Sysinternals

Last updated
Winternals Software LP
Genre Software development
Founded1996;25 years ago (1996)
FounderBryce Cogswell and Mark Russinovich
Headquarters
Austin, Texas
,
United States
Parent Microsoft
Website www.sysinternals.com

Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. [1] Originally, the Sysinternals website (formerly known as ntinternals [2] ) was created in 1996 and was operated by the company Winternals Software LP, [1] which was located in Austin, Texas. It was started by software developers Bryce Cogswell and Mark Russinovich. [1] Microsoft acquired Winternals and its assets on July 18, 2006. [3]

Contents

The website featured several freeware tools to administer and monitor computers running Microsoft Windows. The software can now be found at Microsoft. The company also sold data recovery utilities and professional editions of their freeware tools.

Winternals Software LP

Winternals Software LP was founded by Bryce Cogswell and Mark Russinovich, who sparked the 2005 Sony BMG CD copy protection scandal in an October 2005 posting to the Sysinternals blog. [4]

On July 18, 2006, Microsoft Corporation acquired the company and its assets. Russinovich explained that Sysinternals will remain active until Microsoft agrees on a method of distributing the tools provided there. [5] However, NT Locksmith, a Windows password recovery utility, was immediately removed.[ citation needed ] Most of the source that Sysinternals provided was also removed. Currently, the Sysinternals website is moved to the Windows Sysinternals website and is a part of Microsoft Docs. [1]

In late 2010, Bryce Cogswell retired from Sysinternals. [6]

Products

Windows Sysinternals supplies users with numerous free utilities, most of which are being actively developed by Mark Russinovich and Bryce Cogswell, [7] such as Process Explorer, an advanced version of Windows Task Manager, [8] Autoruns, which Windows Sysinternals claims is the most advanced manager of startup applications, [9] RootkitRevealer, a rootkit detection utility, [10] Contig, PageDefrag and a total of 65 other utilities. [11] NTFSDOS, which allowed NTFS volumes to be read by Microsoft's MS-DOS operating system, is now discontinued and is no longer available for download. [11] A larger number of these utilities are nowadays bundled by the publishers for the sake of simpler downloading of all, or most, current versions in the so-called Sysinternals Suite.

Previously available for download was the Winternals Administrator Pak which contained ERD Commander 2005, Remote Recover 3.0, NTFSDOS Professional 5.0, Crash Analyzer Wizard, FileRestore 1.0, Filemon Enterprise Edition 2.0, Regmon Enterprise Edition 2.0, AD Explorer Insight for Active Directory 2.0, and TCP Tools.

On May 18, 2010 Sysinternals released its first new utility since its acquisition by Microsoft. Named RAMMap, it is a diagnostic utility similar to the memory tab of Windows Resource monitor, but more advanced. RAMMap runs only on Windows Vista and later. [12] A system event monitoring tool, Sysmon, was released in 2014, which can collect and publish system events that are helpful for security analysis into the Windows Event Log. [13] [14]

In November 2018, Microsoft confirmed it is porting Sysinternals tools, including ProcDump and ProcMon, to Linux. [15]

Licensing issue with Best Buy

In April 2006, Geek Squad, a tech support company working in cooperation with Best Buy, was accused of using unlicensed versions of the ERD Commander software. Winternals supplied Best Buy with copies of its software so that Best Buy could evaluate the software while conducting contract negotiations for using it on a permanent basis. When contract talks broke down Best Buy did not notify its Geek Squad Agents to stop using the software and discard all copies. A judge granted a restraining order on April 14, requiring that use of all unlicensed software be stopped, and forcing Best Buy to turn over all copies of Winternals software within 20 days. [16] After settlement, a version of the Winternals software was released to be used by Geek Squad. [17]

See also

Related Research Articles

Rootkit Usually malicious software designed to enable access to unauthorized locations in a computer

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

Shadow Copy Microsoft technology for storage snapshots

Shadow Copy is a technology included in Microsoft Windows that can create backup copies or snapshots of computer files or volumes, even when they are in use. It is implemented as a Windows service called the Volume Shadow Copy service. A software VSS provider service is also included as part of Windows to be used by Windows applications. Shadow Copy technology requires either the Windows NTFS or ReFS filesystems in order to create and store shadow copies. Shadow Copies can be created on local and external volumes by any Windows component that uses this technology, such as when creating a scheduled Windows Backup or automatic System Restore point.

PageDefrag is a program, developed by Sysinternals, for Microsoft Windows that runs at start-up to defragment the virtual memory page file, the registry files and the Event Viewer's logs.

NuMega Technologies was a software company founded in 1987 by Frank Grossman and Jim Moskun in Nashua, New Hampshire, USA. The company developed a Kernel mode debugger, now SoftICE, for DOS and the Windows NT family.

Sysprep Microsoft tool for Windows deployment

Sysprep is Microsoft's System Preparation Tool for Microsoft Windows operating system deployment.

A registry cleaner is a class of third-party utility software designed for the Microsoft Windows operating system, whose purpose is to remove redundant items from the Windows Registry.

Extended Copy Protection

Extended Copy Protection (XCP) is a software package developed by the British company First 4 Internet and sold as a copy protection or digital rights management (DRM) scheme for Compact Discs. It was used on some CDs distributed by Sony BMG and sparked the 2005 Sony BMG CD copy protection scandal; in that context it is also known as the Sony rootkit.

Mark Russinovich Spanish-born American software engineer

Mark Eugene Russinovich is a Spanish-born American software engineer who serves as CTO of Microsoft Azure. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006.

RootkitRevealer is a proprietary freeware tool for rootkit detection on Microsoft Windows by Bryce Cogswell and Mark Russinovich. It runs on Windows XP and Windows Server 2003. Its output lists Windows Registry and file system API discrepancies that may indicate the presence of a rootkit. It is the same tool that triggered the Sony BMG copy protection rootkit scandal.

Sony BMG copy protection rootkit scandal Sony BMGs implementation of copy protection measures

A scandal erupted in 2005 regarding Sony BMG's implementation of copy protection measures on about 22 million CDs. When inserted into a computer, the CDs installed one of two pieces of software that provided a form of digital rights management (DRM) by modifying the operating system to interfere with CD copying. Neither program could easily be uninstalled, and they created vulnerabilities that were exploited by unrelated malware. One of the programs would install and "phone home" with reports on the user's private listening habits - even if the user refused its end-user license agreement (EULA), while the other was not mentioned in the EULA at all. Both programs contained code from several pieces of copylefted free software in an apparent infringement of copyright, and configured the operating system to hide the software's existence, leading to both programs being classified as rootkits.

The company Winternals used to provide three kinds of programs for DOS that could handle NTFS formatted drives.

Microsoft Drive Optimizer

Microsoft Drive Optimizer is a utility in Microsoft Windows designed to increase data access speed by rearranging files stored on a disk to occupy contiguous storage locations, a technique called defragmentation. Defragmenting a disk minimizes head travel, which reduces the time it takes to read files from and write files to the disk. As a result of the decreased read and write times, Microsoft Drive Optimizer decreases system startup times for systems starting from magnetic storage devices such as a hard drive. However, defragmentation is not helpful on storage devices such as solid state drives, USB drives or SD cards that use flash memory to increase speeds, as these drives do not use a head. Defragmentation may decrease lifespan for certain technologies, e.g. solid state drives. Microsoft Drive Optimizer was first officially shipped with Windows XP.

MSConfig

MSConfig is a system utility to troubleshoot the Microsoft Windows startup process. It can disable or re-enable software, device drivers and Windows services that run at startup, or change boot parameters.

Contig is a command line defragmentation utility for Windows currently owned by Microsoft subsidiary SysInternals.

Microsoft Desktop Optimization Pack (MDOP) is a suite of utilities for Microsoft Windows customers who have subscribed to Microsoft Software Assurance program. It aims at bringing easier manageability and monitoring of enterprise desktops, emergency recovery, desktop virtualization and application virtualization.

Process Monitor is a tool from Windows Sysinternals, part of the Microsoft TechNet website. The tool monitors and displays in real-time all file system activity on a Microsoft Windows or Unix-like operating system. It combines two older tools, FileMon and RegMon and is used in system administration, computer forensics, and application debugging.

JkDefrag

JkDefrag is a free open-source disk defragmenting utility computer program for Windows. It was developed by Jeroen Kessels beginning in 2004 and was released under the GNU General Public License. Since version 4 of 2008, much changed from previous versions, JkDefrag was renamed MyDefrag by its developer; earlier JkDefrag versions continued to be available. MyDefrag, which was closed source freeware, was discontinued, with the last version being v4.3.1, file date 21 May 2010; for several years the MyDefrag website has been a redirect to the still-existing JkDefrag site, but links to downloadable JKdefrag files are dead.

The following is a comparison of notable file system defragmentation software:

EMCO MoveOnBoot is a freeware utility for managing locked file system resources on the Windows platform. The utility allows moving, renaming or deleting selected locked files or folders during the next Windows reboot.

Memory forensics is forensic analysis of a computer's memory dump. Its primary application is investigation of advanced computer attacks which are stealthy enough to avoid leaving data on the computer's hard drive. Consequently, the memory (RAM) must be analyzed for forensic information.

References

  1. 1 2 3 4 "Windows Sysinternals". Microsoft Docs. Microsoft Corporation. August 12, 2009. Retrieved August 15, 2009.
  2. Mark Russinovich (May 9, 2011). Podnutz Episode #64 - Mark Russinovich Talks Tech (Flash) (Podcast). Podnutz. Event occurs at 0:02:01. Retrieved June 18, 2011. ...that's when Sysinternals started, originally called ntinternals...
  3. "Microsoft Acquires Winternals Software". Company Press Releases. Winternals Software. July 18, 2006. Archived from the original on March 14, 2007. Retrieved March 14, 2007.
  4. Mark Russinovich (October 31, 2005). "Sony, Rootkits and Digital Rights Management Gone Too Far". Sysinternals Blog. Retrieved December 18, 2006.
  5. Mark Russinovich (July 18, 2006). "On My Way to Microsoft!". Sysinternals Blog. Retrieved December 18, 2006.
  6. "Mark Russinovich Discusses Windows Azure", Windows IT Pro. Retrieved on April 16, 2011.
  7. "What is new (August 5, 2009)". Windows Sysinternals. Microsoft Corporation. August 15, 2009. Retrieved August 15, 2009.
  8. "Process Explorer v11.33". Windows Sysinternals. Microsoft Corporation. February 4, 2009. Retrieved August 15, 2009.
  9. "Autoruns for Windows v9.53". Windows Sysinternals. Microsoft Corporation. August 12, 2009. Retrieved August 15, 2009.
  10. "RootkitRevealer v1.71". Windows Sysinternals. Microsoft Corporation. November 1, 2006. Retrieved August 15, 2009.
  11. 1 2 "Sysinternals Utilities Index". Windows Sysinternals. Microsoft Corporation. August 12, 2009. Retrieved August 15, 2009.
  12. Russinovich, Mark; Cogswell, Bryce (May 18, 2011). "RAMMap v1.11". Windows Sysinternals. Microsoft. Retrieved June 12, 2011.
  13. Russinovich, Mark; Garnier, Thomas (June 28, 2019). "Sysmon v10.2". Windows Sysinternals. Microsoft Corporation. Retrieved July 24, 2019.
  14. Russinovich, Mark; Richards, Andrew; Garnier, Thomas (September 29, 2014). "Defrag Tools #108 - Sysinternals SysMon - Mark Russinovich". Windows Sysinternals. Microsoft Corporation. Retrieved July 24, 2019.
  15. Cimpanu, Catalin (November 5, 2018). "Microsoft working on porting Sysinternals to Linux". ZDNet . CBS Interactive . Retrieved November 5, 2018.
  16. "Best Buy's Geek Squad Accused of Pirating Software", FOX News. Retrieved on December 16, 2006.
  17. "Winternals & Best Buy/Geek Squad Settle Federal Lawsuit", Winternals press release. Retrieved on December 16, 2006. Archived March 14, 2007, at the Wayback Machine

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.