Windows 7 : Managing Programs and Processes - Peeking at Resource Usage, Managing Processes with Task Manager

1. Peeking at Resource Usage

In addition to helping you deal with hung programs, Task Manager lets you see which processes in your system are using computer resources. These resources include the computer's memory and its Central Processing Unit (CPU). The CPU is where the program execution actually takes place, and the memory is where the application code and your data reside.

Exactly how fast your computer runs at any given moment depends on the resources available to it at that moment. For example, if you have half a dozen programs running, all doing intensive tasks, they are eating up CPU resources. If you start another program, that program may run slower than usual, because the other running programs are consuming CPU resources.

Likewise, everything you open stores something in RAM. If RAM is nearly full, and you start another program that needs more memory than what's currently left in RAM, Windows has to start sloughing some of what's currently in RAM off to the hard disk (called virtual memory) to make room. It takes time to do that, so everything slows down.

The status bar along the bottom of Task Manager's program window gives you a bird's-eye view of what is going on in your system, and how much of your available resources are being used by all of the running processes. Going from left to right along the status bar at the bottom of the Task Manager window you see these columns by default:

• Processes: Shows the total number of processes currently running on the system.

• CPU Usage: Shows what percentage of CPU capability is currently being used by the processes.

• Physical Memory: Shows the amount of physical memory in use.

Physical Memory versus Virtual Memory

The term physical memory refers to the actual amount of RAM, on computer chips, installed in your computer. When you right-click Computer and choose Properties, the number to the right of the words "Installed Memory (RAM)" indicates the amount of physical memory installed on the motherboard inside your computer.

When things are busy in RAM, Windows moves some lesser-used items out to a special section of the hard disk called a paging file. The paging file looks and acts like RAM (to the CPU), even though it's actually space on your hard disk. Although Windows can be configured to not use a paging file, Windows by default sets aside some hard disk space for this paging file.

2. Managing Processes with Task Manager

Whereas applications usually run in windows and are listed on the Applications tab in Task Manager, processes have no program window. We say that processes run in the background, because they don't show anything in particular on the screen.

Your running applications are actually one or more processes. You can see which process correlates with a given program by right-clicking that program's name on the Applications tab and choosing Go To Process. To see all currently running processes, click the Processes tab in Task Manager. Each process is referred to by its image name (in most cases, the name of the program's main executable file), as in the example shown in Figure 1.

The Processes tab shows its information in columns. You can size columns in the usual manner (by dragging the bar at the right side of the column heading). You can sort items by clicking any column heading. For example, you can click the Memory (Private Working Set) column to sort processes by the amount of memory each one takes up, in ascending order (smallest to largest) or descending order (largest to smallest). Seeing those in largest-to-smallest order lets you know which processes are using up the most memory.

Figure 1. Processes tab in Task Manager.

Here's what each column shows:

• Image Name: The name of the process. In most cases, this matches the name of the file in which the process is stored when not open.

• User Name: The user account in which the process is running. The System, Local, and Network Service built-in accounts are used by Windows to run a variety of core operating system processes.

• CPU: The percent of CPU resources that the process is currently using.

• Memory (Private Working Set): The amount of memory the process is currently using.

• Description: A description of the process.

Memory usage is probably the main cause of slow-running computers. The more stuff you cram into RAM, the more Windows has to use the paging file, and hence the slower everything goes. You can see which processes are hogging up the most RAM just by clicking the Memory (Private Working Set) column heading until the largest numbers are at the top of the list.

2.1. Hidden Processes

Normally, the Processes tab only shows processes running in the user account into which you're currently logged. Clicking Show Processes from All Users shows the true number of running processes (but requires administrative privileges).

Multiple users not logging out of their accounts is one of the most common reasons for computer sluggishness. If users are using Switch User to leave their accounts, you'll see why when you view processes for all users. There's just a lot of unnecessary stuff going on when people don't log out of their user accounts when they've finished using the computer.

Task Manager might not show old 16-bit processes. To show or hide those processes, choose Options => Show 16-bit Tasks from Task Manager's menu bar. That menu option is available only when you're viewing the Processes tab.

2.2. Common processes

You can end any running process by right-clicking its name and choosing End Process (or by clicking its name and clicking the End Process button). But doing so isn't a good idea unless you know exactly what service you're terminating. If a process represents a running program with unsaved work, ending the process will close the program without saving the work.

Some processes are required for normal operation of the computer. For example, dwm.exe (Windows Desktop Manager) and explorer.exe are important parts of Windows 7. So you definitely don't want to mess with those.

If you're unsure about a process, you can search for it by name on Google, Bing, or any other search engine. Just be sure to check out multiple sources, and read carefully. Virtually every resource you find will tell you that perfectly legitimate and necessary processes like dwm.exe and explorer.exe could be Trojan, spyware, or other malicious item. But could is not synonymous with is. So read carefully and don't assume the worst.

2.3. Choosing columns in processes

The four column names that appear in Task Manager by default don't tell the whole story. When you're viewing the Processes tab in Task Manager, you can choose View Select Columns to choose other columns to view. Each column shows some detail of the process, mostly related to resource consumption. A programmer might use this information to fine-tune a program she's writing. Beyond that, it's hard to think of anything terribly practical to be gained from this information. But here's a quick summary of what the other, optional columns show:

• Base Priority: The priority assigned to the process. When the CPU is busy, low-priority processes have to wait for normal and high-priority processes to be completed. To change a process's priority, right-click its name and choose Set Priority.

• Command Line: The command, with parameters, that was used to initiate the process.

• CPU Time: Total number of seconds of CPU time this process has used since starting. The number will be doubled for dual-processor systems, quadrupled for systems with four processors.

• CPU Usage: The amount of processor time, as a percent of the whole, this process has used since first started (the CPU column).

• Data Execution Prevention: Specifies whether DEP is enabled or disabled for the specified process. DEP is a set of hardware and software technologies that help prevent malicious code from running by marking some areas of memory as non-executable.

• Description: A description of the process.

• GDI Objects: The number of Graphics Device Interface objects used by this process, since starting, to display content on the screen.

• Handles: The number of objects to which the process currently has handles.

• I/O Other: Non-disk input/output calls made by the object since it started. Excludes file, network, and device operations.

• I/O Other Bytes: The number of bytes transferred to devices since the process started. Excludes file, network, and device operations.

• I/O Reads: The number of file, network, and device Read input/output operations since the process started.

• I/O Read Bytes: The number of bytes transferred by Read file, network, and device input/output operations.

• I/O Writes: The number of file, network, and device Write input/output operations since the process started.

• I/O Write Bytes: The number of bytes transferred by Write file, network, and device input/output operations.

• Image Path Name: The path to the executable specified in the Image Name column.

• Memory - Working Set: The amount of memory used by the process (also called the process's working set) since starting.

• Memory - Peak Working Set: The largest amount of physical memory used by the process since it started.

• Memory - Working Set Delta: The change in memory usage since the last Task Manager update.

• Memory - Private Working Set: Amount of memory allocated to the process's private data.

• Memory - Commit Size: The amount of virtual memory currently committed to the process.

• Memory - Paged Pool: The amount of system-allocated virtual memory that's been committed to the process by the operating system.

• Memory - Non-paged Pool: The amount of physical RAM used by the process since starting.

• Page Faults: The number of times the process has read data from virtual memory since starting.

• Page Fault Delta: The change in the number of page faults since the last Task Manager update.

• PID (Process Identifier): A number assigned to the process at startup. The operating system accesses all processes by their numbers, not their names.

• Session ID: The Terminal Session ID that owns the process. Always zero unless Terminal Services are in use on the network.

• Threads: The number of threads running in a process.

  A thread is a tiny sequence of instructions that the CPU must carry out to perform some task. Some programs divide tasks into separate threads that can be executed in parallel (simultaneously), to speed execution. This is called multi-threaded execution.

  
  

• User Account Control Virtualization: Specifies whether UAC is virtualized for the specified process. When enabled, data is written to a user area rather than to a system area.

• User Name: The user, user account, or service that started the process.

• User Objects: The number of objects from Window Manager used by the object, including program windows, cursors, icons, and other objects.