A registry cleaner is a class of

third-party Third party may refer to: Business * Third-party source, a supplier company not owned by the buyer or seller * Third-party beneficiary, a person who could sue on a contract, despite not being an active party * Third-party insurance, such as a Veh ...

utility software Utility software is software designed to help analyze, configure, optimize or maintain a computer. It is used to support the computer infrastructure - in contrast to application software, which is aimed at directly performing tasks that benefit ord ...

designed for the

Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

, whose purpose is to remove redundant items from the

Windows Registry The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and use ...

. Registry cleaners are not supported by Microsoft, but vendors of registry cleaners claim that they are useful to repair inconsistencies arising from manual changes to applications, especially

COM Com or COM may refer to: Computing * COM (hardware interface), a serial port interface on IBM PC-compatible computers * COM file, or .com file, short for "command", a file extension for an executable file in MS-DOS * .com, an Internet top-level d ...

-based programs. The effectiveness of Registry cleaners is a controversial topic. The issue is further clouded by the fact that

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...

and

scareware Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes r ...

are often associated with utilities of this type.

Advantages and disadvantages

Due to the sheer size and complexity of the Registry database, manually cleaning up redundant and invalid entries may be impractical, so Registry cleaners try to automate the process of looking for invalid entries, missing file references or broken links within the Registry and resolving or removing them. The correction of an invalid Registry key can provide some benefits; but the most voluminous will usually be quite harmless, obsolete records linked with COM-based applications whose associated files are no longer present.

Registry damage

Some Registry cleaners make no distinction as to the severity of the errors, and many that do may erroneously categorize errors as "critical" with little basis to support it. Removing or changing certain Registry data can prevent the system from starting, or cause application errors and crashes. It is not always possible for a

program to know whether any particular key is invalid or redundant. A poorly designed Registry cleaner may not be equipped to know for sure whether a key is still being used by Windows or what detrimental effects removing it may have. This may lead to loss of functionality and/or system instability, as well as application compatibility updates from Microsoft to block problematic Registry cleaners. The

Windows Installer CleanUp Utility The Windows Installer CleanUp Utility (MSICU.exe, MSICUU.exe, MSICUU2.exe) was a software utility for the Microsoft Windows operating system designed to solve uninstallation problems of programs that use the Windows Installer technology. It looks ...

was a Microsoft-supported utility for addressing

Windows Installer Windows Installer (msiexec.exe, previously known as Microsoft Installer, codename Darwin) is a software component and application programming interface (API) of Microsoft Windows used for the installation, maintenance, and removal of software. ...

related issues.

Malware payloads

Registry cleaners have been used as a vehicle by a number of

trojan Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...

applications to install

, typically through social engineering attacks that use website

pop-up ad Pop-up ads or pop-ups are forms of online advertising on the World Wide Web. A pop-up is a graphical user interface (GUI) display area, usually a small window, that suddenly appears ("pops up") in the foreground of the visual interface. The pop-u ...

s or free downloads that falsely report problems that can be "rectified" by purchasing or downloading a Registry cleaner. The worst of the breed are products that advertise and encourage a "free" Registry scan; however, the user typically finds the product has to be purchased for a substantial sum, before it will effect any of the anticipated "repairs". The

rogue security software Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on ...

WinFixer WinFixer was a family of scareware rogue security programs developed by Winsoftware which claimed to repair computer system problems on Microsoft Windows computers if a user purchased the full version of the software. The software was mainly in ...

" including Registry cleaners has been ranked as one of the most prevalent pieces of malware currently in circulation.

Scanners as scareware

Rogue Registry cleaners are often marketed with alarmist advertisements that falsely claim to have pre-analyzed your PC, displaying bogus warnings to take "corrective" action; hence the descriptive label "

". In October 2008,

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...

and the

Washington Washington commonly refers to: * Washington (state), United States * Washington, D.C., the capital of the United States ** A metonym for the federal government of the United States ** Washington metropolitan area, the metropolitan area centered o ...

attorney general In most common law jurisdictions, the attorney general or attorney-general (sometimes abbreviated AG or Atty.-Gen) is the main legal advisor to the government. The plural is attorneys general. In some jurisdictions, attorneys general also have exec ...

filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the "Registry Cleaner XP" scareware. The lawsuit alleges that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.

Metrics of performance benefit

Windows 9x Windows 9x is a generic term referring to a series of Microsoft Windows computer operating systems produced from 1995 to 2000, which were based on the Windows 95 kernel and its underlying foundation of MS-DOS, both of which were updated in subs ...

computers, it was possible that a very large Registry could slow down the computer's start-up time. However this is less of an issue with NT-based operating systems (including

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...

and

Vista Vista usually refers to a distant view. Vista may also refer to: Software *Windows Vista, the line of Microsoft Windows client operating systems released in 2006 and 2007 * VistA, (Veterans Health Information Systems and Technology Architecture) ...

), due to a different on-disk structure of the Registry, improved memory management, and indexing. Furthermore, versions of Windows prior to Server 2003 may fail to start up if the Registry and kernel files are unable to fit within the first 16 MB of memory. Slowdown due to Registry bloat is thus far less of an issue in modern versions of Windows. Conversely, defragmenting the underlying Registry files (e.g. using the free Microsoft-supported

PageDefrag PageDefrag is a program, developed by Sysinternals (now distributed by Microsoft), for Microsoft Windows that runs at start-up to defragment the virtual memory page file, the registry files and the Event Viewer's logs (files such as AppEvent.Evt, ...

tool), rather than attempting to clean the Registry 's contents, has a measurable benefit and has therefore been recommended in the past by experts such as

Mark Russinovich Mark Eugene Russinovich (born December 22, 1966) is a Spanish-born American software engineer and author who serves as CTO of Microsoft Azure. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006. Ea ...

. (A form of defragmentation capability has been built directly into Windows since Vista.) The Windows Performance Toolkit is specifically designed to troubleshoot performance-related issues under Windows, and it does not include Registry cleaning as one of its optimizations.

Undeletable registry keys

Most Registry cleaners cannot repair scenarios such as undeletable Registry keys caused by embedded null characters in their names; only specialized tools such as the RegDelNull utility (part of the free

Sysinternals Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website (formerly known as ntinternals) was created in 19 ...

software) are able to do this.

Recovery capability limitations

A Registry cleaner cannot repair a Registry hive that cannot be mounted by the system, making the repair via "slave mounting" of a system disk impossible. A corrupt Registry can be recovered in a number of ways that are supported by Microsoft (e.g. Automated System Recovery, from a "last known-good" boot menu, by re-running setup or by using

System Restore System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state (including system files, installed applications, Windows Registry, and system settings) to that of a previous point in time, which can be used ...

). "Last known-good" restores the last system Registry hive (containing driver and service configuration) that successfully booted the system.

Malware removal

These tools are also difficult to manage in a non-boot situation, or during an infestation, compared to a full system restore from a backup. In the age of rapidly evolving malware, even a full system restore may be unable to remove a

rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...

from a hard drive. Registry cleaners are likewise not designed for malware removal, although minor side-effects can be repaired, such as a turned-off

. However, in complex scenarios where malware such as

spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privac ...

adware Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the ...

, and

viruses A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsky's 1 ...

are involved, the removal of system-critical files may result.

Application virtualization

A Registry cleaner is of no use for cleaning Registry entries associated with a virtualised application since all Registry entries in this scenario are written to an application-specific virtual Registry instead of the real one. Complications of detailed interactions of real-mode with virtual also leaves the potential for incorrect removal of shortcuts and Registry entries that point to "disappeared" files, and consequent confusion by the user of cleaner products. There is little competent information about this specific interaction, and no integration. In general, even if Registry cleaners could be arguably considered safe in a normal end-user environment, they should be avoided in an application virtualization environment.

References

Utility software types Windows-only software Rogue software Scareware