RSS

Encumbered in Services and Processes

0 Comments | This entry was posted on Jan 22 2009

For as long as I can remember, every version of Windows has enabled me to see what processes are running, except maybe Windows 3.11. As I continued to use Windows over the years, Control + Alt + Delete evolved into a useful tool, executing taskmgr.exe, showing more than the simple “Close Program” dialog box of the Windows 98 era. It became easy to identify what services were necessary (by simply running services.msc and checking what was set to Automatic, Manual or Disabled) and what processes shipped with Windows and what were running as after-market installations.

Essentially, I memorized what processes are “supposed” to be running, what are necessary and what are not. For example, I usually terminate qttask.exe because it isn’t absolutely necessary and it just takes up CPU threads that could be doing something else. Identifying what processes are supposed to be running is of deep-rooted importance to me because it gives me a sense of security of the system I am running. Aside from rootkits using advanced virtualization-style hijacking (permenant archive) techniques, identifying the processes enables me to know whether the system is compromised at-a-glance.

Read more »