These two elements, Services vs Processes and the group they represent are some of the most important things in your operating system and you will need to know how to manage them if you want a clean system, optimized for performance.
This is a special type of application that is available on Windows NT/2000/XP and runs in the “background”. Windows services usually do not have a user interface so they run in background and are loaded when Windows starts or they can be started manually when needed.
You can also see many of them RUNNING in the process list in task manager, under the credentials of a user-name like SYSTEM, LOCAL SERVICE or NETWORK SERVICE, although not all processes with the SYSTEM user-name are services. The remaining services run through svchost.exe as DLLs loaded into memory. You can see all services by going to start – control panel – administrative tools – services. There is a faster way, that is worth mentioning and that is going to Start – run and typing in the window: “services.msc” without the quotes, then press enter and you will have the same window with all services displayed as if you would navigate from administrative tools.
A process is any piece of software that is running on a computer. Even more, a process is an instance of a program that is being executed which contains the program code and its current activity. This program can run on multiple threads of execution that run instructions at the same time. For example, your anti-virus software runs in the background as a process, which was automatically started when the computer booted. Some processes start when your computer boots, others are started manually when needed.
Note: The main thing that may be different between a Service and a Process is that the Service always runs in background and it does not belong to a user. Services can also start/run processes and sometimes processes can start services, it’s better if you see them as they are. Both of them offer features to clients and by clients I mean applications. In other words, for example, if you log off from computer and you will let it in the CTRL+ALT+DEL screen, the screen before login, your processes will be closed, at least those who run on user – your username, while services will stay started, those of them who were started manually or, automatic, when computer started. As we know processes run on a username while services don’t need such credentials and they are started by operating system, sometimes by user if set to manually and not automatic .
You can easily export a list with all the processes your computer runs in order to figure out which ones are hosting services, by following the next steps:
1. Open a Command Prompt window (start – run – cmd – press enter from your keyboard).
2. Type the following command and press enter:
tasklist /m > tasklist.txt
3. Open your word processing program, load the tasklist.txt document and check for the information you need. You can also open tasklist.txt with your default word processing program (like notepad for example for .txt files in most cases), by double clicking on it.
NOTE: As a short tip about above command, you can point to where the file should be saved, for example, you could point for c:\tasklist.txt and you will find the file in your c drive with the name that follows after the backslash. Also, if you do not point a location and you use the command above and by this I mean “tasklist /m > tasklist.txt”, the file will be created at the same location where your command prompt window pointer is. On the example below the file would be created on the Z partition; for me this is a network file share but for you the location could be anything else.
While the word “program” refers to the executable code (the exe file, for example), a process is a program that is being executed. When you start a program in Windows, the executable will be loaded into RAM. Windows will then add the new process to its internal process list and make sure the process receives some CPU time as well as memory and other resources. A process can then request any amount of resources from Windows as long as there are resources left. Windows keeps track of which processes are using which resources. As soon as a process is closed or terminated, all resources used by that process will be returned to Windows and will then be handed out to other processes. Unlike memory and similar resources, CPU time cannot simply be requested but it’s instead shared equally between processes. A process can also return the CPU to Windows before the assigned time slice ends. This is actually what happens most of the time and it’s the reason why your CPU usage is not always at 100 %.
Whenever a process is terminated, all resources used by that process will be released and available to other processes. If you are running five processes on your system, each process might get only 20% of the total hardware resources, same for the rest of the resources, like RAM which is usually split equally. This example is, of course, greatly simplified and in reality some processes use many more resources than others. Still, because many users are running 30-40 processes or more, the amount of resources available to a game or a movie player can be considerably smaller than the total hardware resources. If you are having problems with processes because they are consuming a lot more than you would want, close some of them that wouldn’t affect the health of the system.
I know this is a pretty large explanation, but these two IT terms have always been opened for debate as they are also a bit vague. I just hope you understood the basic idea behind them and what they do, so you can be able to understand the following details about some known processes you will always see in your process list:
SVCHOST: Mostly known as Service Host or SvcHost is a system process which hosts many Windows services. Its location as a file, as an image is %SystemRoot%\System32\Svchost.exe or %SystemRoot%\SysWOW64\Svchost.exe (for 32-bit services running on 64-bit systems) and it’s executed in multiple instances, each instance hosting one or more services. This also uses the shared service processes method where a process can host multiple services in order to reduce resource consumption. Services that run in SVCHOST are actually dynamically linked libraries (DLLs). Because svchost.exe is used as a common system process and you will always see it in your process list, you can also expect for malware to use a process name of “svchost.exe” to disguise itself so, sometimes, those many svchost you see in your process list are not all real. That’s why it’s better to keep a decent level of security on your computer with anti-virus software and malware detection programs.
SYSTEM IDLE PROCESS: Contains kernel threads ready to be used when no other thread can be scheduled from a CPU. This is for those times when a thread wouldn’t be available and would trigger a special case when actually no thread would be ready for new processes. In this way a thread is always ready, so when the scheduler is called due to the current thread leaving the CPU, another one is there, a ready thread willing to run on that CPU, even if it is the CPU idle thread. Don’t worry if you see this process with 99% of your CPU, as it is showed most of the times, you can see that as free resources, as they are not used and they are ready for use.
IEXPLORE.EXE: The iexplore.exe file is referred to as the executable file of Microsoft Internet Explorer. The GUI ( graphical user interface ) of the iexplore.exe file is represented by graphical Internet pages opened by the user.
EXPLORER.EXE: This is the user shell that contains the environment of the user, it’s actually what we see, like: taskbar, desktop, and other user interface features. This process doesn’t matter so much for the operating system, at least not so much as you would think but can be restarted (stopped and started) from Task Manager, without any risk to the other applications you have opened, as long as the rest of the processes are not touched. For example, if at a given time you will face problems with your desktop, quick launch bar or taskbar, you could go to task manager, close this process and open a new one by using File – New (from the task manager) and typing in the given window the name of the process: EXPLORER.EXE. If you lack all windows after you’ve closed it, even the task manager, in order to open it again you will need to press CTRL+ALT+DEL and select task manager to open it and then use what I said before with File – New. You can even test it now, don’t be afraid, nothing will happen, just that you will have a clean window until you open it again. It will open a new process as your user shell that won’t be corrupted and will lack the bad things the previous one had, if any. Keep in mind some viruses and malware affect this process and you might have a bad copy of it and face some problems – when you feel something is wrong try to scan your computer. The location of this actual file is C:\Windows .