Process Monitoring: Looking at Threats or Low Priority?

A number of software and service offerings allow computer users to conduct process monitoring to find out what malicious or hidden programs may be running on their machines, but security experts said the lower-level, PC-specific scanning is too detailed to be useful to most enterprise IT departments.

UniBlue, a backup and recovery management software provider, claims its free site conducts as many as 300,000 searches on processes per day, totaling more than 40 million this year. Consumers and small office/home office (SOHO) users are visiting the site to find out about possible silent programs sucking bandwidth from systems and networks and putting computers at risk of being compromised or used illegally, the company said.

However, when it comes to larger enterprise users, services such as ProcessLibrary are not as relevant, according to Ken Dunham, iDefense director of malicious code intelligence. He told TechNewsWorld that that’s because the huge numbers of systems involved prohibits the detailed look at thousands and thousands or millions of processes occurring on corporate systems.

“I’m hopeful to see these kinds of products mature; there is a need for it,” Dunham said. “But it’s different from what’s important to [enterprise IT shops].”

Exposing the Invisible

Malta-based Uniblue said silent programs and processes are running in the background of the typical PC, including some malicious codes that harbor spyware, Trojans and other attacker tools that can also hog system resources.

The company indicated the use of its service is growing at a rate far beyond what it expected when it launched last September.

“People are wisening up and have a dire need for learning what is happening in their computers,” said a statement from Uniblue Chief Executive Officer Bosse Malmberg.

“They want to take more active control of their systems, and to do that, they need information about processes and the dynamic link libraries running invisibly in the background.”

Offshoot to Opportunity

Uniblue spokesperson Kevin Vella told TechNewsWorld that many ProcessLibrary visitors are home users, but added that there are also an increasing number of IT professionals in the business world using the site.

Vella said the site started as an offshoot to the company’s WinTasks software because Uniblue saw an opportunity to provide a supplemental source of security data on top of typical firewalls and anti-virus.

“Obviously, we try to push our products on the site, but the main objective is to develop a deeper understanding among our audience about how they should handle and protect their data,” Vella said.

Overlooked in Larger Picture

Vella also said the service was already being used by business users. Some of the processes listed with the service are found predominately in the business environment, he added.

However, Dunham reiterated that when IT or security departments are managing tens of thousands of machines, they are more focused on the network than on individual PCs, much less processes.

“You’re just looking at the big picture stuff,” he said. “Nobody’s surprised to have a few viruses in their systems. Process monitoring may be useful for a small office or a SOHO, but it’s definitely not a core of security today.”

Monitoring a Mess

While Dunham said process monitoring can be useful once a computer has been quarantined or isolated as a cause of disruption, he indicated it is seldom a priority for enterprise IT users and administrators, who have grown somewhat accustomed to malware running on their machines.

“It’s just about prioritization, frankly, and they’re just not going to dig too deep,” he said. “It may be even more difficult [if they do],” he added. “It gets to be a complete mess, and who’s got the time to get into that?”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels