I spotted an interview with Mark Russinovich over at TechNet Edge this week.
It's a bit long but well worth listening to.
- What surprises Mark has had since he joined Microsoft
- How much time he spends on Sysinternal tools and other things
- 02:53 - His interaction and stories with Bill Gates
- 06:16 - What the future of sysinteral / winternal tools looks like
- 08:21 - considerations for integration with Netmon 3
- 09:25 - Security monitoring (i.e. AD, WMI, other objects)
- 12:14 - A day where we don't have to go into so much depth to fix software/computer problems
- 17:06 - What the future of security holds
- 24:57 - Problems with behavioral based security mechanisms versus whitelisting / blacklisting
- 27:10 - With talks of things like Midori, do we need to scrap the entire Windows code base and start over?
- The limitations of Windows now and the future of Windows
- 34:03 - Should Microsoft make their own PC hardware?
The entire interview was very enlightening. Mark is such an brilliant guy, but retains a down-to-earth and engaging personality that I find myself continually drawn to his on-line presentations and trainings.
A buried tease in that post is that it looks like he (Sysinternals) plans to release a new version of the awesomely helpful Process Monitor utility. However, besides just the usual process, file, and registry monitoring, it will now fold in network activity monitoring as well. Sort of like what their TCPView and Microsoft Network Monitor (NetMon) brings to the troubleshooting mix.
While it won't be a packet-capture/sniffing in the regular sense, it might aid with logging what processes are communicating on the network. Certainly this should be a welcome addition to Process Monitor or any new derivatives.
So if you have the time to spare and are a Sysinternals, Mark Russinovich, or sysadmin fan, the interview is well worth the time to listen.