Interesting reading. . . Last week, the Internet Storm Center, a group of security professionals that track threats on the Net, flagged a flaw in how a common Microsoft Windows utility and several anti-spyware utilities detect system changes made by malicious software. By using long names for registry keys, spyware programs could, in a simple way, hide from such utilities yet still force the system to run the malicious program every time the compromised computer starts up. Complete Story

Very Interesting !!! " You're only as safe as your last update Please Post Back To Let Us Know If We Helped"

The real issue is what OS/software combination you are using. The registry is fairly hacked. XP/2003 accepts a fixed key size of ~16,000 characters (Unicode or ASCII), while 2000 accepts ~16k (Unicode) or ~250 characters, and 9x/ME only handles 255 ANSI. Values are also handled differently, where 9x/ME have a cap, but XP/2003 have only the limit of memory. Values longer than 2k are stored as files in the registry. Yet another complexity exists - the size of all values for a key cannot exceed 64K, but obviously the above rule breaks that. I'd like to know how those reconciled in the system. Win32 may or may not handle all these differences transparently across platforms. It depends on how much refactoring was done (it's possible the mistake was in fact made then). The OS version is key to this, though. Best case scenario, the Win32 API is fine and software vendors need to recompile with new conditions. Worst case Microsoft needs to refactor. Actually, both those are bad, because home users tend to lag in patching.