Friday, August 18, 2006

Accountability in Vista

Since the Sony rootkit fiasco, it seems Mark Russinovich has been propelled to fame and possibly fortune now that Microsoft have taken himself and his buddy Bryce Cogswell on as employees with the acquisition of Winternals.

Winternals sponsors Sysinternals, a collection of utilities for Windows techies that provide you with lots of ways of inspecting the behind-the-scenes workings of your Windows PC. Whenever I get that sickly feeling that someone's watching (you know, when the harddisk spins into a frenzy for no apparent reason, or when your firewall pops up and asks permission for an unknown process) I use the process explorer and tcpview to see if there's anything strange going on. You need a better than average knowledge of the operating system to be able to spot dodgy processes, but you by no means need to be a win32 kernel hacker (which I definitely am not!).

I've also used tools from Sysinternals to see what files are still in use by my removable devices when they won't eject. There's nothing worse than realising you've a train to catch in 2 minutes and then not being able to remove your removable disk because Windows won't let go of it, without telling you why!

So, from Mark's blog it sounds like Microsoft intend to carry on the good work and even open up the licensing. He also says:

Comprehensive performance instrumentation of everything from disk I/Os to context switches and hard page faults is active on all Vista builds deployed internally and end-users can simply open a desktop shortcut to submit a trace of any sluggish system behavior they experience.


If this instrumentation stays in the commercial release it will be such a big step forward. How many times have you sat there staring at the System Idle Process running at 99% CPU and thinking "now that's not really the case, is it Mrs XP!". So fingers crossed they keep this in and let us keep an eye on our own PCs. Or failing that, hopefully they'll forget to take it out in the rush to get the product out of the door!