Generic Host Process
Posted on November 28, 2003 @ 17:40 in Software
When it comes to Microsoft Windows, I must confess to having a bit of a paranoid streak. The other day, when investigating some strange network traffic, I bumped into one of my Windows pet peeves again. Windows allows various libraries that are not really programs to run as programs through the "Generic Host Process," that is embodied in svchost.exe. I mean, if a piece of code is not a program, then it should not run as a program, and certainly it should not run as a program under alternate credentials. That's just asking for trouble.
If you check your taskmanager, you're bound to see one or more svchost.exe instances running. The strange network behavior I was investigating stopped when I killed one of those svchost.exe processes, but because each svchost.exe process can host several libraries, I still didn't know which library was causing the problem. But, I finally found a good explanation of svchost.exe in the MS knowledgebase, that describes how you can install a program contained on your Windows 2000 or XP cd-rom that allows you to inspect which libraries are running hidden behind the Generic Host Process.
I still don't really know what the strange network traffic was, because it had stopped after a couple of reboots and some poking around, before I found the above inspection tool. Meanwhile, I also stumbled upon BlackViper's great Notes for a Happier Computer and User (XP oriented, but much also applicable to Win2k). The XP Services 411 finally gave me the low-down on which services, besides some of the more obviously useless ones, I could safely disable altogether or set to manual. Even if you don't (want to) know much about how Windows works, it's probably a good idea to decide yourself which services (such as Automatic Update, Background Intelligent Transfer Service, and Remote Registry Service) you want to have running on your system.
Comments and Trackbacks
Links doesn't work anymore
Posted by dexter on December 17, 2003 @ 16:51
Guess that must be a problem on your side then, because I just checked all the links and they worked just fine.
Posted by Frank on December 17, 2003 @ 17:05
I found that coming into Verizon DSL on a router got me thrown off the web> I called their tech. support fools, who told me to turn off my router AND my firewall. I then found they were tracking what websites I was going to. Guess Verizon like to sell my personal info to ad brokers like Doubleclick - the skunks. My firewall(Sygate then warned me that Generic Host Process had been activated in Windows XP. I trapped this bugger with my Sygate and turned my router back on. Voila! I was once again allowed on Verizon. Testing my hypothesis, I then released Generic Host Process from it's trap in Sygate and BANG! Of the web I was tossed by Verizon until I turned my router back off. Aha! said I. Retrapped Gen. Host with Sygate and turned on my router again. Up yours Verizon! Go sell my router's generic IP number to Doubleclick! Just don't sell my name and address.
Dave
Posted by Dave Panther on December 20, 2003 @ 23:54
Post a comment
Comments and trackbacks have been closed on this site. My apologies.
Since MT-Blacklist inexplicably stopped working I had no other recourse than close comments and trackbacks to stop the spam. I've been meaning to correct this for quite a while, but life got in the way... in a good way I should add.