Truth be told, I have been a Windows user since the days of Windows 95, which is roughly about 10 years ago. I had no interest in understanding what Windows is all about until I went to university. My classmates had been the influence in making a more technology-conscious me. I cared more about how to fully utilize my PC, setup routers, use anti spywares-virus-adware, bittorrent and much more.
I know that there are many Windows XP users out there who don’t really understand the processes running on their PCs. Some of the processes may be spywares, collecting every keystroke that you make, just so that ‘they’ can steal your money from your accounts. So it is very important to understand common processes in the task manager’s list. Let’s look at mine.
Press Ctrl-Shift-Escape. Click on the ‘Processes’ tab.
That’s how a typical list look like. By looking at some of the process’s name, you may guess out the application. That’s good. But how about these 8 system processes?
- System Idle Process
alg.exe is a core process for Microsoft Windows Internet Connection sharing and Internet connection firewall. Obviously it’s important to maintain the internet connection and should not be ended manually. Try it only if you want to see problems pertaining to the internet connection.
csrss.exe is the main executable for the Microsoft Client/Server Runtime Server Subsystem that manages most graphical commands in Windows. Note that csrss.exe is very dangerous as attackers use it to access local computers from remote locations, stealing personal information such as passwords, internet banking login details and other vital personal data. One way to differentiate between legitimate and fake is to check the directory that csrss.exe is running from. You are safe if it runs from :
lsass.exe is a system process of the Microsoft Windows security mechanisms that specifically deals with local security and login policies. It manages the IP security policy and starts the IP security driver. Sensitive data like private keys are protected by lsass.exe to prevent unauthorized services, processes or users. All security information of local user accounts are protected by lsass.exe.
services.exe manager the operation of starting and stopping all services on the machine. It is responsible for automatic starting of services during start-up and stopping of services during shut-down. This service enables the machine to recognize and adapt itself to hardware changes with little user input. This service is important in maintaining the stability of the system.
smss stands for Session Manager Sub System. It’s main job is to create environment variables, start up the kernel and user modes of the Win32 subsystem, create virtual memory paging files and winlogon.exe.
The spooler service is responsible for managing spooled print/fax jobs. spoolsv.exe is not critical to the running of the system but should be terminated if you see high CPU usage even when you are not printing anything. Sometimes, jobs are stuck waiting in Microsoft Image Viewer.
This process is Microsoft’s Service Host Process. What it does is handle processes executed from DLLs. This process is important to maintain the stability and security of running the PC. It should never be ended or removed prematurely. Essential applications count on it.
100 – (total CPU usage) = System Idle process
This process measures the amount of unused CPU capacity. It runs silently in the background and monitors Windows’s processing bandwidth, occupied memory and the Windows virtual paging file. This process CANNOT be terminated.
The best is to scan your PC to identify ALL processes that should and should not be running in your PC. ProcessLibrary has done a good job in coming out with their lightweight, easy-to-use, free process scanner. After scanning my system, it listed out clearly the task functions of each process in my PC. Good stuff.
Search and identify your system processes