Mark's Blog

Mark Russinovich's technical blog covering topics such as Windows troubleshooting, technologies and security.

The Case of the Missing AutoPlay

I’ve been presenting talks on Windows Vista kernel changes since TechEd US in the summer of 2006 and...

Author: Mark Russinovich Date: 12/31/2007

The Case of the Frozen Clock Gadget

Besides Aero Glass, one of the most visible features of Windows Vista is the Sidebar with its set of...

Author: Mark Russinovich Date: 10/15/2007

The Case of the Failed File Copy

The other day a friend of mine called me to tell me that he was having a problem copying pictures to...

Author: Mark Russinovich Date: 10/01/2007

Vista Multimedia Playback and Network Throughput

A few weeks ago a poster with the handle dloneranger reported in the 2CPU forums that he experienced...

Author: Mark Russinovich Date: 08/26/2007

The Case of the Failed File Compression

The other day Bryce tried to use Explorer’s Send To Compressed (zipped) Folder feature, seen below,...

Author: Mark Russinovich Date: 08/06/2007

The Case of the Unexpected PsList Error

Not long after I deployed Windows Vista on my main desktop system I noticed that a process became...

Author: Mark Russinovich Date: 07/05/2007

The Case of the Insecure Security Software

A little over a year ago I set out to determine exactly why, prior to Window Vista, the Power Users...

Author: Mark Russinovich Date: 06/15/2007

The Case of the Unknown Autostart

A few weeks ago I installed an update to a popular Internet Explorer media-player ActiveX control on...

Author: Mark Russinovich Date: 05/21/2007

WinHEC, TechEd and MSDRT

I love speaking at conferences. They provide great opportunities to share information, meet...

Author: Mark Russinovich Date: 05/10/2007

Botnets by Email

I make no effort to hide my email address, which means that I know the instant a new email-based...

Author: Mark Russinovich Date: 04/09/2007

PsExec, User Account Control and Security Boundaries

I introduced the -l switch to PsExec about a year and a half ago as an easy way to execute processes...

Author: Mark Russinovich Date: 02/12/2007

The Case of the Mysterious Code Signing Failures

I digitally sign code on a regular basis in the course of preparing Sysinternals executables for...

Author: Mark Russinovich Date: 12/11/2006

The Case of the Delayed Windows Vista File Open Dialogs

I was in Barcelona a couple of weeks ago speaking at Microsoft’s TechEd/ITForum conference, where I...

Author: Mark Russinovich Date: 11/27/2006

The Case of the Notepad that Wouldn't Run

Dave Solomon was on campus a couple of weeks ago presenting a Windows internals seminar to Microsoft...

Author: Mark Russinovich Date: 10/01/2006

The Case of the Process Startup Delays

I’ve been extremely busy here at Microsoft and so haven’t had time to blog until now,...

Author: Mark Russinovich Date: 08/31/2006

My Blog Has Moved

My blog has moved to its new home at Microsoft TechNet blogs where you'll find my current post, The...

Author: OttoHelweg2 Date: 08/31/2006

The First Week

First I want to thank the many people that have sent me warm wishes on my move to Microsoft directly...

Author: OttoHelweg2 Date: 07/31/2006

On My Way to Microsoft!

I’m very pleased to announce that Microsoft has acquired Winternals Software and Sysinternals....

Author: OttoHelweg2 Date: 07/18/2006

The Power in Power Users

Placing Windows user accounts in the Power Users security group is a common approach IT...

Author: OttoHelweg2 Date: 05/01/2006

Why Winternals Sued Best Buy

This post I’m taking a break from my standard technical postings to discuss a disturbing...

Author: OttoHelweg2 Date: 04/21/2006

The Case of the Mysterious Driver

The other day I used Process Explorer to examine the drivers loaded on a home system to see if I’d...

Author: OttoHelweg2 Date: 03/27/2006

Running as Limited User - the Easy Way

Malware has grown to epidemic proportions in the last few years. Despite applying layered security...

Author: OttoHelweg2 Date: 03/02/2006

Using Rootkits to Defeat Digital Rights Management

The Sony rootkit debacle highlighted the use of rootkits to prevent pirates and authors of CD...

Author: OttoHelweg2 Date: 02/06/2006

Inside the WMF Backdoor

Steve Gibson (of SpinRite fame) proposed a theory in his weekly Thursday-night podcast last week...

Author: OttoHelweg2 Date: 01/18/2006

Rootkits in Commercial Software

By now many of you have heard that Symantec released a security advisory last Tuesday that reported...

Author: OttoHelweg2 Date: 01/15/2006

The Antispyware Conspiracy

Since the release of the first antivirus products many people have believed in a conspiracy theory...

Author: OttoHelweg2 Date: 01/03/2006

Sony Settles

I’m proud to announce that a major step forward in the legal phase of Sony's rootkit: Scott...

Author: OttoHelweg2 Date: 12/30/2005

Circumventing Group Policy as a Limited User

Active Directory Group Policy settings are widely used to secure Windows systems because they can be...

Author: OttoHelweg2 Date: 12/12/2005

Premature Victory Declaration?

Two weeks ago I declared victory in what the media is now referring to as the “Sony rootkit...

Author: OttoHelweg2 Date: 11/30/2005

Victory!

I’m proud to announce a significant victory in the ongoing Sony Digital Rights Management...

Author: OttoHelweg2 Date: 11/16/2005

Sony: No More Rootkit - For Now

There have been several significant developments in the Sony DRM story since my last post. The first...

Author: OttoHelweg2 Date: 11/14/2005

Sony: You don’t reeeeaaaally want to uninstall, do you?

A few days after I posted my first blog entry on Sony’s rootkit, Sony and Rootkits: Digital Rights...

Author: OttoHelweg2 Date: 11/09/2005

Sony’s Rootkit: First 4 Internet Responds

First 4 Internet, the company that implements Sony’s Digital Rights Management (DRM) software that...

Author: OttoHelweg2 Date: 11/06/2005

More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home

My posting Monday on Sony’s use of a rootkit as part of their Digital Rights Management (DRM)...

Author: OttoHelweg2 Date: 11/04/2005

Sony, Rootkits and Digital Rights Management Gone Too Far

Last week when I was testing the latest version of RootkitRevealer (RKR) I ran a scan on one of my...

Author: OttoHelweg2 Date: 10/31/2005

The Bypass Traverse Checking (or is it the Change Notify?) Privilege

Privileges are special security powers that you assign to accounts in Local Policies->User Rights...

Author: OttoHelweg2 Date: 10/19/2005

Registry Junk: A Windows Fact of Life

Registry cleaners have always been popular, but I never paid much attention to them. I originally...

Author: OttoHelweg2 Date: 10/02/2005

Multi-platform Images

Single-image download and execution with no setup program has been a hallmark of almost all of the...

Author: OttoHelweg2 Date: 09/19/2005

The Case of the Intermittent (and Annoying) Explorer Hangs

I have several computers in my home network where each one has a general designated purpose. For...

Author: OttoHelweg2 Date: 08/28/2005

Unkillable Processes

Have you ever terminated an application only to see in your favorite task manager (Process Explorer,...

Author: OttoHelweg2 Date: 08/17/2005

Running Windows with No Services

A Windows service provides functionality to the operating system and user accounts regardless of...

Author: OttoHelweg2 Date: 07/24/2005

The Case of the Periodic System Hangs

A few months ago I began experiencing periodic system freezes of about a second where even my mouse...

Author: OttoHelweg2 Date: 07/17/2005

A couple of weeks ago I came across a site in my web wandering and had a popup. This, despite the...

Author: OttoHelweg2 Date: 06/22/2005

An Explosion of Audit Records

One of the topics I cover in the security module of the Windows internals seminar that I teach with...

Author: OttoHelweg2 Date: 06/15/2005

Buffer Overflows in Regmon Traces

Last time I talked about buffer overflow errors that you might see in Filemon traces. Now I’ll turn...

Author: OttoHelweg2 Date: 06/04/2005

Buffer Overflows

No, I’m not talking about the kind of buffer overflows that viruses can take advantage of to inject...

Author: OttoHelweg2 Date: 05/17/2005

Running Everyday on 64-bit Windows

Last week I got an HP xw9300 workstation equipped with two 2GHz Opteron processors, the same type of...

Author: OttoHelweg2 Date: 05/07/2005

Circumventing Group Policy Settings

Group policy settings are an integral part of any Windows-based IT environment. If you’re a network...

Author: OttoHelweg2 Date: 04/30/2005

The Case of the Mysterious Locked File

The other day I was intently editing code in Visual Studio and hit F7 to compile my latest batch of...

Author: OttoHelweg2 Date: 04/24/2005

.NET World Follow Up

My last blog entry on the memory bloat of managed (.NET) applications generated the controversy and...

Author: OttoHelweg2 Date: 04/21/2005

<Previous Next>