For the sake of simple organization and user readability, the Registry Keys are, perhaps, the most important facet of the Windows Registry. Although the Windows Registry is a simple text database, its use by an extremely wide range of programs can lead to vast amounts of information to sift through, including binary values, numbers in 32-bit or 64-bit formats, data assorted by big-endian or little-endian categories and various types of strings. The Registry's keys are the container objects that organize all of this data into discrete subsets, which allows both casual PC users, as well as programmers, to keep track of what information is available.
The Format and Philosophy of Registry Keys
The Registry is specific to the Windows operating system but is found in versions of Windows since 3.1 on upwards, supplanting the previous uses of text INI files. Because it serves as a potentially vast repository of system information related to the programs installed on your computer, the Registry often can be intimidating to browse. However, this is the purpose for the existence of Registry key containers.
You can begin familiarizing yourself with Registry keys by opening Regedit.exe, Microsoft's default Registry Editor, although you also may use third party software, if preferred. The first keys you'll see will be the default Windows keys, also known as root keys. Although their purposes differ, their names always begin with the easy-to-identify tag of HKEY followed by an underscore.
The CLASSES_ROOT key includes information about installed software. For example, if you've installed a new media player and instructed it to be associated with MP3 files, that information would be found here.
The CURRENT_USER key stores information specific to the Windows user's account. This key is unique in that it uses the 'roaming profile' concept to maintain consistency for the user across different PCs within the same Windows domain network, instead of being specific to one machine.
The LOCAL_MACHINE key includes information related to settings specific to an individual computer, including sensitive security settings. PC users without administrative privileges will see the Security subkey as empty (providing one of several reasons why malware authors often design their trojans to subvert Windows admin settings).
The USERS key is closely-related to CURRENT_USER, and stores information related to all of the different Windows user profiles for the PC.
The CURRENT_CONFIG key can be thought of as a shortcut to Hardware Profile-related information, which allows all manner of different hardware to be installed, utilized and removed easily.
The DYN_DATA key is an outdated key that was retired after Windows Me, and, like CURRENT_CONFIG, is related to hardware use.
Lastly, PERFORMANCE_DATA is the only key that doesn't display in the Registry Editor, although alternative programs can allow viewers to peruse and interact with it. It's a rather self-explanatory key that provides runtime feedback on performance via appropriate utilities and/or the NT kernel.
Within these keys are many subkeys, which may have subkeys of their own. The information and settings stored within Registry keys are referred to as Registry values. The five most commonly-referenced of the default keys listed above also have common nicknames or abbreviations. These abbreviations are as follows, listed in the same order their keys were described: HKCR, HKCU, HKLM, HKU and HKCC.
Understanding Registry Keys to Understand Your Computer
In rare cases of an extremely botched software installation or uninstallation, you may find it necessary to edit the Registry and modify or delete related Registry values. However, PC users without a strong background in Windows-specific maintenance practices shouldn't attempt to make any changes to the Registry without the supervision of an expert. Most scenarios can be resolved by reinstalling the relevant software. Because of its broad-spanning nature and the fact that editing it directly overrides various safeguards, editing the Registry can cause permanent damage to your computer, including the operating system and any installed programs.
However, a good understanding of what the Registry and its keys are meant to do, as well as how they're structured, can provide even a casual PC user with practical information. Common online scams, such as fake 'Registry cleaners' that pretend to improve your computer's performance by removing unwanted Registry entries, easily are noted as fakes for those who realize that the simple text information stored within any given Registry key is unlikely to impact performance, especially for modern PCs.
Many types of malware also will modify the Registry, both to install themselves and to disable security tools. The latter often is a case of the modification of simple binary values that can be re-enabled without much difficulty. For example, a backdoor Trojan might add an extra string value to the key for the Windows Firewall's list of exceptions.
Although making manual changes to the Registry usually shouldn't be needed, understanding Registry keys and other components will bring with it an increased protection from both malware and a variety of hoaxes. At the end of the day, self-education is just as important in PC security as having the proper security software.