PDA

View Full Version : Security Task Manager vs Process Explorer

WilliamP
August 20th, 2007, 10:22 AM
In looking at some old posts I saw that STM was supposed to have caught a lot of key loggers. Can it catch more running processes than PE? If any one has tried both I would love to hear what you think.
Rasheed187
August 21st, 2007, 12:26 PM
I think STM gives a bit more info on running processes, and can identify malware by "signatures", thatīs about it, may be useful to some, but I donīt need it. And itīs quite slow if I recall correctly. But the SpyProtector tool that comes with the full does look a bit interesting, it claims to be able to stop message based keyloggers, but I wonīt be able to check it out, since they donīt offer it as a download. ::)
Kaupp
August 22nd, 2007, 01:15 AM
The most important difference between the two for me is that Process Explorer does not show what drivers are currently loaded in memory.

This is the main reason why STM is slower starting becuase it takes a bit longer to scan for running drivers.

regards

Kaupp
haraldo
August 22nd, 2007, 02:50 AM
IMHO the process explorer (http://www.microsoft.com/technet/sysinternals/Utilities/ProcessExplorer.mspx) is a great tool for software developer. PE shoes a lot of internal information for each processes like thread IDs, transfered bytes. Normally such data are useless for the average surfer and computer user.
Security Task Manager (http://www.neuber.com/taskmanager) ist a great tool for the average surfer and computer user. It lists hidden processes and can calculate a risk rating for each processes, driver, BHO and other active things on your computer.
WilliamP
August 22nd, 2007, 08:17 AM
Thank you all for the info.
aigle
August 22nd, 2007, 10:24 AM
{QUOTE-> I think STM gives a bit more info on running processes, and can identify malware by "signatures" <-QUOTE}
It has no signatures I think.
aigle
August 22nd, 2007, 10:27 AM
{QUOTE-> In looking at some old posts I saw that STM was supposed to have caught a lot of key loggers. Can it catch more running processes than PE? If any one has tried both I would love to hear what you think. <-QUOTE}
If u want to catch hidden processes, use pwalker. It,s also part of RootKitUnhooker.
I don,t feel that keylogger detection of STM is much important, for that u will be much better with a behav analyzer and I read that PRSC is good in catching keyloggers.
Rasheed187
August 27th, 2007, 10:44 AM
{QUOTE-> It has no signatures I think. <-QUOTE}
Yes correct, I thought it perhaps identified processes by database (see link), but looks like it rates them by looking at a couple of properties (is the window visible or not, able to record keystrokes etc.).

http://www.neuber.com/taskmanager/process/index.html