Prioritise with Task Manager

So, head to the manufacturer's website and download Prio, which is free for personal use and enhances Task Manager in a variety of ways. First it adds two extra tabs, Services and TCP/IP.

The first of these shows most of the information you see in Administrative Tools, Services. You get a list of services, whether they are running and tooltip descriptions. You can start and stop services and change the way they are started. The TCP/IP tab shows all open ports and TCP connections. You get tooltip description and you can right-click and go to the process that established the connection.

It’s back in the processes tab that the really useful stuff lies. For a start, processes are colour coded – ­ those whose executable has a digital signature are shaded green and those without, pink. If there is a process without a signature but that you are certain is trustworthy, then you can and add it to the green list.

You also get a tooltip for each process showing information about the executable and its location on your computer. The best bit, however, is when you right-click on a process and choose ‘Set Priority’, as added to the list of priorities is an entry to ‘Save Priority’. Check this and whatever priority you accord a process will be preserved when you close and restart it or reboot your PC.

Autorun away
Recently there has been much concern over the Conficker virus, also called Downadup. Despite the fact that Microsoft released a security patch last October, by late January over nine million PCs had been infected, according to the security software company F-Secure. One way the virus spreads is through USB sticks and ‘social engineering’, which is a posh name for conmanship. Have a look at the screenshots of the Autoplay dialogue in XP and Vista. There’s something not quite right ­ – why are there two commands to open the folder in Explorer? And why has XP got ‘Program’ at the top and Vista ‘Install or run program’? How many of us, in a hurry, wouldn’t spot these suspicious signs and click on the first ‘Open folder…’ item?

In fact, that entry runs a program. We made a harmless ‘booby-trapped’ USB key, containing an executable file (a copy of Notepad.exe renamed to worm.exe) and an Autorun.inf file. The latter is just a text file created in Notepad, containing the following:

[Autorun]
Action=Open folder to view files with Windows Explorer
Icon=%systemroot%\system32\shell32.dll,open=worm.exe

The ‘Action’ line is the text in the Autoplay dialogue. The ‘Icon’ line fetches an open folder icon from the system32 folder, and the ‘Open’ line points to the payload. Obviously there need not be any correlation between ‘Action’ and ‘Open’.

Several organisations, including the Pentagon, have banned the use of USB keys. On a personal level we don’t think it necessary to take your USB key out and shoot it, but it could make sense to disable Autorun on your PC.

Under Vista, you need to be logged in with administrator status. First go to Control Panel, Programs and Features, Installed Updates and make sure you have the Security Update KB950582 installed. It should have arrived with Automatic Updates but if not you’ll find it at www.tinyurl.com/ckrdpn.

Next, run Gpedit.msc and expand Computer Configuration, Administrative Templates, Windows Components, Autoplay Policies. Double-click the ‘Turn off Autoplay’ entry, then select ‘Enabled’, then choose ‘Turn off Autoplay on: All drives’. Restart and you’ll find nothing Autoplays or Autoruns. If, instead, you enable the Default behaviour for Autorun item and set it to ‘Do not execute any autorun commands’ you’ll find that media CDs and DVDs autoplay and other removable media, such as USB sticks continue to show an Autoplay window. Autorun.inf files, however, are ignored, and that fake ‘Open...’ entry will no longer appear.

The XP faithful also needs to be logged on as an administrator, and need the KB950582 update. Despite having Automatic Updates configured on the Hands On computer, this one needed to be downloaded from www.tinyurl.com/ 6y9v4e and installed manually. Having done this, and rebooted, run Gpedit.msc and expand Computer Configuration, Administrative Templates, System. In the right-hand pane double-click ‘Turn off Autoplay’ and as with Vista, enable for all drives. Unlike Vista, you don’t get the separate Autorun setting, so it’s all or nothing. And if you’re running XP Home, you don’t have the Group Policy Editor. Next month we’ll look at hitting the metal in the Windows Registry.