Windows operating system is actually very complex. If you don’t run any software, it doesn’t mean that Windows is not working. If you don’t believe me, try running Process Monitor and you will see constant reading and writing of files and registry. About two years ago I written an article to find out what program is secretly accessing your hard drive using FileMon (which is now replaced with Process Monitor) and Anvir Task Manager.
Checking what process are constantly and actively accessing your hard drive and CPU usage is very important to detect suspicious activity or even a badly coded software. If a program is idle or not running, logically it should not be using much resources from your computer. If it does, you should take extra measures to learn more about the process. I have stumbled on a useful tool called What’s My Computer Doing? which shows all programs with details that are accessing your hard disk or using the CPU.
The program’s interface is very easy to understand. After installation, run the program and it will automatically start monitoring your system and display the process that has hard disk or CPU activity. There is a freeze button for you to freeze the program from refreshing so that you can check the process details. Clicking on the process in the list shows details such as program path, file date, installed date, started time, signature, known problems, file version and etc.
There are a couple of action buttons for you to check o the program properties, open the folder where the process is located in, close program (didn’t work for me), terminate process, uninstall program, scan with kaspersky online virus file scanner or virustotal. It doesn’t have a built-in uploader to send the program to kaspersky or virustotal and it merely opens the website and copy the path of the file to clipboard so you can paste it to the file upload box.
What’s My Computer Doing is very useful and easy to use however it is not perfect because after testing it I found that it can only tell you when a process is accessing the hard disk or CPU IF the process is visible in the task manager. There are methods that is able to hide the process from showing in task manager such as the rootkit. For example, a keylogger normally is very active in hard disk activity because it writes whatever the user types on the keyboard to a hidden log file. If the keylogger uses rootkit method to hide itself, then What’s my computer doing application cannot detect any activity from the rootkit keylogger. Nevertheless, this free application is still useful for detecting what programs are using actively using the hard disk and CPU resources.
What’s my computer doing is free, small (msi installer size is only 480KB) and works on Windows 7, Vista, 2003, XP, 2000 and NT.