Task manager 'User name' column empty


Recommended Posts

I've noticed in my task manger a few processes: "crss.exe, HControl.exe, ATI...exe, winlogon.exe" have blank values in the 'user name' column whereas everything else has my name.

If I click 'show processes from all users' the blanks are replaced with 'SYSTEM.'

Could someone explain why this is so?

Thanks :)

26763336.jpg

Link to comment
https://www.neowin.net/forum/topic/881954-task-manager-user-name-column-empty/
Share on other sites

  On 09/03/2010 at 09:38, Singh400 said:

It is because when you click "Show processes from all users", you re-launch taskmgr.exe with administrator privileges. Thus it has access to all parts of the system (ie crictial services) that allow you to see the username column fully.

On an unrelated rant, this is pretty important to understand. Task Manager is a regular program with no special privileges. When you run it, it runs as your user just as any other random program. If you click "show processes from all users", it runs just like any other program you've run as administrator.

This also means that any other programs running (malware included) is free to manipulate it in any way they want. The result of this is that you cannot trust Task Manager when it comes to things like finding malware. Anything that is running could simple remove itself from the list.

  On 09/03/2010 at 09:46, hdood said:

On an unrelated rant, this is pretty important to understand. Task Manager is a regular program with no special privileges. When you run it, it runs as your user just as any other random program. If you click "show processes from all users", it runs just like any other program you've run as administrator.

This also means that any other programs running (malware included) is free to manipulate it in any way they want. The result of this is that you cannot trust Task Manager when it comes to things like finding malware. Anything that is running could simple remove itself from the list.

Can malware also manipulate antivirus programs like NOD32 or are there preventative safeguards in place?

If I cannot trust task manager (which I have done) then what can I trust? NOD32 scans; Hjackthis, other antivirus scans?

  On 09/03/2010 at 10:45, MoodIndigo said:

Can malware also manipulate antivirus programs like NOD32 or are there preventative safeguards in place?

Yes, and this is commonly done by malware. Like you say, antivirus software is designed specifically with this in mind and do what they can to prevent it, meaning it becomes a sort of cat and mouse game. Task Manager on the other hand makes no effort.

  On 09/03/2010 at 10:45, MoodIndigo said:

If I cannot trust task manager (which I have done) then what can I trust? NOD32 scans; Hjackthis, other antivirus scans?

Well, generally speaking you cannot trust anything on the system at all. If the malware has administrative rights, then it can do absolutely anything it wants to any part of the system, including patching the kernel itself. From a security aspect, there is no way to restore a compromised system to a trusted state without reinstalling.

Realistically though, you usually can trust a command line tool like "tasklist/v" because most people don't even know it exists, and most malware isn't that sophisticated.

  On 09/03/2010 at 10:59, hdood said:

Yes, and this is commonly done by malware. Like you say, antivirus software is designed specifically with this in mind and do what they can to prevent it, meaning it becomes a sort of cat and mouse game. Task Manager on the other hand makes no effort.

Well, generally speaking you cannot trust anything on the system at all. If the malware has administrative rights, then it can do absolutely anything it wants to any part of the system, including patching the kernel itself. From a security aspect, there is no way to restore a compromised system to a trusted state without reinstalling.

Realistically though, you usually can trust a command line tool like "tasklist/v" because most people don't even know it exists, and most malware isn't that sophisticated.

actually you can trust the system that was compromised just you would need to be aware of what is going on so you can try to spot something wrong and go through everything to make sure all is right.

  On 11/03/2010 at 05:40, soldier1st said:

actually you can trust the system that was compromised just you would need to be aware of what is going on so you can try to spot something wrong and go through everything to make sure all is right.

This isn't practically possible.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Microsoft bans LibreOffice developer's account without warning, rejects appeal by David Uzondu Recently, we reported on LibreOffice, accusing Microsoft of intentionally using complex file formats as a tactic to lock in users to Microsoft Office, hindering open source alternatives like LibreOffice. Now, Microsoft has banned LibreOffice developer, Mike Kaganski, from using its services, citing an "activity that violates [its] Services Agreement". According to Mike, this happened last Monday when he tried to send a technical email to the LibreOffice dev mailing list, which is a normal part of his routine, but Thunderbird returned an error saying the message couldn't be sent. His account was blocked upon retry, and he found himself completely logged out of his Microsoft account. Kaganski guessed that his mail and account were getting flagged by a bot or something, since he was quite sure that nothing in the mail violated Microsoft's terms of service. So he decided to file an appeal, a process which later made him call Redmond "miserably incompetent in IT." The automated system asked for his phone number, which he provided, only to be greeted by a "Try another method" error message. The problem was that there was no other method offered. He then decided to reach out to Microsoft support directly. After some digging, he found a link to contact the team, and there it was, a button asking him to "Sign in to Contact support". Now, you might go, "Hold up, how is he supposed to sign in to contact support when his problem is that he can't sign in in the first place?" As Kaganski himself put it: He eventually got to use his wife's account to file an appeal and finally received a message from support. The instructions inside asked him to go to the sign-in page and, when told the account is blocked, provide a phone number. However, Microsoft ignored his detailed report of the failing process, marked his ticket as resolved without any real action, and simply closed it. He is yet to recover his account. As for the email he was trying to send, he was later able to use Gmail, and it went through with no problem. If you are interested, you can read the full email for yourself and see if it violates Microsoft's services agreement. Mike's not the only person who's had their account locked recently, with seemingly no way to recover it. On the 17th of last month, Reddit user u/deus03690 shared how Microsoft locked their account, which, among other things, contained 30 years of "irreplaceable photos and work" on OneDrive. Their appeal, like Mike's, has been fruitless so far. The user said Microsoft reached out 10 days later, asking them to fill out a recovery form and promising to help them "every step of the way," but they haven't heard from the company since.
    • It's like Microsoft hasn't learned anything from Internet Explorer fiascos. Or they weren't slapped hard enough financially for it...
    • Yes they're payroll taxes with some of it linked to share-based compensation for employees. So when the stock price was rising in q2 these charges also increased.
    • Stopped using paypal as much as I possibly can after the whole Honey mess. Their entire business model essentially is to be a trustworthy middleman and they lost all of it by deciding to do shady things without telling the users. Well done Paypal.
    • I need someone to explain to me what "passkey" is and what happens if my device crashes and is not recoverable.
  • Recent Achievements

    • Apprentice
      MikeK13 went up a rank
      Apprentice
    • Week One Done
      andeyhawk65 earned a badge
      Week One Done
    • First Post
      Jake2530 earned a badge
      First Post
    • Explorer
      Deranox went up a rank
      Explorer
    • Week One Done
      John Volks earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      686
    2. 2
      ATLien_0
      259
    3. 3
      Xenon
      178
    4. 4
      neufuse
      135
    5. 5
      +FloatingFatMan
      100
  • Tell a friend

    Love Neowin? Tell a friend!