Process Library and WinTasks 5
Reviewed by Terry Bibo
I am not paranoid, but I do have a healthy regard for my PC's security. Over the years, and increasingly so in recent times, I have added software to protect it from attack or intrusion by viruses, trojans and malware in general. To that extent I consider it imperative that EVERY PC have installed on it at least the four basic components of: antivirus, firewall, spyware protector, and spyware/adware remover.
My own preferences here are for Avast antivirus, ZoneAlarm firewall, SpywareBlaster as the protector, and Spybot Search and Destroy as the remover. Others have preferences for software from different authors and I have no arguments if they are content with the protection they get. Microsoft AntiSpyware has proven itself beneficial and I believe it should be loaded in addition to my favourite four; certainly it will not cause harm.
Only by running the security software that I do have I been able to detect and clean potentially damaging intrusions, particularly in the processes that are running in the background of every functioning computer. Spybot S&D was the first to reveal these to me with its information about System Startup items in the Tools section of its Advanced Mode.
Using this I routinely expect to find around five hijacked registry entries on PCs that have not had security protection for some time. Microsoft's Task Manager reveals these processes, or services, without much explanation; right click on the task bar and select Task Manager. For a fuller listing of services go to Start> Run> services.msc. This is a comprehensive list of Windows' processes and permits each service to be run automatically or manually, or disabled. Or stopped and restarted when it is running. It comes with a description of each service. Sysinternals Process Explorer provides a fuller presentation with access to a lot more information and control, but no process description, and can be configured to replace Task Manager as many of us have done..
Process Library
Uniblue Systems' Process Library takes information on running processes to a new dimension. It is a free online knowledge website at Processlibrary.com that describes fully the exact nature and purpose of every single process running on computers. It provides a comprehensive description to help you understand what is truly running on your computer, and offers exhaustive advice on whether you should terminate processes or leave them untouched.Most processes are legitimate and are crucial to the operation of the system, in which case Process Library will provide a clear and comprehensive description including the author, role and function, and advise that the process should not be terminated. But there are many cases where malware exists with the same or similar process name, and these are what I was first awakened to by Spybot S&D.
These processes are harmful and constitute a security threat. They come in the form of spyware, adware, keyloggers, viruses, trojans and worms, and are identified as such by the Process Library.
Some other processes are merely unnecessary and apply to programs that have installed themselves to start every time you start your computer. They can be resource hogs and have no need to be there.
 When I searched Process Library
on the web for
information on svchost.exe this is the information I received. Note that its legitimate function is as an essential system process that should not be terminated. But it has also been hijacked by the Welchia.Worm and would not be indistinguishable in your list of running processes from the legitimate process. How can you know? I would hope that Spybot S&D would detect it but, since my system is clean, I can't put it to the test. Anyway I am now using WinTasks Pro that I will talk about soon. |
 There is an excellent forum with
a lot of
interaction that you can
learn from. Just follow the link from the home page. Here is a screen
shot of part of the opening page.The website was developed from information provided by WinTasks, and is being constantly updated with new definitions. It should be in everyone's Bookmarks or Favorites. |
WinTasks 5
It is all very well to be advised of the function of a process and its status, with the ability to disable or terminate it, but we need a lot more information to make intelligent decisions on refined control. WinTasks starts out by explaining the difference between a process and its associated program, and their interrelationship, so that we can better appreciate and exploit its features.There are currently 48 processes running on my computer and these are listed with information in tabs that provide answers to every conceivable query. Here is a partial picture.
 Some of this
information is common to similar programs such as Process Explorer, but
is better presented here and more advanced in some areas. The facility to create scripts and keep logs must be an advantage for programmers or trouble shooters, and access to a Block List can be an aid in problem resolution. |
 If I had been
unknowingly carrying an infected svchost.exe, when I selected it and
then chose the Process Lib tab I
would have received this message from
the database. There is no mistake as to what action is required.With over 300,000 searches every day producing comments and reports, the database is certain to be regularly updated. |
All processes do not run continuously: they are either running and occupying CPU time, ready to use the CPU when it is available, or blocked from using the CPU while waiting on the execution of other external activity. This state is shown graphically in real time for XP through the Stats tab, but not available in Win 98. Priority for access to the CPU is supported from a low of 4 to a high of 24 in six steps in XP, but allocated in four steps in WinTasks - which is not a problem. Important system processes are coded red to differentiate them from normal processes that can safely be stopped.
Once you become comfortable and familiar with running processes you can use them to fine tune your computer for specific tasks. MS Flight Simulator enthusiasts need all the memory and resources they can garner, and a special autostart program has been written for them that intelligently minimises the number of running processes. Video editing or CD burning can be made more stable by stopping processes that are not vitally important.
In the right hands the facility to block or allow processes can be used to positively determine a level of security for your system. Unwanted processes can be blocked so that they can never run without permission. On the other hand, a list of only acceptable processes can be allowed, blocking all other activity unless permitted. This would obviously require a high level of expertise in system administration, as would the use of the scripting language to create more functions and automate the handling of existing processes and resources.
WinTasks 5 is a very powerful program suitable for safe use by moderately computer-literate users, and open to exploitation by advanced users. It runs on all Windows platforms from Win 98 to XP, and is available from: http://www.uniblue.com/