What are Processes?
The process is one of the core terms in information about processes and operating systems. The simplest but very precise explanation is that a process is a program in execution. A running instance of a program. In the operating system theory, there are several states of a process. Like running, blocked, terminated, etc. But this is too much detail for somebody eager to be able to check. What is going on his or her computer? (For those interested in more detail, "Operating Systems"). Design and Implementation and Modern Operating Systems by Andrew Tanenbaum. The System is an excellent source of in-depth information about processes and operating systems as a whole.
Modern operating systems can run simultaneously many processes. Though actually at any given point only one process has the processor at its disposal. The other processes are waiting for their turn to come and that is! When you look at the processes on your computer, you might see a long list of the processes running. With dual-core processors, two processes can execute. But still, this does not change the fact that there are one (or two) processes that are executing. A dozen of others are waiting to be given the processor.
Many operating systems allow processes to be divided further – into threads. For example, Program A is running as Process A and Process A has the following threads – (A1, A2, A3, etc.). All of which execute subtasks that are related to the execution of Program A. Threads are dependent on the process that started them. When the process terminates, they stop as well. Process management is one of the basic activities of operating systems. When a process consumes too much CPU power, this slows down the whole system. So, to free some resources, one or more processes are terminated.
When processes are forcibly terminated, this often results in loss of data. Given the choice between a hung system and a killed process, loss of data might be acceptable. Some processes can’t be terminated because their execution is vital for the functioning of the whole system. Also, killing processes is a bad idea (even if the operating system allows you to kill a process of your choice). The right approach to killing processes is first to identify which program started the process. What resources are used by it, and then to proceed with termination? Killing the bad guys, i.e., processes are described in the last section of this article.
Windows Processes
After the brief explanation of what processes are, let’s see how this relates to Windows. Windows, like most modern operating systems, supports multitasking and multithreading. And when you click CTRL+ALT+DEL to bring up the Task Manager, you will see something like this:
Windows Processes
Windows Processes
You see an Image Name column, where all processes for the currently logged-in user are listed. (If the Show Processes for All User checkbox were checked, this list would have listed processes from all users). The name of the user who owns the process and data like the CPU and Memory usage of the particular process. Some of the process names are pretty self-explanatory (firefox.exe) but others are a bit cryptic. Don’t worry that you can’t guess what a particular Image Name stands for – there are good online references. Like where you can check a given process to which program belongs.
However, it does not hurt to know the names of a couple of the essential Windows processes. There might be differences in the list of essential Windows processes. The various versions of Windows but basically, the major ones are as follows:
System Idle Process
explorer.exe
winlogon.exe
svchost.exe
lsass.exe
services.exe
spoolsv.exe
smss.exe
csrss.exe
taskmgr.exe
Usually, several instances of Svchost.exe are running. This is pretty normal because not all of them will be owned by the same user. What is not normal is that the same process – svchost.exe – has been registered. Both as a legitimate Windows process and as a trojan and backdoor. But more on this later. Svchost is a system process, which handles processes executed from DLLs. This is one of the most important processes in Windows. If you terminate it, your computer will become unstable. I am not going to explain all the processes here. So, if you are interested in learning more about them, go to the lists there that are good.
I have used words like important and essential to describe the processes. Yes, not all processes are equal but this does not mean that you can’t make one process more important than another. You can prioritize processes, giving the most important processes a higher priority. By default, all processes have a normal priority. But if you are running a very special program that requires more processing power. It is important to be given the processor immediately when needed. You can change its priority from Normal to real-time, High, or Above Normal. Or, if you would like a given process to have a lower than the normal priority, select Below Normal or Low. Setting priorities is done when you right-click the process in the Image Name column and from the context menu select Set Priority. From the list of priorities, choose the desired one. You can change the priority for most of the processes. The (System Idle Process is one of the few exceptions because it is a vital process that users shouldn’t be allowed to mess up with its priority).
If you deep to get more in-depth data about a particular process. For instance, to see the whole process tree, and the threads in the process. Its network connectivity, or handles and DLLs, Windows Task Manager will not be useful. Instead, you can download for free a nice program. Process Explorer by Mark Russinovich and see all this. A lot more information about the processes on your computer.
Killing the Bad Guys
When you right-click a process in the list of processes. You see the End Process and End Process Tree commands. Choosing the first one terminates the process. The second is the process itself, together with all its descendants. You get a warning that terminating a process that way might cause system instability. If you are killing a program that is not responding anyway. You might gain some system stability (or at least processor time). Killing a process through the Windows Task Manager is worth it only if the program has hung and you need to free resources.
Browsing through the processes in Windows Task Manager might also give you a clue. If you have viruses, spyware, adware, and other types of malware on your computer. If you notice a strange process in the list of processes. Check it to see which program it belongs to and if it is malware. Take the appropriate measures (i.e., launch your antivirus or spyware program).
However, have in mind the fact that you don’t see any suspicious processes in this. The list of information about processes on your computer does not mean that your computer is clean. Because most of the advanced malicious programs are written in a way that allows them to remain hidden. They will hardly show themselves in the processes list. Most often malicious code is hidden behind legitimate processes. Or uses the same name (the example with svchost.exe). As a Windows service or a popular program. It is not likely that you will get an alert by seeing it in the processes list of Windows Task Manager. Even if the malicious program shows in the list stopping the process will not remove it from your computer. You need to take additional measures to clean it completely. Still, occasionally having a look at what processes are running at your computer is a good habit to pick!
Related Posts:
Advice On Ways to Set Up and Manage a New Cloud Server
How To Do With Your Mistakes – Let Them Humble You
The maker discusses the advantages of silicone and encourages building in-house brands overseas