What the lsass.exe? Searching for Windows Processes

Ever wonder what all of those mysteriously-named Windows “processes” are doing, and how they got loaded on your computer in the first place? Use the helpful ProcessLibrary.com to find out.

Control-ALT-Delete used to perform a very simple, but (sadly) vital function: rebooting your Windows computer. In recent versions of Windows, pressing Control-ALT-Delete now brings up the Windows Task Manager, which offers alternatives to handling misbehaving software without the brute force approach of a hard reboot.

The Task Manager has four views: Applications, Processes, Performance and Networking. The Applications view shows you currently running programs. Use the “End Task” button on this view to kill a program that isn’t working as expected—or to get rid of a “mousetrapped” browser that’s repeatedly displaying an offensive web site.

The Performance and Networking views offer interesting statistics, but aren’t really useful unless you’re a serious Windows geek.

It’s the Processes view that offers the most insight into what’s going on with your computer. Unfortunately, it also displays information in maddeningly cryptic fashion, showing “Image Name,” “User Name,” “CPU” and “Usage” details. Two of these offer the most meaningful information: Image Name is the name of a process that’s currently running in memory, and CPU shows you how much capacity of your computer’s central processing unit is being consumed by the process.

If your computer is sluggish, the processes view will tell you which process is hogging your system resources. Use the “End Process” button to kill it. Be careful, though—killing some processes could lock up your computer and potentially result in loss of data.

Problem is, it’s almost impossible to determine what most processes are from their image names. I’m convinced that the people who write Windows processes are highly trained in the art of obfuscation. Some of the more common processes include lsass.exe, alg.exe, svchost.exe, csrss.exe and smss.exe. And there’s no “properties” information to tell you anything about what these things are doing or how they got started in the first place.

Enter ProcessLibrary.com. This searchable database makes it easy to find information about even the most obscure process running on your computer. Take lsass.exe, for example. If your computer uses a current version of Windows XP, this process is almost certainly running. What is it?

Local Security Authority Service. “This is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies.” In addition to this description, ProcessLibrary.com also tells you the author of the process, and whether it’s associated with the operating system or a particular piece of software.

Even more importantly, it also indicates whether the process is something nasty, like a virus, Trojan or spyware, and assigns the process a security risk from zero to five.

ProcessLibrary.com isn’t an altruistic effort—it’s the work of a company called UniBlue that sells a program called WinTasks Pro that’s designed, surprise surprise, to help you deal with or eliminate nasty processes. Nonetheless, the amount and quality of information offered on the site makes it a worthwhile resource.

ProcessLibrary also has a DLL Search that’s useful for decoding cryptic error messages.

Other sources for this type of information include Sysinfo.org’s Startup Applications List and Task List Programs from Answers That Work. Google’s specialized Microsoft search is also another great resource for finding information about startup processes, from these sites and many others.

Search Headlines

NOTE: Article links often change. In case of a bad link, use the publication’s search facility, which most have, and search for the headline.

Search Engines Face A Different Type Of Spam
Information Week Apr 4 2005 6:58AM GMT
Yahoo/FindWhat Patent Dispute Headed for Trial
ClickZ Today Apr 4 2005 5:07AM GMT
Don’t Test That! — Five Pitfalls
iMedia Connection Apr 4 2005 2:06AM GMT
Yahoo raises eyebrows with Hollywood push
MSNBC Apr 3 2005 10:37PM GMT
Search-engine pros can click it up a notch
Richmond Times Dispatch Apr 3 2005 4:11PM GMT
Yahoo’s New Index
Searchblog Apr 3 2005 4:03PM GMT
Agence France-Presse: Behind the Times?
Tech News World Apr 3 2005 3:48PM GMT
Accelerated Keyword and Engine Testing, Part 1
ClickZ Today Apr 3 2005 3:45PM GMT
Yahoo Poaches MSN Content Exec
ClickZ Today Apr 3 2005 3:44PM GMT
Living by Google Rules
MSNBC Apr 3 2005 5:45AM GMT
How Google created a brand out of the ether
Guardian Unlimited Apr 3 2005 1:55AM GMT
PRODUCT REVIEW: Yahoo Has Slight Edge Among Desktop Search Programs
Information Week Apr 3 2005 1:18AM GMT
Google Outlines Plan To Spend to Expand
BizReport.com Apr 2 2005 10:50PM GMT
Early Version Of Yahoo 360 Confusing All Around
Washington Post reg Apr 2 2005 10:46PM GMT
Searcher’s Voice
Information Today Apr 2 2005 10:38PM GMT

Related reading

Simple Share Buttons