said by dave: said by itguy05:
How many viruses and malware hide out in the registry?
Probably none. Putting a virus 'in' the registry would achieve nothing. What you want is to arrange that your virus gets automatically executed unknowingly. You can achieve this equally well by putting your virus-startup command in the 'automatic startup' part of a Windows registry, or in the /etc/init/rc structure of a Linux system, or whatever. It's simply the case that (a) you want to put the startup command somewhere, and (b) all useful operating systems provide such a place.
Good luck getting a virus in /etc/init since that directory is root owned. It would require the user to manually install a malicious file as root. (The root user could just as easily run rm -rf /). Tricking a user into installing a malicious file is unlikely since Linux has something known as package managers (a concept unknown to Windows where Microsoft leaves users on their own). Sure it's possible to bypass the package manager by downloading some random .deb or .rpm from somewhere, but an inexperienced user will likely have a hard time getting it to install properly in the first place (and experienced users would never do it to start with).
Another option is malware that runs in userspace. This is possible with something like a Java exploit in the browser. However, what this malware can do will be severely limited and it will never own the whole box.
If you find a tree-structured key-value database difficult, I can't really help.
I find it difficult to understand (though I haven't dealt with Windows in many years, so my memory is fuzzy). Much simpler is a mere config file a la Unix.--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999