If there's one thing that puts me off an application, it's when it unnecessarily inserts itself into the Windows startup process so that it can have its very own system tray icon from whence it can spam me with annoying messages. Obviously it makes sense for some applications to run on startup (for example, I want Windows Live Messenger to be running without me needing to manually start it each time). The problem is that there are multiple places where an application can register itself for execution on startup, and this makes it hard to retain control over which programs are granted such esteemed status.
Of course, I wouldn't be writing this entry unless Windows Vista had a solution! From the start menu search bar, type System Configuration, and click on the link that comes up. You'll be required to provide privilege elevation unless you've disabled UAC, and then you'll see the following utility:
As you can see from the above screenshot, the Startup tab enumerates all the applications that are set to run as startup, regardless of whether they are set in the registry (either per-machine or per-user), the user profile, or simply the startup folder in the Programs entry of the start menu. You can disable any or all of them; they'll still be listed there so that you can switch them on again if you need to.
I should note in passing that this tool also allows you to do some other pretty useful things, like editing your boot configuration database (no need to master arcane bcdedit commands any longer) or accessing a variety of other system tools and utilities. It's the power user's configuration tool of choice - go check it out!
PingBack from http://larchoye.com/2006/10/04/10-windows-vista-secrets-and-more-tim-sneath-vista-blogs/
A useful, more extensive, version for checking autorun activity is at (freshly acquired) sysinternals
Funny that only third party software qualifies as "unnecessarily" inserting itself just to get a tray icon in your book, Tim. Imagine the nerve of those Apple and Adobe folks, wanting a system tray icon. Hmm, what are Office Communicator, Windows Messenger, and OneNote doing in that list there? Do they have tray icons? Hey, they do. How about that?
Oh, wait, I forgot, those programs are from *Microsoft*. Clearly a different set of rules must apply. And don't even bother with that lame excuse about those apps needing to run at startup. It might work for Messenger, maybe even for Communicator *and* Messenger, but it sure doesn't wash for OneNote.
This is one of my frequently used apps in Windows (Vista or XP actually) as it allow me to control which
Assuming you know which apps to kill... That's not always clear.
A better/easier way of doing this would be to load up Windows Defender (which comes with Vista) and looking in the 'Startup' section there.
It provides the same details in a much more user-friendly way and will not prompt you about 'configurations' when you remove some of the items
Yay, you found the hard way to access msconfig! Now that's a real secret!
Having to un-do what an install performed illustrates Windows' weak security. Tools like MSConfig and AutoRuns are just "duct-tape" on the problem. It's backwards-thinking to think that patching a problem with duct-tape is clever!
Windows needs a TIGHTLY enforced security model that stops such installs or pops-up a confirmation dialog at each "infraction" of the security model. Security checks should include things like:
- "A program is trying to install itself to auto-start"
- "A program is trying to install a DLL into %windir%"
- "...trying to add a shell extension"
- "...trying to add an Internet Explorer extension"
- "...trying to modify All Users (or User) profile"
- "...trying to add HKLM/Software/ABC company"
I want to know exactly what an install did! I don't want to have to trust the uninstall to remove it. I want a system log that documents EVERYTHING an install performed. I want security on EVERY possible action.
Security levels could be set in Policy to allow "normal" things like creating a "Program Files" sub-directory without a warning. Non-permitted actions could be denied.
Yes, I know this would cause a slew of warnings for each software install! Possibly, a program could come with a "permissions" file with everything it needed turned on. Then, us technical types could review the permissions if so inclined to deny certain actions. A UI-based utility could allow such editing and perhaps be able to apply "templates" to screen out certain items.
Within an organization, a SIGNED permissions file could be ditributed within the organization for specific software installs. Because it's signed, it would only work with a specific install---otherwise, security defaults to that set by policy.
Software installs shouldn't be allowed to run rampant just because they have Administrator priviledge! Certain actions should be protected by default and require explicit action or policy to occur.
Until then, we'll still be using MSConfig to chase down problems "after" they occur!
It doesn't show all but the most obvious apps.
shows a bigger picture.