CandyPick #2: Monitor, Investigate & Configure Windows settings with What’s Running (freeware)
The Problem with Windows
Looking through the droves of software available for configuring and monitoring Windows illustrates that Microsoft still, even in Windows 7, doesn’t provide the right system configuration and monitoring tools that are good or user-friendly enough. Everyone knows a properly configured Windows system runs better and is more secure (the holy grail of computing). So today I’m looking at a program that will help you on that quest for Windows nirvana.
Enter What’s Running!
When you absolutely need to know everything that’s running on your Windows machine then you need What’s Running. It’s like MSConfig and Task Manager got married, had a child, fed it a steady diet of Red Bull and Brain Toniq and then set it loose to learn how to do more cool stuff than its “parents” ever did.
What’s Running is the ultimate aptly-named app. It does what its name implies (unlike MSConfig, which sounds like it would be the ‘go to guy’ for all your Windows configuration needs) but it’s also a great tool for learning how things work in Windows and it can be a lifesaver when you’re investigating a virus or spyware infestation even if it’s NOT a malware detection or removal program.
- Itching to know all the internet connections currently flowing out of your computer? No problem.
- Want to check the startup entries and stop programs you don’t want loading automatically? Done.
- Curious what software drivers are installed? Want detailed information about them? Yes sir. It does that too, and more.
Now in version 3.0 beta 9, What’s Running is a fairly mature program. Which is good because it means it’s been put through its paces enough for the developer to trust the basic functionality and focus on implementing new features while enhancing existing ones.
Features
What’s Running gives you the power to discover detailed information about the programs, services, modules, network (aka IP) connections, startup items and drivers on your PC. The interface is broken is broken down into tabs that comprise its main features.
Perhaps best of all, it lets you quickly jump to the actual file underlying all those things mentioned above in case you want a closer look or to perform actions on a specific file like when you’ve found something you’re better off without (malware).
Let’s get to exploring…
Processes Tab
The Processes tab is the default screen you see upon launching What’s Running. It displays all the processes currently running on your computer in a hierarchical view. Here you can see at a glance if an errant application is sucking up too much CPU power. You’ll also see every tidbit (if you select all the available columns for viewing) about each running program.
Clicking on a specific process (program) opens up a right-hand pane with nice little graphs showing its CPU and memory usage as well as all the information about what resources the process is using. Right-click on a program and you can terminate it, set its priority, check info about it online (on What’s Running’s site) or like I said before open the folder where the processes file is located.
A neat tip about What’s Running
You can Replace Windows Task Manager with What's Running by going to View -> Options, clicking on the 'Startup' tab and checking the 'Replace Task Manager' box. Now, when you hit Control-Shift-Escape, (one of the quickest ways to launch Windows Task Manager) you'll be greeted with What's Running instead of Task Manager. Beautiful.
Services Tab
Services are ‘long-running processes’ which usually don’t require user-interaction to run and are used for background task processing. Hence, services usually run automatically at startup, but they can also be run manually by choosing to start them yourself or ‘on-demand’ without user interaction upon the launch of a program.
Many services are related to Windows’ core functionality, but third-party software creates them as well. Examples are security, defrag and disc burning applications (to name a few), DRM processes and peripherals such as scanners, printers and webcams (again, to name a few). Services are also one of those things that malware loves to create, so that if you kill the malicious process (or ‘service’, yeah “service” all right) it can restart itself automatically.
Even without getting into malware-related reasons for checking out what services are installed, Microsoft and many third-party software apps configure services to run automatically even ones you may not need. What’s Running enables you to start and stop these services easily. The really neat thing is that What’s Running, in its own characteristic style, provides a plethora of information about each service.
But What’s Running doesn’t allow you to configure how services start (automatically or manually) or disable or delete them. I think this is a good thing because: a) Windows provides that functionality through the graphical Windows Service Control Manager or via its command-line scm utility and b) deleting or disabling a service is a bold move that shouldn’t be undertaken lightly as you could experience some serious Windows pain in the form of a non-working or barely working system.
If you’re curious about Windows services, Black Viper’s site offers a fantastic resource about all of Windows’ built-in services. There you can figure out what services you *may* not need running automatically or manually or at all. It’s a highly recommended reference if you’re serious about tweaking the Windows’ services in search of a (usually small) performance increase or for security reasons.
IP Connections Tab
IP, or Internet protocol, connections also known as TCP/IP connections are a set of protocols that provide a way for computers to communicate on a local network or the internet. See related Wikipedia article for more information.
In What’s Running, the IP Connections feature lets you see when a connection (local network or internet) was started, each connection’s current state (established, closed-wait or listening), who it’s connected to (domain name or IP address) as well as the local and remote ports being used.
Clicking on a specific IP connection brings up detailed information about the processes using the connection in the right-hand pane. Just like the Processes tab, it gives you a complete listing of all the connection’s details including how long the connection has been running and the amount of information (measured in bits) following through it.
Startup Tab
Like services, there are a lot of program that start automatically with Windows. Except startup programs don’t run in the background like services. If you haven’t noticed already, there are also a million programs that can view, change, add or remove startup entries.
I really like the way What’s Running shows you whether a startup item is actually running, something MSConfig won’t help you with. Another nice feature is that you can jump to the Processes tab by right-clicking on an active startup entry and choosing ‘Go to process’.
System Info Tab
The System info feature in What’s Running is certainly nothing revolutionary, but it’s a welcome addition to an already useful pack of tools. Under the System tab you’ll find all sorts of useful tidbits, including the version of Windows you’re using, the registered owner’s name as well as the computer name, the total amount of RAM, your PC’s CPU model and speed (and number of cores), the currently installed BIOS version and more.
Unlike the rest of What’s Running’s main features, the System Info feature doesn’t have its own tab on the left-hand “pane”. Instead it’s found in the tabs that run horizontally above the main display area.
Modules Tab
The Modules tab in What’s Running includes a complete listing of everything running on your computer in real-time. This includes executable files (exe) as well as what dlls are loaded. (Dlls, for all intents and purposes are basically the same darn thing as exe files. The big difference is that you can’t double-click on a dll file and run it; it needs to be called by an application or process.
The other thing that makes dlls unique is that multiple processes may use the same underlying dll file. Many times, there’s a perfectly legit reason for this – why litter someone’s system with multiple copies of the same file if you can call a specific dll from one location in order give a user the functionality they need? However, when it comes to malicious software, its common practice to hijack or exploit a normally unsuspicious or trusted (but exploitable, you see how many patches Microsoft releases every month right?) dll and use it for nefarious purposes.
The Modules tab is a great way to see all the dlls, exes, and a few other types of files in one view. This makes it extremely easy to look for suspicious items. I’m not implying that a dll with an easily recognizable name is always safe, just that it is sometimes easy to spot rogue dlls because they have funny looking names like 234fh228fhjh.dll (not a real example).
My suggestion is to spend some quality time with the Modules tab, going through the list and keeping an eye out for funny looking names. Also look for files with the same name that are in different locations as a common trick malware authors use is to mimic a dll or exe name Microsoft uses, or some aberration of it, like svchost.exe versus svshost.exe (see this thread on Bleeping Computer ). It’s a cheap trick intended to make something illegitimate look legit at a quick glance.
Drivers Tab
Drivers, the magical things they are, allow hardware and certain critical Windows functionality to operate properly. Microsoft provides built-in drivers in each version of Windows for commonly available hardware so you don’t have to mess with the drivers yourself. This is why it’s probably been about 10 years since you had to install a driver for a (standard) keyboard, mouse, memory card reader or USB flash drive.
There is hardware however, that either requires its own drivers because Microsoft didn’t provide them natively or because the ones Microsoft did provide don’t provide the level of performance or functionality that the ones the manufacturer creates do. Video cards are a perfect example. In most cases, you need to install the manufacturers’ driver to achieve the best performance with video cards so at some point in your Windows using life, you probably have or will need to install a driver from ATI, Intel or Nvidia. :P
What’s Running’s Drivers tab shows you all the drivers installed on your computer along with information about their current state (running or stopped), who provided them, where their underlying files are located, their version numbers as well as advanced info like MD5 hashes which can aid you in determining if a file is legit or not.
*Extra important security info*
This brings up another point about security: Drivers are used just as often by malicious software as dlls and services. It’s useful to look through the list of installed drivers for ones that don’t have identifying information such as the manufacturer’s name. However, some of the most critical ‘low-level drivers’ in Windows, provided by Microsoft, lack proper identifying information so it’s extremely important to do your research before you start trying to remove drivers. What’s Running doesn’t allow you to remove drivers. While it may seem like an overlooked feature at first, for the reasons mentioned above, I actually think this is a good thing.
Snapshot Tab
Oddly, the most powerful and useful feature of What’s Running is also the simplest. The Snapshot feature allows you to take a snapshot (you didn’t see that coming, did you?) of all the processes, services, modules, drivers, startup items, IP connections and system information at any given point in time and then compare it to another snapshot.
The snapshot feature provides an excellent way for you to learn how certain actions you undertake affect what happens on your computer. It’s also a great way to troubleshoot or detect whether an app you installed decided to do something you don’t like like install malware. Nuff’ said. Snapshot rocks.
Overall User Interface
What’s Running’s interface hasn’t changed much since it came out seven years ago, but it suits its functionality and that’s more than you get out of the majority of software available. Sure I wouldn’t mind some color scheme options and a few tweaks here and there, but overall it’s perfectly fine by me.
Review Synchronicity (sort of)
Right before I went to post this review, I went to What’s Running’s website to find details about licensing for commercial use and my head snapped back. There was a note about a review of the previous beta (3.0 beta 8) in the March issue of Computer Power Magazine, which is my favorite magazine. I haven’t read it yet because I didn’t want it to influence my review, but I encourage you to check it out in addition to this review. It’s available for free here.
Support Apps You Love
Download and install What’s Running and see how you like it. I think you’ll find it can improve your Windows experience no matter how technical (or not) your background. If you find that it serves your needs, Krister, the developer behind What’s Running, has a donation button on his site waiting for you. Use it. Any way we can support developers is a good thing in my book.
Whether through donations or by using something like, I don’t know, *cough* OpenCandy *cough* to make money, developers can be empowered to keep creating awesome apps like What’s Running (which is free) and be motivated to innovate (like we’re doing here at OC). If they can quit their day job and work on what they love and still be able to support their family, then life is good for everyone.
Who knows, the developers may even be able to generate enough money to start their own software companies or foundations. Startups = economic recovery! (Speaking of which we’re hiring and have a bunch of newly created positions available!)
This is Dr. Apps signing off. I hope you enjoyed reading this post as much as I enjoyed writing it. Drop by again later for more posts and thanks for reading!
App info Software: What's Running Version: 3.0 Beta 9, published April 20, 2010 Developer: Christer Fahlgren Installer size: 4.5MB License: Freeware (used to be non-commercial use only, but looks like that changed) Language(s): English Homepage: http://whatsrunning.net
This post is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
(Material Disclosure: None. Neither Dr.Apps nor OpenCandy has received compensation from the maker(s) of What’s Running (or Brain Toniq for that matter) for the creation or posting of this content.)
1 Comment so farOne Response to “CandyPick #2: Monitor, Investigate & Configure Windows settings with What’s Running (freeware)”
By submitting a comment here you grant OpenCandy the right to reproduce your comment, name and web site in attribution. Inappropriate comments will be removed at the admin's discretion.
by Norman Wynn / May 26, 2010
what can one say this is the first time i’v been on site so we will wait and see
I will be back
nkw