Security

Prio: Task Manager on security steroids

I normally don't review products, but Prio by O&K Software is a special case. I consider it to be an extremely useful security tool and I'd like to show you why.

Being a generalist by nature, I tend to know a little something about many things. That can complicate matters when trying to troubleshoot intricate IT-related problems. Fortunately, I manage to find (thank you search engines) solutions most of the time.

Knowing that, I'll advantage any insight, advice, article, or application that will help me figure out what's happening or not happening with a computer. I've recently found one such application that does just that and I'd like to share it with you.

A simple add-on really helps

The application I'm referring to is called Prio and was developed by O&K Software. Prio acts as an add-on to the existing Windows Task Manager, installing two new tabs and several enhancements. The following slide shows the additional tabs titled Services and TCP/IP:

The developers of Prio consider it to be a Process Priority Saver, which means the program saves changes that differ from the default priority settings used by Microsoft. This isn't a subject normally talked about, so to avoid confusion, let's review what process priority means.

Process priority

I'm always amazed at the number of processes that are concurrently running on a computer. How does the computer's Central Processing Unit (CPU) and Random Access Memory (RAM) determine which process to work on at any given time? Microsoft has a very sophisticated method of determining process priority as explained by this Microsoft Developer Network blog. Basically, the CPU consults the process priority database to determine which application gets what preference.

Why change priority

Microsoft's process of setting priority no matter how advanced is still just an educated guess. That becomes obvious when certain time-sensitive applications like streaming video or VoIP aren't given the proper priority and they perform badly. Thankfully, that's easy to fix; all that's required is to change the priority setting of the application.

How to change priority

Task Manager is capable of changing the run priority of processes, but the change is temporary. If the computer is rebooted the priority changes back to the default setting. One possible workaround is to change the process priority in the registry. That works, but mucking around in the registry is something I try to avoid.

Here's where Prio comes into play, it allows the operating system to remember priority settings, even after a system reboot. Prio does this by adding the "Save Priority" feature to the Task Manager as shown in the following slide:

Be careful

I'd be remiss if I didn't mention that altering priorities shouldn't be taken lightly. Microsoft agrees and submits the following warning to emphasize their concern before saving the change:

After all that, it may sound odd when I mention that I still use Prio even if I don't alter any priority settings. That's because of the enhancements I referred to earlier. I find them particularly useful when dealing with the possibility of installed malware.

What enhancements

Viewing all the processes in Task Manager can be humbling. I certainly don't know what process each cryptic name represents. So determining if one of them is a malicious process, results in a time-consuming search of the Web for information. Prio helps out in this regard, by providing detailed information about each process similar to what is shown in the following slide:

If you hover the pointer over a process, a window pops up containing the name of running process, manufacturer, version, full path to the executable file, and finally which services are related to the process. I especially appreciate this feature when trying to figure out what service each of the generically-labeled svchost.exe processes are associated with.

Some may argue that this feature doesn't directly increase security and they would be right. Still, I'd suggest that it allows me to quickly ascertain what the process is and whether it's supposed to be there or not and that definitely has to do with computer security.

Digital signatures prevent spoofing

I mentioned earlier that one method of troubleshooting malware problems is to check for suspicious processes. Malware coders also know that, so they tend to disguise malicious processes by giving them familiar names like svchost.exe.

To combat spoofing, most legitimate applications have digital signatures appended to the electronic files. Which is great, but the existing Task Manager isn't able to leverage that information. Which brings me to another feature of Prio, its ability to show whether a process is digitally signed or not.

This feature isn't on by default in Prio. So to enable it, go to the Prio button in the Task Manager's Menu and enable "Check Integrity" as shown below:

After which, processes with digital signatures will be colored green and those without a signature will be highlighted in red:

This capability really helps by immediately focusing attention on the unsigned processes, which typically would be the ones needing further scrutiny.

Verification

One thing that I do immediately after setting up a computer is to install Prio and set Integrity Check. That way, I can baseline what processes Windows has activated. On a side note, as far as I can tell all Windows applications have digital signatures.

Next I open each installed non-Windows application, checking to see if it has a digital signature or not. If the application doesn't have a digital signature and I know it's a legitimate process, Prio allows me to validate the process as shown below:

All that's required is to right click on the un-signed process and check "Treat as Valid". It may sound like a lot of work, but doing so has a significant advantage. If for whatever reason a process that has undergone the conversion is altered, Prio will immediately change the color back from green to red, alerting you to the possibility of suspicious activity.

Final thoughts

Prio is one of those gems that initially doesn't seem like much, but its value unfolds through use. I'm a big proponent of Task Manager to begin with, so any additional capabilities just make it better.

I'm curious to learn if anyone else uses Prio, I ask as it's relatively unknown. Also if there are other similar applications, I'd love to hear about those as well.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks

Free Newsletters, In your Inbox