Every now and then you discover a software gem, often an otherwise unassuming program that turns out to be something you wondered how you lived without. Despite its drab and in some ways misleading name, WinTasks is one such piece of software.
Now in version 5, WinTasks Pro does a number of things which turn out to make it an extremely useful security tool. Its primary function is to let you see what programs are running on a PC, which has obvious security benefits in an age where he PC has become a promiscuous host for all sorts of unwanted programs, including the pest of spyware. Even though it is, to be clear, therefore a detection tool rather than a fully-fledged protection system, identification is the key to the program’s second useful feature – stopping and removing the components that allow illegitimate software to re-install.
Finding spyware on a PC – or even identifying useless resource-hogging programs - means being able to track down a single program running as what Windows terms a “process”, removing it from memory, stopping it re-starting itself if the PC is rebooted, and rooting out its originating executables, files and registry entries.
You can, of course, get basic information on running tasks using Windows XP’s system utility (much improved over the one in Windows 2000 and previous versions of Windows for those who haven’t noticed) but it’s still of limited use in quickly spotting the rogue or the redundant. Windows XP provides a list of programs matched to one of six priority codes (13 means it is “high” priority for instance), an inscrutable “process ID”, a path to the originating executable, and information on its memory consumption. But identification is extremely weak which means there is no easy way of understanding which bits of software are important and which are just consuming resources for no good reason.
WinTasks’ default window shows all the above information but in a much more logical manner; executable name, processor priority, number of dependent threads, and CPU/memory usage are all immediately apparent. Above this window are a number of self-explanatory buttons that allow the user to get explanatory information on any one of the processes clicked on (more on this later), to view which programs are auto-starting, and to stop, permanently block or increase/decrease the priority of any process.
If you notice that a process has a number of threads running, information on these can be discovered by hitting the “windows” button. This is a simple way of ensuring that a closed program really has been closed and isn’t somehow continuing to lurk on a system.
Running WinTasks on a couple of test machines – an ordinary PC and a laptop – it found a fairly standard list of Windows software and third-party programs. It also found and identified a couple of processes running in the background which were no longer being used or were supposed to have been de-installed. There was no spyware on these systems but WinTasks would, according to its publishers, have spotted them, even if they adopted the common spyware trick of using names very similar to those of common Windows processes as a way of attempting to disguise themselves.
A great feature is the ability to create “block” lists. This can either be used to stop any programs other than those explicitly chosen from running on a system – a radical but reliable way of stopping illegitimate software from loading – or simply to stop named programs from reloading at a future date. There is also a proprietary scripting tool that can be used to create more complex rules for program execution.
The secret of WinTask’s identification is processlibrary.com , an extensive database of program profiles from which the software is also regularly updated as part of the license. This holds information on a large number of legitimate and non-legitimate programs that are intended to load in Windows without user intervention. If a user encounters a process which the software has not encountered before you are invited to send the information to processlibrary.com in the form of an email. (This is a resource that can also be accessed without using WinTasks.)
WinTasks is by no means the only tool that will perform the housekeeping task of program identification, and there are scores of programs that claim they can stop or root out spyware. Its strength is that it identifies and explains what each program process is and what it is doing, if necessary in considerable detail right down to the dependent DLLs. It does this while letting you act on (e.g stop or delete) these processes in a way that is simple and intuitive, and most of all, quick.
Being able to create lists of programs that are allowed to run on the system is also a powerful tool if used wisely as it makes it extremely difficult for the system to be undermined at a future point in time. Finally, it is regularly updated from the processlibary.com website, so you have the ability to keep it up-to-date with the profiles for new programs.
Publisher LIUtilities (aka Uniblue Systems) offers an unlimited administrator license for WinTasks for $295 as long as it is not used on more than ten systems at any one time.
The most obvious rival to this sort of approach would be anti-spyware software, most of which is hard to recommend and not particularly geared for corporate use. Desktop firewalls also need to be looked at as they also overlap with over with some of the features of WinTasks. WinTasks is really best as an informal tool for administrators to be used as and when on Windows XP, 2000, and Windows 98 clients.