System Recovery is a feature of the Windows XP operating system that can be used to simplify recovery of a computer's system or boot volumes. ASR consists of two parts: an automated backup, and an automated restore...
, from a "last known good" boot menu, by re-running setup or by using System Restore
System Restore
System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7, but not Windows 2000, operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of system malfunction or failure.The...
). "Last known good" restores the last system registry hive (containing driver and service configuration) that successfully booted the system.
Malware removal
These tools are also difficult to manage in a non-boot situation, or during an infestation, compared to a full system restore from a backup. In the age of rapidly evolving malware, even a full system restore may be unable to rid a hard drive of a bootkit.Registry cleaners are likewise not designed for malware removal, although minor side-effects can be repaired, such as a turned-off System Restore
System Restore
System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7, but not Windows 2000, operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of system malfunction or failure.The...
. However, in complex scenarios where malware such as spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
, adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
and viruses
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
are involved, the removal of system-critical files may result.
Application virtualization
A registry cleaner is of no use for cleaning registry entries associated with a virtualised applicationApplication Virtualization
Application virtualization is an umbrella term that describes software technologies that improve portability, manageability and compatibility of applications by encapsulating them from the underlying operating system on which they are executed. A fully virtualized application is not installed in...
since all registry entries in this scenario are written to an application-specific virtual registry instead of the real one. Complications of detailed interactions of real-mode with virtual also leaves the potential for incorrect removal of shortcuts and registry entries that point to "disappeared" files, and consequent confusion by the user of cleaner products. There is little competent information about this specific interaction, and no integration. In general, even if registry cleaners could be arguably considered safe in a normal end-user environment, they should be avoided in an application virtualization environment.