kolmapäev, juuli 26, 2006

Sysinternals bought by Microsoft

Security Now! episode 49 with Leo Laporte (Twit's new design is awesome! flashplayer!) and Steve Gibson.

Man! Steve really hit me with a blast - Winternals.com is now a division of Microsoft!!! Maybe You have used couple of utilities from Sysinternals.com which is the freeware branch of Winternals commercial software company.
I don't know if You've used any of the tools, but they are really good for getting to know what's going on in Your Windows machine. And all thanks to Mark Russinovich and Bryce Cogswell.

Now while we're on the topic, I might suggest couple of tools I have had some close encounters myself.
  • Process Explorer - perhaps the most well known of Mark's work. It's alot more comprehensive than the infamous "Task manager" that You Ctrl+Shift+Esc into view. I especially like the treeform view of the tasks that reflects the parent processes that summoned the child.
  • TCPview - it's basically a GUI for the "netstat" utility, that ships with Windows, Linux, Solaris.. It shows who are You connected to and who are connected to You. It's quite useful to look once in awhile and go something like: "why the hell am I connected to some server in Uruguay?!?" It is a nice tool to dig into Your networking. But still the quickest way in Windows is the "netstat -ab" command that displays all connections and binaries using those sockets.
  • Regmon - well registry action in real time.. You don't want to see what Windows is doing to it's registry, trust me. It is just terrible. No wonder people hate it so much.
  • Filemon - shows Windows file manipulations in real time.
  • Diskview - view your harddrive and see where specific files are based.

Back to the main news - this can't be good. This can't be good at all! Worst case scenario: say bye-bye to those freeware tools. So my suggestion: download all the available software for yourself just to be safe. To paraphrase Leo - it's one of those things You thought was gonna stay there forever, but suddenly it might be gone. You never know it with those bloodthirsty corporate trolls.

On the other hand it's not that surprising as Mark is a MS MVP and well - his help in revealing the internals of Windows have been remarkable! And Microsoft's MSDN is linking quite often to Sys-/Winternals. Guess they wanted an expert who actually knows what's going on in their Windows..