Triply so if you have to be on the other side of the airtight hatchway (as it were) to instruct the OS to do this. What am I missing? [0]
[0] NOTE: "It shouldn't permit a full computer administrator to let this happen!" is not a valid argument. Full admins have full control (and -often- physical access) to the machines they administer. If you don't trust your full admins, you've already lost.
If your grandma had a Windows XP box with a default user, it was a 'full admin', but most likely grandma had no idea of how to administer it. So you ended up with a SYSTEM privilege that is even above admin. The full admin needs to promote themselves (run as) temporarily to that priv to change some things.
As far as I remember, new hives are only mountable with administrator privileges (perhaps even only with Local System ones?..); and it’s long been Microsoft’s position that the administrator/kernel boundary is not a security one—and thus, for example, a driver signing bypass is not a security vulnerability[1]. That would imply that hive files are trusted as well, wouldn’t it? (At least as far as security is concerned, it would of course still be wise to check them because of possible disk corruption.)
I have mixed feelings regarding Microsoft’s policy and I am not trying to defend it here, to be clear, I’d just like to know if it has changed in recent years.
https://visualstudioextensions.vlasovstudio.com/2017/06/29/c...
TBH, the quality of both Windows and Android is quite the same.
As a good unixaphile My conclusion is that it is because now you have two trees, a main database tree that has excellent ergonomics and tooling(the filesystem). and the registry tree where all the access patterns are special and different and the tooling sort of sucks.
I feel this article could make the same conclusion about the main filesystem if it wanted to. But I do note that because the main filesystem is not the redheaded stepchild tree, any problems with it tend to be fixed.
As a humorous footnote, I really appreciate the plan9 mindset, that single minded devotion to "The One True Tree" that when they wanted a web browser they said "hey the DOM is a tree structure. throw it in the filesystem" those glorious crazy bastards.
Take LOTR: Battle for Middle Earth II Rise of the Witch King: https://www.regfiles.net/registry/the-lord-of-the-rings-the-...
Not only does it have "Electronic Arts/Electronic Arts", the same game doesn't even follow its own standard!
Surely it's just that one game right? Nope! Here's the Sims 3 https://www.regfiles.net/registry/the-sims-3-steam-registry
And Battlefield 1942 on Origin https://www.regfiles.net/registry/battlefield-1942-ea-origin...
There's also developers that throw everything they can in HKLM when HKCU is almost always more appropriate.
It was also complicated with the introduction of WoW64, and then the introduction of the VirtualStore. Don't get me wrong, segmenting off all of those prevented a ton of potential collisions, but I feel like there's a more elegant way to handle it. Personally, I've been working on writing a library to hook every registry call and read from a text config file instead.
When you remove an app on Windows a bunch of garbage just gets orphaned on your system to the end of time.
We don't work that way. Applications must stay there and remember their configuration. What an i** thought is a good idea, to make me redo the configuration, every time he has an update ?
smnc•8mo ago
https://googleprojectzero.blogspot.com/2024/04/the-windows-r...
https://googleprojectzero.blogspot.com/2024/04/the-windows-r...
https://googleprojectzero.blogspot.com/2024/06/the-windows-r...
https://googleprojectzero.blogspot.com/2024/10/the-windows-r...
https://googleprojectzero.blogspot.com/2024/12/the-windows-r...
https://googleprojectzero.blogspot.com/2025/04/the-windows-r...