Sunday, May 20, 2007

Antispyware – 1 (Adware.LinkMaker)

I have been experimenting with various antispyware products for some time now. I had Spybot-Search and Destroy and Ad-Aware installed. Besides those, there was the antispyware that comes along with ZoneAlarm. Then I tried SpyDefense beta. It showed a spyware called Adware.LinkMaker to be present on my system. After the scan, without removing the spyware I scanned using Ad-Aware, strangely it didn't show this spyware.

Saturday, May 12, 2007

system performance, disk I/O, file handles

Which process maintains the maximum file handles?

It is reasonable to go for explorer.exe but the correct answer is svchost.exe. It is the service host process.

For those of you who do not know about file handles and their importance, I would like to clarify a bit. First of all let me tell u this about computer performance. The performance of a computer is majorly dependent upon processor speed, available primary memory or RAM and disk access speed. Disk input/output (I/O in short) is the slowest of the three and information on disk is stored as files. Files are accessed using streams. Imagine pipes with streams of water, which here becomes data. So file handles can be considered as the taps at the ends of those pipes. Most of the programs running on your computer needs disk I/O. For that the underlying operating systems provides them file handles to operate on the files required by them.

It is obvious that the process that maintains the maximum number of file handles is responsible for a fairly good amount of disk I/O. We cannot say that that process contributes to maximum disk I/O because it also depends on the amount of data. Thus in assessment of performance of your system the processes that maintain the maximum number of file handles and those that handle maximum amount of data are noteworthy. The amount of data handled by various processes varies a lot to predict. However, the number of file handles maintained by some processes remains high. These include native or system processes like explorer.exe.

How to check the number of file handles maintained by a process?

The procedure is simple. Right click on task bar > click on Task Manager > Go to View menu > Click on select columns > Check on Handle Count.

The Task Manager then shows the number of file handles maintained by each process in the Processes tab.

Similarly, if we check the I/O writes option in the Select Columns menu, we can see that lsass.exe has exceptionally high number of I/O writes.

To determine, which program has a particular file or directory open you can use the tool ProcessExplorer. It is a GUI/device driver combination that shows you information about which handles and DLLs processes have opened or loaded.