Security Task Manager: Unmasking Those Mysterious Running Processes

By Joseph Moran | Posted May 18, 2005

When you open up the Windows Task Manager and examine the Process tab, you're likely to find dozens of different processes running on your system (I counted over sixty running on mine.) Many, if not most, of them will have unfamiliar or even cryptic names and offer little if any indication of what the process is, where it came from, or its purpose.

As recently as a few years ago, knowledge about a computer's running processes was esoteric information intended mainly for the technical or intellectually curious. For the most part, it wasn't necessary for the average user to concern him or herself with such matters. But now with the proliferation of spyware and other types of stealth and malevolent software, this type of detailed knowledge is critical in the constant battle to keep your computer from being compromised.

Enter a utility called Security Task Manager (STM) from Neuber GbR, which aims to clear up much of the mystery regarding the myriad programs running behind the scenes on your Windows PC.

The Windows Task Manager gives you scant information when you use it to examine the list of running processes. First off, it reports mainly on executable (.exe) files, which is but one form a malicious program might take. Then it provides only the most basic info — filename, amount of CPU and RAM consumed, and whether the process is running under the auspices of the user or the operating system. Sometimes, the filename displayed will make it obvious whether the software is legitimate, but more often than not the Windows Task Manager will leave you scratching your head as to whether a process is safe.

Knowledge Is Power
When you launch Security Task Manager, it scans your system for running programs (including ones resident in the Taskbar), as well as system DLLs and the infamous BHOs (Browser Helper Objects). STM helpfully suppresses the listing of built-in operating system processes, letting you focus on those that may pose a danger.

One look at the results page shows that Security Task Manager reports significantly more process data than you get from Windows. For example, instead of simply reporting the file name, STM shows the full path to the file location, which saves you from having to search for it.

STM also displays the program's (usually) unambiguous internal description and its manufacturer/author. (The absence of either piece of information is usually a good indication that a file is questionable). Like Windows Task Manager, STM displays the CPU usage and memory footprint of running processes, but adds other potentially useful bits of information like the date and time each process last started and how long it's been active.

Security Ratings
Because even detailed statistics like this will only tell you so much, STM tries to discern the potential danger posed by each process by assigning it a security rating from 1 to 100 points (higher numbers mean greater danger potential). STM determines these ratings based upon suspicious characteristics or capabilities of the process. Some examples include the ability to monitor keyboard input, interact with the browser, listen on one or more TCP/IP ports, or the lack of a visible application window or internal description data.

The problem is that most of the criteria used to assign the security rating can legitimately apply to "good" software, which makes the overall value of the ratings quite limited. A case in point: Of the five highest-rated processes STM found on my computer (with scores ranging from 67 to 92), all were legitimate and included a spam blocking application and utilities for a printer and camera. If you know a process to be safe despite its rating, STM lets you override it so that it's not flagged again in the future.

When you highlight a specific process from the list, STM displays some of the specific properties that earned it its security rating. After selecting a process, you can also click a button to remove the process from memory or quarantine it so it can't reappear when the system restarts.

Depending on the item, you also may get the option to uninstall the host application. Another button will take you to the author's Web page, which (usually) displays information about the selected process gleaned from a Google search on the file name, along with comments from other STM users. In some cases this sheds some light on the origin of the file, but often the search produces no useful clues.

Ultimately, Security Task Manager is a mixed bag. There's no question that it easily trumps Windows Task Manager by providing more detailed information on a greater number of running files, it and makes looking up or removing those files more convenient. On the other hand, the inaccuracy of the ratings makes this feature more of a hindrance than a help since even files with high ratings are likely to be legitimate.

Security Task Manager runs on any version of Windows from 95 through XP and is available for a free 30-day trial download. The registered version costs $29 and adds the capability to scan for device drivers and system services. Registering Security Task Manager also gets you an added utility called SpyProtector that purports to be able to detect and disable attempts to monitor your system as well as flag any behind-the-scenes changes to your Registry.

Pros: Provides detailed information on running processes; easy to quarantine or remove questionable files

Cons: Many legitimate programs flagged by high security ratings; sparse online documentation and help

Adapted from winplanet.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date