When you boot up your PC and your firewall informs you for the first time that an executable located in your system directory, with a cryptic looking name, is attempting to access the Internet, and wants to know what to do with it, you start to wonder if it is a proper function of a legitimate program you installed in your last session or, perhaps more worrying, if it is not. It could be quite honest - a query for an update - or maybe somebody is about to receive sensitive information from your machine such as key files or account details.

WinTasks 4 Professional from Swedish company LIUtilities provides an answer to this by listing all programs that are running on the system in a similar manner to the task manager you get when you press CTRL-ALT-DEL. However, instead of a largely meaningless list of names, WinTasks gives you a lot more. The main window provides a list of all of the current programs - a friendly name if there is one in addition to the full path. For each process you get the priority, the number of threads, CPU use, memory use and the time the process started or when WinTasks was started if that was later. It should be noted that the number of threads is not supported in Windows NT, nor CPU and memory usage supported in Windows 98 due to limitations in the operating system.

Right-clicking on any of the processes listed gives a drop-down menu which allows the user to do a number of things. These include: stop the selected process immediately (not supported in Windows NT for security reasons); change or reset its friendly name; increase or decrease its priority; or look at its properties. If you know the friendly name of a process, you can type it in, along with any additional notes in the description at the bottom of the display - something that is useful if you are attempting to identify a particular program.

Four descriptive levels of priority are displayed (along with their actual numerical values) and these may be increased or decreased by the user, thus changing the proportion of CPU time that each program takes. Decreasing the priority of some programs will free up processor time for other processes. For example if you have a program that needs real-time access, say for burning DVDs, this can be achieved. If, however, you have potentially processor-hungry programs running in the background on a low priority so that they do not interfere with other processes, such as the Seti@home screensaver, increasing its priority will lock out everything else until it has finished its work unit. If you use the machine for a variety of specific uses such as 3D rendering, video editing and so on, the program list along with the priority settings for each use may be recorded in one of four presets. Selecting one of these will also load each program that is not already in memory, possibly circumventing security on some programs.

Selecting a program on the main list and then clicking on the Modules button will bring up a list of all of the DLLs and other modules that are linked to it. Clicking on the Windows button will bring up a list of each form used by that program or its other modules. Displayed are the friendly name, visibility, status and activity of each window. The user can close a given window, maximize or minimize it, make it visible or hide it. It is worth noting that not all windows are meant to be displayed.

In addition to the WinTasks main window, the program also runs in the background, logging all loading and unloading events for processes, windows and modules. This log is displayed from the main window and filtered to make it easier to locate specific events. All program, module and form loads and unloads are recorded and, as such, this represents a useful resource when attempting to identify unauthorized behavior. These might include a user trying to circumvent security by attempting to load a number of programs; identifying when a screensaver started and finished, thus revealing periods of inactivity; or revealing email program activity which could, under some circumstances, contravene a user’s privacy. Clicking on the Executable column header in the log puts the executables in order of their path. The column for the times of these events however, is kept in order so it is possible to determine the duration of a single instance of finished events without having to trace through a web of other files.

Another feature of WinTasks is the Autostart Programs list which is the list of programs in the registry that run when Windows boots as opposed to the Start Menu’s Startup folder. The list can be edited by removing programs temporarily or permanently. A program may be disabled temporarily by removing it from the registry so that it will not be run on the next reboot. However, it is kept in WinTasks so that it may be enabled again at a later date if necessary or deleted permanently - something that is useful if you are trying to locate a particular program such as some spyware or other Trojan. Interestingly, it is also possible to add programs to the Autostart list.

Another tool for locating unwanted behavior is monitoring CPU usage. The Statistics window shows a graph of CPU and memory usage for the whole system and each process over various periods from one minute to 24 hours. Looking for unexpected peaks in activity, combined with use of the log, can be a good starting point in tracking down which processes were responsible.

WinTasks 4 Professional also provides a scripting language that enables the user to run programs, close programs down and so on, based upon system activity. For example, if a word processor loads up autoexec.bat, the system can be made to load config.sys into Notepad as well. However, care should be taken to prevent conflicting instructions from being programmed - for example, enabling the previous script with another that will kill Notepad if it is run will inadvertently bring down WinTasks, if not the whole system.

Virtually all of the information may be printed out or saved as a file for later analysis, although the log printout currently does not say whether a process, window or module was loaded or unloaded at a given time.

Overall, WinTasks provides a number of useful and powerful features that together may be combined to identify unwanted programs or configure the system for a specific use.
   

SC On-Line
SC Magazine
www.scmagazine.com