Tiny Watcher: detect and reverse unwanted changes to your system


Tiny Watcher is a program that can create “snapshots” of your system that it uses to identify changes to your system including changes/additions to the registry, drivers, as well as programs or processes running for the first time on your machine.

I started looking for a program like this one after a recent posting of a program that downloads streaming media and which was billed as “portable edition” on it’s home page (“installation: none”).

As such I assumed that it was precisely that – portable – and that therefore like any truly portable program it did not write to the registry – which didn’t turn out to be the case.

What did turn out to be the case was that (a) it did indeed write to the registry, but, more problematic, (b) it installed two drives on my machine without notification and (c) it did not provide an uninstaller that removed these.

Hence I started looking for a tool that I could use to detect and/or reverse this sort of thing in the future, and Tiny Watcher is what I found. Here are more notes on this program:

  • How it works: Tiny Watcher will create a “snapshot” of your system the first time it is run and from that point it can perform comparisons with that snapshot every time that you restart your computer or whenever it is run. It does not run in the background at all times consuming resources. Although it will not intervene or block anything being modified or taking place on your system it can tell you about these changes after the fact and give you the option to remove them. Note, however, that you as the user will need to recognize/identify problematic changes and remove them; Tiny Watcher will not provide information on changes or a magical “Fix It” option.
  • What it monitors: to quote the their website “running process (including at logon time), startup registry keys, services registry keys, other sensitive registry keys, sensitive directories (c:’, Windows directory, “system32″ directory, etc), other sensitive files, scheduled tasks”. It will tell you which application performed the change or created the file, which is very useful.
  • Deep vs. Quick scan: once you are ready to look for any changes from your snapshot, Tiny Watcher offers two modes for scanning your system. I would probably go for doing a deep scan every time as the difference in terms of the time needed for both scans is not a lot and both are relatively fast anyway. Note that if Tiny Watcher does not detect any new items the program will not display a dialog or console at the end of the scanning process (a message of “no entries found” or something like that would have been a good idea).
  • User interventions/decisions: when run Tiny Watcher will compare the current state of your system with the stored snapshot and present a list of differences. For each item on the list the user can perform one of the following actions: (a) confirm (i.e. the action is OK, remove it from the list), (b) remove (self-explanatory), (c) disable (this option will be available if appropriate, as in the case of enabled drivers or running processes), and (d) volatile, which is to tell Tiny Watcher to consider the item in question to be something akin to a working or temp file or registry entry and to allow and ignore it the next time around. Note: you may get a combination of these or all of them depending on their relevancy to the items found.
  • Other actions: the program provides a 1-click button to search Google for any item found, as well as the option to open the folder for the selected item in explorer, open the selected registry entry in regedit, and open the MS services management console.
  • Configurable: you can edit the list of directories and registry keys to be monitored and decide on filetypes to be scanned and which filetypes to ignore. You can also specify which directories you would like the program to look into if you so desire.
  • Undoing changes done with Tiny Watcher: this is possible to some extent, as Tiny Watcher will rename the registry items that it removes rather than delete them altogether. You will need to manually go to the registry and rename them back, though, so you need to know what you’re doing (more info on this available on the Tiny Watcher site).

Wish list (or how this program can be even better):

  • Exporting interventions to BAT files: for later use. This would be a way to create uninstallers for apps that do not have them that can be used at a later time or shared with other users.
  • Undo function: it would be really cool if Tiny Watcher kept a list of all user interventions (and the date that they took place) and allowed you to undo (re-instate) these from a dialog or interface without needing to manually do this in the registry as previously noted.

The verdict: Tiny Watcher can be best utilized obviously when you would like to conduct a reversible test of what a program or installer does to your system. The best situation is when you are suspicious in advance, whereby you can run Tiny Watcher, view and/or resolve any entries that are there, run the suspicious program and then go back to Tiny Watcher to see what the new program did to your system, if anything. If on the other hand you have cause for suspicion in hindsight that something is not right with your system (and if Tiny Watcher is already installed) you can still run this program and get a listing of all changes to your system; however in this case you will have to do a lot more investigative work figuring out what these changes are and who is responsible for them and whether or not they are malicious or unwanted. More work, but at least you have recourse.

I like this program quite a bit. I think the model that it uses (of taking a snapshot and comparing it to subsequent states) is a very good one not just in that it preludes the need to be monitoring in the background at all times, but also because it precludes the need to tell the monitoring app which apps/processes to monitor (as is the case for example with NirSoft’s RegFromApp). Tiny Watcher also has the edge in that it not just monitors changes to the registry but also any driver installations or creation of files in the system folder. Overall I highly recommend it.

Version Tested: 1.5

Compatibility: WinAll: 95/98/ME, 2000, NT, XP, Vista.

Go to the program page to download the latest version (approx 541K).