Winternals und Sysinternals an Microsoft verkauft
Ich habe mich ja nun nicht nur an dieser Stelle lobend über die wirklich sinnvollen Werkzeuge von Sysinternals.com geäußert. Seien es nun Pstools, Process Explorer, Autoruns, Rootkit Revealer oder File- bzw. Regmon, diese Freewaretools sind sehr wichtige und kompakte Helferlein bei der forensischen Analyse eines laufenden verdächtigen Windows-Systems. Die hinter Sysinternals stehende Firma Winternals wird nun an Microsoft verkauft. Marc Russinovich, neben Bryce Cogswell einer der Köpfe hinter den Tools, schreibt in seinem Blog:
„So what’s going to happen to Winternals and Sysinternals? Microsoft is still evaluating the best way to leverage the many different technologies that have been developed by Winternals. Some will find their ways into existing Microsoft products or Windows itself and others will continue on as Microsoft-branded products. As for Sysinternals, the site will remain for the time being while Microsoft determines the best way to integrate it into its own community efforts, and the tools will continue to be free to download. „
Bryce Cogswell und Marc Russinovich wechseln zu Microsoft. Die Auswirkung dieser Transaktion ist derzeit noch nicht ganz überschaubar. Ich persönlich gehe nicht davon aus, dass Microsoft zukünftg in seine Produkte einen Registry- bzw. Filemonitor oder einen besseren Taskmanager einbauen wird. 🙂 Für forensische Analysen wären bereits im verdächtigen System „eingebaute“ Werkzeuge sowieso als kritisch zu betrachten.
Weiterhin bleibt zu hoffen, daß der Inhalt der recht übersichtlichen Website von sysinternals.com nicht im großen „Webteich“ von www.microsoft.com verschwinden wird.
Aus Microsoft-Sicht auf jeden Fall eine gute Kaufentscheidung (Sony-BMG wird das bestimmt auch gut finden) 😉
Anbei ein letztes(?) Listing der Werkzeuge von sysinternals.com vom 10.07.2006:
AccesChk v2.0
This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services.
AccessEnum v1.32
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.
Autologon v2.1
Bypass password screen during logon.
Autoruns v8.53
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
LogonSessions v1.1
List active logon sessions
NewSID v4.10
Learn about the computer SID problem everybody has been talking about and get a free computer SID changer, NewSID, complete with full source code.
Process Explorer v10.2
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.
PsExec v1.71
Execute processes with limited-user rights.
PsLoggedOn v1.32
Show users logged on to a system
PsLogList v2.62
Dump event log records.
PsTools v2.34
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
RootkitRevealer v1.7
Scan your system for rootkit-based malware
SDelete v1.51
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program. Complete source code is included.
ShareEnum v1.6
Scan file shares on your network and view their security settings to close security holes.
Sigcheck v1.3
Dump file version information and verify that images on your system are digitally signed.
Tokenmon v1.01
Watch security-related activity, including logon, logoff, privilege usage, and impersonation with this monitoring tool. Full source code included.