Gene E. Bloch
Meantime, thanks for the informative remarks about Sysinternals et al....or the more traditional version: "Just because you're paranoid doesn't
mean they're not out to get you."
Back to Sysinternals: arguably, Microsoft purchased Winternals in order to
get Russinovich to work for MS.
I suspect (without any proof) that Mark put into his contract with Microsoft
that the Sysinternals tools would continue to be both distributed and
updated. Many people (yours truly included) were worried that MS would kill
off the Sysinternals tools, but thankfully that's not happened. (And it's
worth noting that Mark has had a large hand in the "Windows Internals" books
from MS Press).
Having said that, the Sysinternals tools aren't necessarily the best choice
for every user in every situation. Jason Fossen gave a 2-hour presentation
on the "Process Hacker" open-source tool last Wednesday at Sansfire; it's
similar to Process Explorer but with a few additional bells and whistles.
You can download the handout from Jason's web page at SANS:
This page also has a link to the SourceForge distribution point.
Incidentally, Fossen teaches a 6-day class on Windows security. It's
expensive (that's true of all the SANS classes) but is an excellent training
tool (also true of the SANS classes). It's also exhausting; I finished the
class this afternoon.
And I'll look at your link to SANS now.