Power User: Command line tools rule when an OS is under attack

John McCormick

No power user worthy of the name should ignore the command line tools that still underlie Microsoft Windows' graphical interface.

Remember the recent Blaster worm? It made thousands of systems reboot so quickly'often in 60 seconds or less'that even users who knew how to download a patch couldn't do so before the next shutdown.

From the command line, you can often abort a shutdown with this command: shutdown -a. Get to the command line by clicking Start and Run and typing cmd.

I didn't encounter Blaster, so I'm not certain that shutdown -a would have worked in that instance, but I've seen reports that it did. In my experience it certainly has come in handy combating other malware.

You can also control a shutdown with shutdown.exe in combination with switches. Administrators of small networks, for example, can manage remote computers' shutdown schedules via the -m switch without needing a reboot of local computers.

For a look at the basic tools, try the help command: shutdown /?. There's even a graphical interface for shutdown -i that makes remote management a snap on small systems.

Simply closing the program that's running can disable some worms and viruses, but you can't always do so through the Windows Task Manager. Another command line tool, taskkill.exe, might work. Taskkill also lets you shut down processes running on remote systems.

Tasklist, a related tool, lists applications and processes on a local or remote computer.

Because the command line interface can be so useful for automating jobs, some utilities are still available for it.

Sureshot Software, a Swedish division of Bysoft Data AB, at www.sureshotsoftware.com, sells a $30 command line e-mailer that can batch-process messages or add e-mail capability to an application. The company's $15 E-mail Extractor will pull e-mail addresses from almost any file, including Microsoft Office documents.

A $40 tool, EmailSpider, downloadable from www.RebrandSoftware.com, extracts e-mail addresses from Web sites. This has obvious spammer uses, but it also can scan your sites for agency addresses that attract spam, and it can build departmental mailing lists. The first step in reducing spam is to keep legitimate addresses out of spammers' reach.

If you run Windows XP, you already have a task scheduler or two.schtasks.exe, the replacement for the older at.exe, lets administrators query, schedule, run and end tasks on local as well as remote systems.at.exe, combined with it.exe, lets Windows 2000 users schedule tasks from the command line. at.exe is included with XP for compatibility, but you really should use schtasks.exe instead.

One of the most useful jobs for these tools is to set up a regular routine for XP's command line disk defragmenter.

If you're a network administrator, you probably have much more powerful tools available. But there's a good reason why you should know how to use all the command line tools anyhow.

Consider the at /delete command. Someone who types that, whether accidentally or on purpose, will cancel all the tasks you've scheduled for remote systems.

The same goes for schtasks /Delete/F. That command not only kills a task but blocks a warning that the currently running task is being killed.

It doesn't take much of a hacker to find ways to use schtasks for mischief.

These and lots of other command line tools shouldn't be readily available to the curious. Consider removing them, perhaps remotely via schtasks.

A final word to power users: Someone else might sit down at your computer from time to time. Perhaps you should clean out some of the more potentially dangerous command line tools to protect yourself.

John McCormick is a free-lance writer and computer consultant. E-mail him at powerusr@yahoo.com.

inside gcn

  • Police (photo by Kenneth Graf/ShutterStock)

    The changing body-cam conversations

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group