Russinovich finds his place at Microsoft

The Windows developer, now a Microsoft fellow, is busy integrating Winternals and Sysinternals tools in Windows and, as always, looking ahead for new ideas.

It's been more than a year since Microsoft acquired Windows systems toolmaker, Winternals, and its popular sister site, Sysinternals, which hosts free versions of some of those tools.

Mark Russinovich is one of the sites' two founders, along with Bryce Cogswell. Russinovich has continued his work developing tools for Windows, only now he does it from within the system as a Microsoft technical fellow. He recently chatted with about the status of upcoming freebies and revealed some of his thinking about previous development choices. At TechEd, Otto Helweg mentioned that IT administrators can expect some new tools coming from Sysinternals that are geared toward networking and maybe even some other disciplines. Will these tools become available this year or are they planned for 2008?

Mark Russinovich: There are two major tools Bryce and I are finalizing for release. One is Insight for Active Directory, a tool for monitoring client-side LDAP traffic.
Other Winternals and third-party tools stories
Microsoft adds new features to its free monitoring tool

Run third-party malware detection tools in Windows
It has an interface that's very similar to that of Process Monitor. You can use it to easily spot Active Directory misconfiguration and permissions issues that cause an Active Directory-enabled application, such as Exchange, to fail. We actually sold the utility in the Winternals Administrator's Pak prior to Microsoft acquiring us, but we'll release it for free on Sysinternals.

The second utility we have almost ready is Tcpmon. It's a monitoring tool that's also similar to Process Monitor, but it reports TCP and UDP activity. It's based on Event Tracing for Windows [ETW] events and complements the snapshot-based TCP/UDP view that Tcpview gives you in much the same way Process Monitor complements Process Explorer. Both of these should be available in the next month or two.

The Resource Kits used to be the way Microsoft delivered tools similar to those on Sysinternals. The Kits have been discontinued, so we're also working on making Sysinternals the release vehicle for Resource Kit tools. We'll take the [tools] with the highest quality and greatest usefulness and start to release them through the site.

How does has your development process changed since you've become part of Microsoft?

Russinovich: As far as the tools go, it hasn't changed much. Everyone, including me and Bryce, wanted to preserve the Sysinternals model, and I'm really pleased to say that Microsoft has done the right thing and supported the site and our continued work on the tools.

In your new job, are you involved in the process of improving Microsoft's own non-Sysinternals tools? Have you instituted any changes in tools development at Microsoft that might result in changes beneficial to IT down the road?

Russinovich: The next version of Windows is under development, and we've been working with the reliability and diagnostics team to get many Process Explorer and Process Monitor features into the operating system. The built-in tools won't provide all the same functionality because the Sysinternals tools have features that appeal only to super-advanced users. But we're making sure that the core features that people like are available on Windows out of the box.

Was there ever talk of formally replacing the Task Manager with Process Explorer in Windows?

Russinovich: It was discussed at length but, like I said, in the end we decided that the right thing is to migrate the key features into Task Manager rather than bring in the tool wholesale. Process Explorer will continue to evolve and be the utility for hard-core troubleshooting.

Since the acquisition, what are some of the specific changes in the way the tools are distributed or organized?

Russinovich: There are really none to speak of, other than the fact that they are now available in a single .zip file. We had lots of requests for that over the years, but always resisted because we wanted people to explore the site's individual pages in order to track the most popular tools and get people to explore the site. Now that the site is part of Microsoft, we've decided that the convenience of the visitors outweighs the need for tracking.

Can you please explain the licensing agreement for the tools?

Russinovich: Prior to the acquisition, you couldn't download a tool and host it on your intranet or push it out to the systems on your network without paying a license fee. We made enough income from licenses to pay for the site's operating costs and help justify the time we spent on the site.

At the time of the acquisition, Microsoft decided that it was in the best interest of the customer to allow internal redistribution and so the [licensing policy] changed to accommodate that, something that demonstrated Microsoft's commitment to the site. And that was well received by the community. There's a licensing FAQ on the site that answers people's most common questions.

When you come up with ideas for new tools, are they things that people ask you for explicitly ('Why isn't there a tool for…?')? Or are they things that you say to yourself you need ('Hey, there should really be a tool for…')?

Russinovich: Very few tools have been suggested to us. Most come about because I recognize a need in my own day-to-day use of Windows, or I see an opportunity to fill a gap. However, the community has played a key role in defining features. It's really common for someone to write to us and say, 'I love tool X, but it would be even better if it could do Y.'

I weigh the effort of adding the feature against the number of other users I think would find it useful and add it to a prioritized list of things I'll add to the tool the next time I revisit it. If it's something really easy, and the feature makes sense, I'll add it on the spot and send the user an update to test.

What tool would you like to see that doesn't exist yet?

Russinovich: Although Tcpmon will offer network tracing, Tcpmon is built on the old Filemon/Regmon-style user interface and, of course, won't show file system or registry activity.

Network tracing is something that should be included in Process Monitor. It's on our list of work items.
--Mark Russinovich,
Network tracing is something that should be included in Process Monitor. It's on our list of work items, but it's a pretty hefty feature and I don't know when we'll have time to get it added.

I'd love to see a tool that tells you exactly what causes the short hangs and delays you sometimes see in Windows or in applications. The debugger can sometimes help, as I've shown in various blog posts, and Microsoft has internal tools that come close to being able to always answer those questions, but it takes a lot of detective work.

As a developer, whenever I see something that a tool might help [address], I immediately consider how it could be written -- and if it's even feasible. Many times, the answer is no, but when I think it can be done I write it down on a list I keep. That list is prioritized according to how hard it would be to develop and how useful people would find it. I'm always asking the question, could a tool help here?

Dig Deeper on Enterprise Infrastructure Management



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: