|
Page 2 of 3 Windows Processes After the brief explanation of what processes are, let's see how this relates to Windows. Windows, as most of the modern operating systems, supports multitasking and multithreading and when you click CTRL+ALT+DEL to bring up the Task Manager, you will see something like this: 
You see an Image Name column, where all processes for the currently logged in user are listed (if the Show Processes For All User checkbox were checked, this list would have listed processes from all users), the name of the user who owns the process and data like the CPU and Memory usage of the particular process. Some of the process names are pretty self-explanatory (firefox.exe) but others are a bit cryptic. Don't worry that you can't guess what a particular Image Name stands for – there are good online references, like http://www.processlibrary.com or http://www.what-process.com/lists.aspx, where you can check a given process to which program belongs. However, it does not hurt to know the names of a couple of the essential Windows processes. There might be differences in the list of essential Windows processes for the various versions of Windows but basically the major ones are as follows: - System Idle Process
- explorer.exe
- winlogon.exe
- svchost.exe
- lsass.exe
- services.exe
- spoolsv.exe
- smss.exe
- csrss.exe
- taskmgr.exe
Usually several instances of Svchost.exe are running. This is pretty normal because not all of them will be owned by the same user. What is not normal is that the same process – svchost.exe – has been registered both as a legitimate Windows process and as a trojan and backdoor. But more on this later. Svchost is a system process, which handles processes executed from DLLs. This is one of the most important processes in Windows and if you terminate it, your computer will become unstable. I am not going to explain all the processes here, so if you are interested in learning more about them, go to http://www.processlibrary.com or http://www.what-process.com/lists.aspx, the lists there are really good. I have used words like important and essential to describe the processes. Yes, not all processes are equal but this does not mean that you can't make one process more important than another. You can prioritize processes, giving the most important processes a higher priority. By default all processes have a Normal priority but if you are running a very special program that requires more processing power or it is important to be given the processor immediately when needed, you can change its priority from Normal to Realtime, High, or Above Normal. Alternatively, if you would like a given process to have a lower than the normal priority, select Below Normal or Low. Setting priorities is done when you right-click the process in the Image Name column and from the context menu select Set Priority. From the list of priorities, choose the desired one. You can change the priority for most of the processes (System Idle Process is one of the few exceptions because it is a vital process that users shouldn't be allowed to mess up with its priority). If you deep to get more indepth data about a particular process, for instance to see the whole process tree, the threads in the process, its network connectivity, or handles and DLLs, Windows Task Manager will not be useful. Instead, you can download for free a nice program - Process Explorer by Mark Russinovich and see all this and a lot more information about the processes on your computer.
|
