Customer Reviews

Winternals Defragmentation, Recovery, and Administration Field Guide

5 star:		(1)
4 star:		(1)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

I starting looking at Winternals shortly after Microsoft acquired the Winternals company. I almost didn't read the book, because I do not use the commercial Winternals tools. When I saw the book covered tools available from Sysinternals, I decided to concentrate on information relevant to me. I'm glad I did -- Winternals is a remarkably helpful book.

The most surprising aspect of Winternals is the focus on malware detection and removal. I expected the book to basically explain the tools and their options. I did not imagine the authors would provide multiple examples of fighting malware with Sysinternals utilities. Some of the discussion of kernel-mode rootkit removal is a little naive and outdated, given recent advances in the field. However, I really liked seeing more-or-less real-world examples of proper tool usage.

My concerns with Winternals are the same ones I usually express when I read a book by multiple authors: internal redundancy. Ten authors and one technical editor wrote Winternals. As a result, the Windows registry is "introduced" several times in the book. The same goes for popular tools like FileMon, RegMon, and PsList. Removing these redundancies is the job of the lead author or editor. Since Winternals seems to feature neither party, the book is internally redundant.

In some cases I felt introductory material wasn't necessary. For example, I didn't need ot read about DNS and Whois in Ch 8. I imagine most people reading Winternals already know how those protocols work.

Minor problems include appearances of odd text formatting and some screenshots being too small to really decipher. I didn't see many obvious typos, although the mention of "Syng set" on p 334 should say "SYN sent."

Despite these issues, I liked reading Winternals. Windows-centric security analysts, incident responders, and desktop engineers who are beginning to use Sysinternals and Winternals tools will find this book invaluable.

Are you a systems administrator? If you are, then this book is for you. Authors Dave Kleiman, Laura Hunter, Mahesh Satyanarayana, Kimon Andreou, Nancy G Altholz, Lawrence Abrams, Darren Windham, Tony Bradley and Brian Barber, have done an outstanding job of writing a book about the Winternals and Sysinternal tools in real-world situations that administrators can and will face on a daily basis.

Kleiman, Hunter, Satyanarayana, Andreou, Altholz, Abrams, Windham, Bradley and Barber, begin by showing you how to use Process Explorer and Autoruns to spot and eliminate malware autostarts, services, drivers, and processes. Then, the authors describe in detail, the tools developed by Sysinternals to illustrate this sort of advanced information and explain how to use them. Next, they show you how to use Sysinternals tools to monitor active sessions on a computer and how to discover which processes are accessing which resources. They also show you a better way to manage disk and file fragmentation on your volumes. The authors then continue by examining the data recovery tools made available to you by the Winternals team. Then, they show you how to make sense of the infamous Blue Screen of Death. Next, the authors show you how to monitor active socket connections. They also examine a few tools provided by the Winternals group that any software developer would find useful. The authors continue by discussing the available source code. Then, they cover topics ranging from advanced system optimization, to options available in a multiboot system with various versions of Windows, to data recovery for NT. Finally, the authors show you how to use screensaver with a perverted twist to it.

This most excellent book will show you how to bring dead systems back to life through the use of Winternals. Perhaps more importantly, Winternals software is capable of doing much more than that!