Microsoft tip of the hat

Following my mention of ‘autoruns’ while revealing (to no-one) that Adobe is evil, I thought I should follow up with an ironic little tip of the hat to, who else, but Microsoft :)

Microsoft’s SysInternals site is just a swiss army knife of goodness… <humor> They ought to put some money into promoting that stuff amongst the grognard sector rather than the ad campaign advertising their dubious sounding take on architecture: “Windows, life without walls”? Do they advocate glass supporting columns too??? </humor>

In all seriousness, SysInternals is pure, unbridled goodness that has no right to be lurking in obscurity. Things like:

An actual symlink (not shortcut) command: “junction” for us Unix freaks. Files and directories.

Of course, “Autoruns“, which lets you actually see everything Windows is going to fire up on startup. If you do nothing else, you should run it and delete all the “File not found” entries. As a second step, turn on the Options to Verify Code Signatures and Hide Verified Microsoft thingies, then refresh to see if there’s anything really suspicious.

Process Explorer“. An actual honest-to-goodness process list. Yeah, kind of a bummer to discover that TaskManager isn’t. Again with the “Verify Signatures” – a huge help if you’re like me and you find yourself continually checking for new and unexpected applications.

And lastly, “Rootkit Revealer“. Oh, my. Turns out that Explorer provides hooks for applications (like, for instance, TortoiseSVN) to modify what shows up in the explorer window, even hiding files or folders entirely. Overall that’s a good thing except there is no way to tell it categorically “I really, really want to see all the files”. Amongst other things, this is something that RR shows up. Of course, there are some files that are genuinely supposed to be hidden – don’t even bother if you’re running Vista. But for XP is probably one more good thing to try for free if your box is behaving oddly…

4 Comments

I like the update they just made to “Process Monitor” it now tracks network activity back to the process doing the communication.

“It is theoretically possible for a rootkit to hide from RootkitRevealer. Doing so would require…”

“However, this would require a level of sophistication not seen in rootkits to date.”

lol I love it – anyone up for the challenge? ;)

Also, look into “Windows Support Tools”.

Commandline tools for doing all the things you really missed, such as tools to add computers to domains, check files opened by process etc etc.

Some of the tools can really f.ck u up, which may be why it isn’t just included in the standard install, but others are just plain weird that they were left out.
Even a diff program found its way in there.

http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en

Oh, and another sysinternals favorite: Filemon.

Does what it says on the box: registeres all file access on your computer. The text says it has been superseeded by process explorer, but it really hasn’t.

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

%d bloggers like this: