Content

Win Tasks 4 Professional

Unlike the data acquisition tools here, WinTasks is intended to give administrators a view of the running state of a system, helping to identify and track malicious activity.

WinTasks is a bit like the Windows Task Manager on steroids. The core functionality revolves around running processes - you can identify each process, from where it was run and when, the system resources it is using and the modules it has loaded.

A useful system log shows a timeline of processes starting and stopping, which is particularly useful for investigating the activity of malware.

A basic, but perfectly adequate, scripting language allows thresholds to be monitored and actions to be taken. For example, if system overheads reached a critical level it could cause all non-critical processes to be lowered in priority.

Processes can be annotated or renamed, and these notes are recalled the next time that process starts.

Search criteria can be set, which is applied to all active data (processes, modules, etc), and the view can be filtered in a variety of ways to quickly focus in on particular processes.

Four toolbar buttons can be configured to launch specific applications on demand, but lack the ability to specify command-line switches or a document to open, which is limiting.

A number of rough edges could use improvement. For example, WinTasks lists which processes are started automatically when the system boots, but not where in the registry or .ini files this is decided. Only single-processor systems are supported, which limits its use in big server environments.And although processes can be set to new priorities, only priorities offered by older versions of Windows are supported.

Most of the shortcomings can easily be worked around, but WinTasks's performance lets it down. LIUtilities claims minimum system requirements of a 200MHz Pentium with 32Mb of RAM, which is optimistic.

On an Athlon 1900+ test machine with 512Mb of RAM, the main WinTasks process consumed 15Mb of RAM and 35 percent system resources even when idle, jumping to 90 percent-plus when performing a task such as viewing CPU activity graphs.

Because of this overhead, I can't recommend WinTasks for everyday analysis, which is a shame since the logging facility would be useful for analyzing Trojans or worm activity on a Windows server.

Product title
Win Tasks 4 Professional
Product info
Name: Win Tasks 4 Professional (Data Forensics group test) Description: Price: $39.95
Strength
Clear interface and lots of good tools. Very inexpensive.
Weakness
Too resource-heavy for regular use.
Verdict
WinTasks 4 has lots of good ideas, but needs a speed boost and some polishing to make it a really valuable tool.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.