What should be in Task Manager? (repost)
Business obligations will keep me on the go for several days this week, and it is not feasible for me to construct a fresh article and post it in a timely fashion, and so today I am re-posting an article on using Task Manager. This article first appeared 9/27/07–
Today’s article comes from a question I’ve been asked a couple of times recently, which was, “what should be showing (as running) when I open Task Manager?”
(A brief aside: this demonstrates a little something about human nature; what they were really asking was, “how do I look at this list and detect something that should not be there?” They were concerned about malware [viruses and spyware], which was why they had opened Task Manager!)
Tip of the day: Understand and use the Task Manager.
Task Manager is the tool which shows what programs are running, which Users are running them, how much resources (CPU and RAM) the programs are using up, and is the place where you can terminate “Not responding” problem programs.
To open Task Manager and see what is going on on your PC, right-click on a blank area on your Task Bar and select (click) “Task Manager”; or give your machine the “three-fingered salute” — hit the Ctrl+Alt+Del keys.
By default Task Manager opens to the Applications tab, which shows “foreground” programs that you’ve launched (these are the ‘big’ programs which will open windows, and appear as tabs on your Task Bar.. such as Word and IE). When you have a “frozen” program that will not close, let you type, or do anything else, open TM and select (click on) the program which says “Not responding” and then click the “End Task” button.
A small window will open telling you that this program is not responding (duh!); click “End Now”. This forces the misbehaving (“stuck”) program to close, and you can then re-open it and resume working… in essence rebooting the program.
To return to the original question, it must be understood that all the programs which are running are not listed on the Applications tab. There are ‘mini-programs’ (applets) and Services, and processes going on, in the “background”, at all times on your machine that are necessary for smooth functioning, but don’t demand any attention from the User (you) — such as the print spooler, or the automatic updating function of your antivirus. Microsoft calls these “processes” and you can see them listed on the (you guessed it) Processes tab.
The first time someone looks at this (typically), they are surprised by 1) how many things are listed, and 2) the words make no sense. On my little testbed machine, which only has a few programs installed, I have (at this moment) 38 processes running; on my Vista Swiss Army knife computer, which has many dozens of programs and games installed, I often have as many as 60 processes running. (Note: this list isn’t “fixed”, it changes as you open and close things.)
This brings us to the question: how can you look at that strange list and tell which one of those things is a keylogger or trojan horse or virus?
The short answer is, with practice and experience, you can learn to recognize the file names of the various applications and services and get a better understanding of the list, but… do you really want to? If you do, I suggest you Google the name exactly as it appears — this will tell you the program and what it does.
If you do not want to spend your time doing this learning, you can still look for some indications of “backdoors“, whether your machine is being remotely monitored, and other malware, by simply checking the User column — the only names which should appear here are: your User Account (which may be “Administrator”), SYSTEM, LOCAL SERVICE, or NETWORK SERVICE. Anything else can be a good indicator that something’s not right.
Click on the User tab: you should only see yourself listed here.
This is only a brief and incomplete primer on Task Manager, and on combating malware. I readily admit that. But it gives you an idea of where to start. Today’s free program link is a more informative and helpful version of Task Manager, that will translate those arcane-looking names into a more easy-to-understand format– which will help you identify things that shouldn’t be there.
Today’s free link: Security Task Manager. From site: “Security Task Manager displays detailed information about all running processes (applications, DLL’s, BHO’s and services). For each Windows process, it improves on Windows Task Manager, providing: file name and directory path, security risk rating, description,..”
[update: another free tool for analyzing your running services id the MBSA, to find out more on the Microsoft Baseline Security Analyzer, click here.]
Copyright 2007 © Tech Paul. All rights reserved.
|Share this post :|
No comments yet.