Task manager 'User name' column empty


Recommended Posts

I've noticed in my task manger a few processes: "crss.exe, HControl.exe, ATI...exe, winlogon.exe" have blank values in the 'user name' column whereas everything else has my name.

If I click 'show processes from all users' the blanks are replaced with 'SYSTEM.'

Could someone explain why this is so?

Thanks :)

26763336.jpg

Link to comment
https://www.neowin.net/forum/topic/881954-task-manager-user-name-column-empty/
Share on other sites

  On 09/03/2010 at 09:38, Singh400 said:

It is because when you click "Show processes from all users", you re-launch taskmgr.exe with administrator privileges. Thus it has access to all parts of the system (ie crictial services) that allow you to see the username column fully.

On an unrelated rant, this is pretty important to understand. Task Manager is a regular program with no special privileges. When you run it, it runs as your user just as any other random program. If you click "show processes from all users", it runs just like any other program you've run as administrator.

This also means that any other programs running (malware included) is free to manipulate it in any way they want. The result of this is that you cannot trust Task Manager when it comes to things like finding malware. Anything that is running could simple remove itself from the list.

  On 09/03/2010 at 09:46, hdood said:

On an unrelated rant, this is pretty important to understand. Task Manager is a regular program with no special privileges. When you run it, it runs as your user just as any other random program. If you click "show processes from all users", it runs just like any other program you've run as administrator.

This also means that any other programs running (malware included) is free to manipulate it in any way they want. The result of this is that you cannot trust Task Manager when it comes to things like finding malware. Anything that is running could simple remove itself from the list.

Can malware also manipulate antivirus programs like NOD32 or are there preventative safeguards in place?

If I cannot trust task manager (which I have done) then what can I trust? NOD32 scans; Hjackthis, other antivirus scans?

  On 09/03/2010 at 10:45, MoodIndigo said:

Can malware also manipulate antivirus programs like NOD32 or are there preventative safeguards in place?

Yes, and this is commonly done by malware. Like you say, antivirus software is designed specifically with this in mind and do what they can to prevent it, meaning it becomes a sort of cat and mouse game. Task Manager on the other hand makes no effort.

  On 09/03/2010 at 10:45, MoodIndigo said:

If I cannot trust task manager (which I have done) then what can I trust? NOD32 scans; Hjackthis, other antivirus scans?

Well, generally speaking you cannot trust anything on the system at all. If the malware has administrative rights, then it can do absolutely anything it wants to any part of the system, including patching the kernel itself. From a security aspect, there is no way to restore a compromised system to a trusted state without reinstalling.

Realistically though, you usually can trust a command line tool like "tasklist/v" because most people don't even know it exists, and most malware isn't that sophisticated.

  On 09/03/2010 at 10:59, hdood said:

Yes, and this is commonly done by malware. Like you say, antivirus software is designed specifically with this in mind and do what they can to prevent it, meaning it becomes a sort of cat and mouse game. Task Manager on the other hand makes no effort.

Well, generally speaking you cannot trust anything on the system at all. If the malware has administrative rights, then it can do absolutely anything it wants to any part of the system, including patching the kernel itself. From a security aspect, there is no way to restore a compromised system to a trusted state without reinstalling.

Realistically though, you usually can trust a command line tool like "tasklist/v" because most people don't even know it exists, and most malware isn't that sophisticated.

actually you can trust the system that was compromised just you would need to be aware of what is going on so you can try to spot something wrong and go through everything to make sure all is right.

  On 11/03/2010 at 05:40, soldier1st said:

actually you can trust the system that was compromised just you would need to be aware of what is going on so you can try to spot something wrong and go through everything to make sure all is right.

This isn't practically possible.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • HUGE DOWNGRADE for "only" $15! What a sweet offer blackmail
    • NWinfo 1.3.0 by Razvan Serea NWinfo is a lightweight tool designed to give a quick look at your computer's key details, from hardware to software specs, without any fuss. You don't need to install it; just download, run, and see everything you need on one screen. It displays essential info about your CPU, memory, disk drives, network, and even the system's operating details. Since it’s portable, you can carry NWinfo on a USB stick and use it on any Windows machine, making it a handy tool for both tech enthusiasts and troubleshooting. NWinfo key features: Lightweight and portable—no installation required Simple, user-friendly interface for easy navigation Displays detailed CPU information, including model and speed Shows memory (RAM) specifications and usage Provides disk information, including storage capacity and usage Lists network adapters and IP addresses Displays motherboard details, including model and manufacturer Shows system uptime and operating system version Detects graphics card information and driver details Includes battery status for laptops Provides monitor specifications, including resolution and refresh rate Displays BIOS version and other firmware details Offers a summary of active processes and services Generates detailed logs for sharing or troubleshooting Open-source and free, allowing for customization and community support NWinfo 1.3.0 changelog: Update libcpuid. Display CPU technology. RyzenAdj is no longer included. Fix use-after-free bugs in nwinfo. Note: NWinfo might trigger a few antivirus alerts or show up with warnings on VirusTotal due to its low download frequency. If you have any concerns, you're welcome to review the full source code available on the developer’s repository. Download: NWinfo 1.3.0 | 2.2 MB (Open Source) View: NWinfo Website | NWinfo@GitHub | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • They ban knives too. They like to ban stuff.
    • LibreOffice 25.2.4 by Razvan Serea LibreOffice is the free power-packed Open Source personal productivity suite for Windows, Macintosh and Linux, that gives you six feature-rich applications for all your document production and data processing needs: Writer, Calc, Impress, Draw, Math and Base. Support and documentation is free from our large, dedicated community of users, contributors and developers. You, too, can also get involved! Choosing Between LibreOffice Still and LibreOffice Fresh: LibreOffice Still is a good choice if you value stability, a longer support cycle, and a more conservative approach to software updates. It's suitable for businesses and organizations where reliability and compatibility are crucial. LibreOffice Fresh is ideal if you're an enthusiast or an early adopter who wants to stay on the cutting edge of LibreOffice development and is willing to accept more frequent updates and occasional minor issues. Features: Writer is the word processor inside LibreOffice. Use it for everything, from dashing off a quick letter to producing an entire book with tables of contents, embedded illustrations, bibliographies and diagrams. The while-you-type auto-completion, auto-formatting and automatic spelling checking make difficult tasks easy (but are easy to disable if you prefer). Writer is powerful enough to tackle desktop publishing tasks such as creating multi-column newsletters and brochures. The only limit is your imagination. Calc tames your numbers and helps with difficult decisions when you're weighing the alternatives. Analyze your data with Calc and then use it to present your final output. Charts and analysis tools help bring transparency to your conclusions. A fully-integrated help system makes easier work of entering complex formulas. Add data from external databases such as SQL or Oracle, then sort and filter them to produce statistical analyses. Use the graphing functions to display large number of 2D and 3D graphics from 13 categories, including line, area, bar, pie, X-Y, and net - with the dozens of variations available, you're sure to find one that suits your project. Impress is the fastest and easiest way to create effective multimedia presentations. Stunning animation and sensational special effects help you convince your audience. Create presentations that look even more professional than the standard presentations you commonly see at work. Get your collegues' and bosses' attention by creating something a little bit different. Draw lets you build diagrams and sketches from scratch. A picture is worth a thousand words, so why not try something simple with box and line diagrams? Or else go further and easily build dynamic 3D illustrations and special effects. It's as simple or as powerful as you want it to be. Base is the database front-end of the LibreOffice suite. With Base, you can seamlessly integrate into your existing database structures. Based on imported and linked tables and queries from MySQL, PostgreSQL or Microsoft Access and many other data sources, you can build powerful databases containing forms, reports, views and queries. Full integration is possible with the in-built HSQL database. Math is a simple equation editor that lets you lay-out and display your mathematical, chemical, electrical or scientific equations quickly in standard written notation. Even the most-complex calculations can be understandable when displayed correctly. E=mc2. LibreOffice also comes configured with a PDF file creator, meaning you can distribute documents that you're sure can be opened and read by users of almost any computing device or operating system. LibreOffice also comes configured with a PDF file creator, meaning you can distribute documents that you're sure can be opened and read by users of almost any computing device or operating system. Download: LibreOffice 64-bit | LibreOffice 32-bit ~300.0 MB (Open Source) View: LibreOffice Website | Screenshot | Release Notes Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • Week One Done
      abortretryfail earned a badge
      Week One Done
    • First Post
      Mr bot earned a badge
      First Post
    • First Post
      Bkl211 earned a badge
      First Post
    • One Year In
      Mido gaber earned a badge
      One Year In
    • One Year In
      Vladimir Migunov earned a badge
      One Year In
  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      snowy owl
      254
    3. 3
      +FloatingFatMan
      251
    4. 4
      ATLien_0
      228
    5. 5
      +Edouard
      192
  • Tell a friend

    Love Neowin? Tell a friend!