Why PCs Are Fragile and What We Can Do About It: A Study of Windows Registry Problems

1. Why PCs Are Fragile and What We Can Do About It:A Study of Windows Registry Problems Archana Ganapathi (UC Berkeley) Yi-Min Wang (Microsoft Research) Ni Lao (MSR Asia) Ji-Rong Wen (MSR Asia)

2. Outline • Motivation • Strider Project Overview • Background: Windows Registry • Data Sets • Why are PCs Fragile? • What Can We Do About Fragility? • Conclusions

3. Motivation • Understand why users consider PCs fragile • Gain first-hand experience with • fragility problems • their manifestations • Suggest techniques to • avoid problems • detect problem • simplify troubleshooting

4. Strider Project Overview http://research.microsoft.com/sm/striderMSR Systems Management Research Group DSN 2003, LISA 2003, IPTPS 2004, LISA 2004 ICAC 2004 LISA 2004 Configuration Troubleshooting Patch Management Spyware Management PC Genomics Database Flight Data Recorder ICAC 2004, DSN 2004, Self-* 2004 LISA 2004

5. Background: Windows Registry • Repository for configuration data • Hierarchical structure • Shared by OS and App software • Data is named and typed • Binary, string, dword, … • Single most vulnerable component • Too complex for average user

6. HIVES ITEMS KEYS Registry Structure See my comments in next page. HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\5.0\AdobeViewer

7. Data Sets • Text-mined PSS case logs • Extract registry-related problems from e-mails • Manually eliminate problems lacking info • Chose top 100 problems (5379 occurrences) • Strider-verified • ~100 problems from peers, helpdesk and Web forums • Inject mis-configuration and verify symptoms/solutions using Strider Troubleshooter

8. Text-mined Data Distribution Only 100 most common problems graphed

9. Why Are PCs Fragile? • Problem Manifestation • Understand how users are affected • Multiple symptoms result from single modification • Impact Scope • System-wide vs. user-specific • Single-app vs. Multiple-apps vs. System Level

10. Case Studies • “double-clicking a folder on the right pane of Explore opens a Search Window when HKCR\Directory\shell\(Default) is changed from ‘none’ to <empty>” • “deleting HKCR\.htc\Content Type prevents System Restore from showing the calendar of restore points”

11. Category 1: Problem Manifestation

12. Category 2: Impact Scope

13. What Can We Do About Fragility? • Monitoring • Post-deployment health checking • Fault Injection • Test robustness of app/system during development • Test monitoring tool robustness • Access Protection • At each new OS version release

14. Monitoring • Plethora of monitoring tools already exist! • E.g. Registry Mechanic, Registry Healer, … • Key features: • Active and passive monitoring • Distinguish known bad and potential bad entries • Dynamic rule update mechanism

15. Fault Injection

16. Fault Injection • Key features • Predicate-based injection • Case-specific bad config vs. global bad config • When does the change become user-visible? • App/explorer restart, re-login, system reboot. • Simple fault injection: • ‘reg’ operation in windows command line.

17. Access Protection

18. Access Protection • OS lockdown – few but most critical entries! • Rule checks feasible only for some entries • Not good for user-modifiable configurations • Can check at creation/deletion • Logging changes does not always help • Problems untraceable to Registry entry modification • E.g. Leftover entries from software uninstallation • Ignore if too expensive to protect

19. Conclusions • Important to develop effective Registry troubleshooters • Simple interface for the average PC user • Reduce likeliness of accidentally introducing errors • Build and maintain a comprehensive knowledge base of problems • Users query for matching problem symptoms • Users & support gurus contribute solutions • Reduce impact of PC fragility on total cost of ownership and user satisfaction.