Registry cleaner
A registry cleaner is a type of software utility designed for the Microsoft Windows operating system, the purpose of which is to remove redundant or unwanted items from the Windows registry.
A registry cleaner is demonstrably useful for frequent manual changes in file system, start menu, and COM-based programs. A virtual machine or virtual application is often a faster and more reliable means of reverting an operating system to a previous good known state in a testing or application sequencing scenario; however, setting up and using a virtual machine can be somewhat tricky and intimidating for the amateur user, who may not have the benefit of expert, hands-on guidance.
The necessity and usefulness of registry cleaners is a controversial topic, with experts in disagreement over their benefits. The problem is further clouded by the fact that malware and scareware are often associated with utilities of this type.
Purpose
Registry cleaners are software utilities that attempt to remove configuration data from the Windows registry that is no longer in use or that is unwanted on the system. Such data may include information left by software that has not been uninstalled completely from the computer, information that is no longer of use, or settings required for the operation of malware. A registry cleaner scans the registry, and attempts to pick out the unnecessary values, particularly registration entries associated with COM applications, in order to delete or repair them.
Advantages and disadvantages
Due to the sheer size and complexity of the registry database, manually cleaning up redundant and invalid entries would be impractical, so registry cleaners automate the process of looking for invalid entries, missing file references or broken links within the registry and resolving or removing them.
The correction of an invalid registry key can provide some benefits, as listed above; but the most voluminous will usually be quite harmless, obsolete records linked with COM-based applications whose associated files are no longer present.
There is a popular misconception that the value of registry cleaning lies in reducing "registry bloat". Even a neglected registry will seldom contain more than two or three thousand redundant entries. Bearing in mind that the modern registry may contain more than a million entries, the elimination of two or three thousand is not going to save any noticeable amount of scanning time. The value of a cleaner resides in the quality of the entries it eradicates, not in their quantity.
Operation
All reputable registry cleaners offer backup and restore functions that let the user reverse changes made by the registry cleaner in the event that it breaks functionality, provided of course that the machine is still bootable. However, damage cannot be known comprehensively without the kind of laborious testing that scanning is supposed to avoid. Lending further depreciation to their value, the usefulness of backups quickly declines to zero, and potential damage from their use to restore the system increases to hazardous, with further changes to the system. This makes later correction of broken applications or difficulties problematical unless the same tool offers comprehensive restoration selectivity, instead of only global change restore. However, it is possible to devise backup regimes which will eliminate this hazard.
Similarly, during the initial "fixes", comprehensive manual assistance through facilities to examine registry keys, comprehensive help, a database, or just a routine to quickly "search online", is above and beyond what many products offer. This makes competent manual review next to impossible for "repair lists" of hundreds or thousands of items. Even in the case of shortcut links, "repair" is typically limited to deletion, without even basic automation to help find the missing file on the system. Thus, changing drive letters, or renaming a directory can instantly produce thousands of errors that could actually be repaired one time, and automatically applied to all.
Registry damage
Some registry cleaners make no distinction as to the severity of the errors, and many that do may erroneously categorize errors as "critical" with little basis to support it. Removing or changing certain registry data can prevent the system from starting, or cause application errors and crashes.
It is not always possible for a third party program to know whether any particular key is invalid or redundant. A poorly-designed registry cleaner may not be equipped to know for sure whether a key is still being used by Windows or what detrimental effects removing it may have. This may lead to loss of functionality and/or system instability, as well as application compatibility updates from Microsoft to block problematic registry cleaners. The Windows Installer CleanUp Utility was a Microsoft-supported utility for addressing Windows Installer related issues, however the program has subsequently been deprecated because of unintended damage that it caused.
The level of skill necessary to use a registry cleaner to actually improve the performance of a machine is higher than the level of skill necessary to configure an easy incremental backup solution. With such a solution, the OS can be restored if any recent changes proved to be bad ones. This is safer than most registry cleaners. While it is true that some registry cleaners are safe, these cleaners do not improve performance. The rest are a mix of powerful and dangerous tools unsuited to non-professionals, snake-oil, and actual malware.
Malware payloads
Registry cleaners have been used as a vehicle by a number of trojan applications to install malware, typically through social engineering attacks that use website popups or free downloads that falsely report problems that can be "rectified" by purchasing or downloading a registry cleaner. The worst of the breed are products that advertise and encourage a "free" registry scan; however, the user typically finds the product has to be purchased for a substantial sum, before it will effect any of the anticipated "repairs". Rogue registry cleaners "WinFixer" have been ranked as one of the most prevalent pieces of malware currently in circulation.
Scanners as scareware
Rogue registry cleaners are often marketed with alarmist advertisements that falsely claim to have pre-analyzed your PC, displaying bogus warnings to take "corrective" action; hence the descriptive label "scareware". In October 2008, Microsoft and the Washington attorney general filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the "Registry Cleaner XP" scareware. The lawsuit alleges that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.
Metrics of performance benefit
On Windows 9x computers, it was possible that a very large registry could slow down the computer's startup time. However this is far less of an issue with NT-based operating systems (including Windows XP and Vista) due to a different on-disk structure of the registry, improved memory management and indexing. Slowdown due to registry bloat is thus far less of an issue in modern versions of Windows. Defragmenting the registry files (e.g. using a Microsoft-supported tool such as PageDefrag), has likewise been de-emphasized due to this increased efficiency, and is largely an automated process under Vista.
Undeletable registry keys
Registry cleaners cannot repair scenarios such as undeletable registry keys caused by embedded null characters in their names; only specialized tools such as the RegDelNull utility (part of the Sysinternals software) are able to do this.
Recovery capability limitations
A registry cleaner cannot repair a registry hive that cannot be mounted by the system, making the repair via "slave mounting" of a system disk impossible.
A corrupt registry can be recovered in a number of ways that are supported by Microsoft (e.g. Automated System Recovery, from a "last known good" boot menu, by re-running setup or by using System Restore). "Last known good" restores the last system registry hive (containing driver and service configuration) that successfully booted the system.
Malware removal
These tools are also difficult to manage in a non-boot situation, or during an infestation, compared to a full system restore from a backup. In the age of rapidly evolving malware, even a full system restore may be unable to rid a hard drive of a bootkit.
Registry cleaners are likewise not designed for malware removal, although minor side-effects can be repaired, such as a turned-off System Restore. However, in complex scenarios where malware such as spyware, adware and viruses are involved, the removal of system-critical files may result.
Application virtualization
A registry cleaner is of no use for cleaning registry entries associated with a virtualised application since all registry entries in this scenario are written to an application-specific virtual registry instead of the real one. Complications of detailed interactions of real-mode with virtual also leaves the potential for incorrect removal of shortcuts and registry entries that point to "disappeared" files, and consequent confusion by the user of cleaner products. There is little competent information about this specific interaction, and no integration. In general, even if registry cleaners could be arguably considered safe in a normal end-user environment, they should be avoided in an application virtualization environment.
