Genre | Software development |
---|---|
Founded | 1996 |
Founder | Bryce Cogswell and Mark Russinovich |
Headquarters | , |
Parent | Microsoft |
Website | www.sysinternals.com |
Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. [1] Originally, the Sysinternals website (formerly known as ntinternals [2] ) was created in 1996 and was operated by the company Winternals Software LP, [1] which was located in Austin, Texas. It was started by software developers Bryce Cogswell and Mark Russinovich. [1] Microsoft acquired Winternals and its assets on July 18, 2006. [3]
The website featured several freeware tools to administer and monitor computers running Microsoft Windows. The software can now be found at Microsoft. The company also sold data recovery utilities and professional editions of their freeware tools.
Winternals Software LP was founded by Bryce Cogswell and Mark Russinovich, who sparked the 2005 Sony BMG CD copy protection scandal in an October 2005 posting to the Sysinternals blog. [4]
On July 18, 2006, Microsoft Corporation acquired the company and its assets. Russinovich explained that Sysinternals will remain active until Microsoft agrees on a method of distributing the tools provided there. [5] However, NT Locksmith, a Windows password recovery utility, was immediately removed.[ citation needed ] Most of the source that Sysinternals provided was also removed. Currently, the Sysinternals website is moved to the Windows Sysinternals website and is a part of Microsoft Docs. [1]
In late 2010, Bryce Cogswell retired from Sysinternals. [6]
Windows Sysinternals supplies users with numerous free utilities, most of which are being actively developed by Mark Russinovich and Bryce Cogswell, [7] such as Process Explorer, an advanced version of Windows Task Manager, [8] Autoruns, which Windows Sysinternals claims is the most advanced manager of startup applications, [9] RootkitRevealer, a rootkit detection utility, [10] Contig, PageDefrag and a total of 65 other utilities. [11] NTFSDOS, which allowed NTFS volumes to be read by Microsoft's MS-DOS operating system, is now discontinued and is no longer available for download. [11] A larger number of these utilities are nowadays bundled by the publishers for the sake of simpler downloading of all, or most, current versions in the so-called Sysinternals Suite.
Previously available for download was the Winternals Administrator Pak which contained ERD Commander 2005, Remote Recover 3.0, NTFSDOS Professional 5.0, Crash Analyzer Wizard, FileRestore 1.0, Filemon Enterprise Edition 2.0, Regmon Enterprise Edition 2.0, AD Explorer Insight for Active Directory 2.0, and TCP Tools.
On May 18, 2010, Sysinternals released its first new utility since its acquisition by Microsoft. Named RAMMap, it is a diagnostic utility similar to the memory tab of Windows Resource monitor, but more advanced. RAMMap runs only on Windows Vista and later. [12] A system event monitoring tool, Sysmon, was released in 2014, which can collect and publish system events that are helpful for security analysis into the Windows Event Log. [13] [14]
In November 2018, Microsoft confirmed it is porting Sysinternals tools, including ProcDump and ProcMon, to Linux. [15]
In April 2006, Geek Squad, a tech support company working in cooperation with Best Buy, was accused of using unlicensed versions of the ERD Commander software. Winternals supplied Best Buy with copies of its software so that Best Buy could evaluate the software while conducting contract negotiations for using it on a permanent basis. When contract talks broke down Best Buy did not notify its Geek Squad Agents to stop using the software and discard all copies. A judge granted a restraining order on April 14, requiring that use of all unlicensed software be stopped, and forcing Best Buy to turn over all copies of Winternals software within 20 days. [16] After settlement, a version of the Winternals software was released to be used by Geek Squad. [17]
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.
In the maintenance of file systems, defragmentation is a process that reduces the degree of fragmentation. It does this by physically organizing the contents of the mass storage device used to store files into the smallest number of contiguous regions. It also attempts to create larger regions of free space using compaction to impede the return of fragmentation. Some defragmentation utilities try to keep smaller files within a single directory together, as they are often accessed in sequence.
Geek Squad, Inc. is a subsidiary of American and Canadian multinational consumer electronics corporation Best Buy, headquartered in Richfield, Minnesota. The subsidiary was originally an independent company founded by "Chief Inspector" Robert Stephens on June 16, 1994, and offers various computer-related services and accessories for residential and commercial clients. In 2002, they merged with Best Buy, retaining Stephens as the primary corporate leadership for the subsidiary. The Geek Squad provides services in-store, on-site, and over the Internet via remote access, and also provides 24-hour telephone and emergency on-site support. Geek Squad no longer works solely on computer-related devices. It now diagnoses issues in and repairs all consumer electronics, as well as appliances.
Shadow Copy is a technology included in Microsoft Windows that can create backup copies or snapshots of computer files or volumes, even when they are in use. It is implemented as a Windows service called the Volume Shadow Copy service. A software VSS provider service is also included as part of Windows to be used by Windows applications. Shadow Copy technology requires either the Windows NTFS or ReFS filesystems in order to create and store shadow copies. Shadow Copies can be created on local and external volumes by any Windows component that uses this technology, such as when creating a scheduled Windows Backup or automatic System Restore point.
PageDefrag is a program, developed by Sysinternals, for Microsoft Windows that runs at start-up to defragment the virtual memory page file, the registry files and the Event Viewer's logs.
System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state to that of a previous point in time, which can be used to recover from system malfunctions or other problems. First included in Windows Me, it has been included in all following desktop versions of Windows released since, excluding Windows Server. In Windows 10, System Restore is turned off by default and must be enabled by users in order to function. This does not affect personal files such as documents, music, pictures, and videos.
Sysprep is Microsoft's System Preparation Tool for Microsoft Windows operating system deployment.
A registry cleaner is a class of utility software designed for the Microsoft Windows operating system, whose purpose is to remove redundant items from the Windows Registry.
Extended Copy Protection (XCP) is a software package developed by the British company First 4 Internet and sold as a copy protection or digital rights management (DRM) scheme for Compact Discs. It was used on some CDs distributed by Sony BMG and sparked the 2005 Sony BMG CD copy protection scandal; in that context it is also known as the Sony rootkit.
Mark Eugene Russinovich is a Spanish-born American software engineer and author who serves as CTO of Microsoft Azure. He was a cofounder of software producers Winternals before Microsoft acquired it in 2006.
RootkitRevealer is a proprietary freeware tool for rootkit detection on Microsoft Windows by Bryce Cogswell and Mark Russinovich. It runs on Windows XP and Windows Server 2003. Its output lists Windows Registry and file system API discrepancies that may indicate the presence of a rootkit. It is the same tool that triggered the Sony BMG copy protection rootkit scandal.
In 2005 it was revealed that the implementation of copy protection measures on about 22 million CDs distributed by Sony BMG installed one of two pieces of software that provided a form of digital rights management (DRM) by modifying the operating system to interfere with CD copying. Neither program could easily be uninstalled, and they created vulnerabilities that were exploited by unrelated malware. One of the programs would install and "phone home" with reports on the user's private listening habits, even if the user refused its end-user license agreement (EULA), while the other was not mentioned in the EULA at all. Both programs contained code from several pieces of copylefted free software in an apparent infringement of copyright, and configured the operating system to hide the software's existence, leading to both programs being classified as rootkits.
Microsoft Drive Optimizer is a utility in Microsoft Windows designed to increase data access speed by rearranging files stored on a disk to occupy contiguous storage locations, a technique called defragmentation. Microsoft Drive Optimizer was first officially shipped with Windows XP.
MSConfig is a system utility to troubleshoot the Microsoft Windows startup process. It can disable or re-enable software, device drivers and Windows services that run at startup, or change boot parameters.
Contig is a command line defragmentation utility for Windows developed by Microsoft as part of the Sysinternals Suite.
Microsoft Desktop Optimization Pack (MDOP) is a suite of utilities for Microsoft Windows customers who have subscribed to Microsoft Software Assurance program. It aims at bringing easier manageability and monitoring of enterprise desktops, emergency recovery, desktop virtualization and application virtualization.
Process Monitor is a tool from Windows Sysinternals, part of the Microsoft TechNet website. The tool monitors and displays in real-time all file system activity on a Microsoft Windows or Unix-like operating system. It combines two older tools, FileMon and RegMon and is used in system administration, computer forensics, and application debugging.
JkDefrag is a free open-source disk defragmenting utility computer program for Windows. It was developed by Jeroen Kessels beginning in 2004 and was released under the GNU General Public License. Since version 4 of 2008, much changed from previous versions, JkDefrag was renamed MyDefrag by its developer; earlier JkDefrag versions continued to be available. MyDefrag, which was closed source freeware, was discontinued, with the last version being v4.3.1, file date 21 May 2010; for several years the MyDefrag website has been a redirect to the still-existing JkDefrag site, but links to downloadable JKdefrag files are dead. JkDefrag source code is still available from third-party websites
The following is a comparison of notable file system defragmentation software:
EMCO MoveOnBoot is a freeware utility for managing locked file system resources on the Windows platform. The utility allows moving, renaming or deleting selected locked files or folders during the next Windows reboot.
...that's when Sysinternals started, originally called ntinternals...