Mark Russinovich

Mark Russinovich
Russinovich at PDC10, October 2010
Born	c. 1966 (age 46–47) Salamanca, Spain
Occupation	Technical Fellow at Microsoft
Known for	cofounder of Winternals Software and Sysinternals.com
Website
sysinternals.com blogs.technet.com/b/markrussinovich/

Mark E. Russinovich (born c. 1966) is a Technical Fellow in the Platform and Services Division at Microsoft. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006.

Early life and education

Russinovich was born in Salamanca, Spain and was raised in Birmingham, Alabama, until he was 15, when he moved with his family to Pittsburgh, Pennsylvania. His father was a radiologist and his mother was a business administrator of his father's radiology practice in Pittsburgh. Russinovich is of Croatian ancestry.^[1]

He was introduced to computers when his friend's father got an Apple II in 1970s. He was able to reverse engineer its ROM and write programs for it. At age 15, he bought himself his first computer, a TI99/4A. About six months later his parents bought him an Apple II+ from his local high school when it upgraded the computer labs to Apple IIe's. He also wrote magazine articles about Apple II. ^[2]

In 1989, Russinovich earned his B.S. in computer engineering from Carnegie Mellon University. The following year he received an M.S. in computer engineering from Rensselaer Polytechnic Institute. He later returned to Carnegie Mellon, where he received a Ph.D. in computer engineering in 1994.^[3]

Career

From September 1994 through February 1996 he was a research associate with the University of Oregon's computer science department. From February through September 1996 he was a developer with NuMega Technologies, where he worked on performance monitoring software for Windows NT.^[4]

In 1996, he and Bryce Cogswell cofounded Winternals Software, where Russinovich served as Chief Software Architect, and the web site sysinternals.com, where Russinovich wrote and published dozens of popular Windows administration and diagnostic utilities including Autoruns, Filemon, Regmon, Process Explorer, TCPView, and RootkitRevealer among many others.

From September 1996 through September 1997 he worked as a consulting associate at OSR Open Systems Resources, Inc., a company based in Amherst, New Hampshire. From September 1997 through March 2000, he was research staff member at IBM's Thomas J. Watson Research Center, researching operating system support for Web server acceleration and serving as an operating systems expert.^[4]

Russinovich joined Microsoft in 2006, when it acquired Winternals Software.

In his role as an author, he is a regular contributor to TechNet Magazine and Windows IT Pro magazine (previously called Windows NT Magazine) on the subject of the Architecture of Windows 2000 and was co-author of Inside Windows 2000 (third edition). Russinovich is the author of many tools used by Windows NT and Windows 2000 kernel-mode programmers, and of the NTFS file system driver for DOS. He is a widely recognized^{[by whom?]} expert in Windows operating system internals as well as operating system security and design.

Works

In 1996, Russinovich discovered that altering two values in the Windows Registry of the Workstation edition of Windows NT 4 would change the installation so it was recognized as a Windows NT Server and allow the installation of Microsoft BackOffice products which were licensed only for the Server edition.^[5] The registry key values were guarded by a worker thread to detect tampering, and later a program called NT Tune was released to kill the monitor thread and change the values.

In 2005, Russinovich discovered the Sony rootkit in Sony DRM products. Its function was to prevent users from copying their media.^[4]

In January 2006, Russinovich discovered a rootkit in Norton SystemWorks by Symantec Corporation. Symantec directly removed the rootkit.^[6][7][8] He also analyzed the Windows Metafile vulnerability and concluded that it was not a deliberate backdoor.^[9] This possibility had been raised — albeit tentatively — by Steve Gibson after a cursory investigation of the nature of the exploit and its mechanism.^[10]

Russinovich's first novel Zero Day was published by Thomas Dunne Books on March 15, 2011.^[11] His second novel Trojan Horse was published by Thomas Dunne Books on September 4, 2012.^[12]

Bibliography

Books

• Solomon, David; Russinovich, Mark (September 16, 2000). Inside Microsoft Windows 2000 (Third ed.). Microsoft Press. ISBN 0-7356-1021-5. 
• Russinovich, Mark; Solomon, David (December 8, 2004). Microsoft Windows Internals (Fourth ed.). Microsoft Press. ISBN 0-7356-1917-4. 
• Russinovich, Mark; Solomon, David; Ionescu, Alex (June 17, 2009). Microsoft Windows Internals (Fifth ed.). Microsoft Press. ISBN 0-7356-2530-1. 
• Russinovich, Mark (March 15, 2011). Zero Day: A Novel. Thomas Dunne Books. ISBN 0-312-61246-X. 
• Russinovich, Mark; Margosis, Aaron (July 12, 2011). Windows Sysinternals Administrator's Reference. Microsoft Press. ISBN 0-7356-5672-X. 
• Russinovich, Mark (September 4, 2012). Trojan Horse (novel). Thomas Dunne Books. ISBN 9781250010483. 

Articles

• "Inside NT's Object Manager". Windows IT Pro. October 1997. 
• "Inside NT's Scheduler Part 1". Windows IT Pro. July 1997. 
• "Inside NT's Scheduler Part 2". Windows IT Pro. August 1997. 
• "NT vs.UNIX: Is One Substantially Better". Windows IT Pro. December 1998. 
• "Inside Encrypting File System, Part 1". Windows IT Pro. June 1999. 
• "Inside Encrypting File System, Part 2". Windows IT Pro. June 1999. 
• "Inside the Windows Vista Kernel: Part 1". TechNet Magazine. February 2007. 
• "Inside the Windows Vista Kernel: Part 2". TechNet Magazine. March 2007. 
• "Inside the Windows Vista Kernel: Part 3". TechNet Magazine. April 2007. 
• "Inside Windows Vista User Account Control". TechNet Magazine. June 2007. 
• "Inside Windows 7 User Account Control". TechNet Magazine. July 2009. 

Videos

• "Windows Vista Kernel Changes". Microsoft TechEd IT Forum 2006. November 2006. 
• "Advanced Malware Cleaning". Microsoft TechEd IT Forum 2006. November 2006. 
• "Advanced Windows Troubleshooting with Sysinternals Process Monitor". Microsoft TechEd IT Forum 2006. November 2006. 
• "Windows Vista User Account Control Internals". Microsoft TechEd IT Forum 2006. November 2006. 
• "Mysteries of Windows Memory Management Revealed, Part 1 of 2". MSDN Channel 9. October 2010. 
• "Mysteries of Windows Memory Management Revealed, Part 2 of 2". MSDN Channel 9. October 2010. 
• "All of Mark Russinovich sessions on Microsoft TechEd Online". Microsoft TechEd Online. 2010. 

References

1. Martinović, Ratko (October, 28 2012). "Loš PR u dijaspori - Koje su svjetski poznate osobe podrijetlom Hrvati, a da to niste ni znali" [Bad PR in the Diaspora - What are the world famous people of Croatian descent, and that you did not even know]. Dnevno.hr (in Croatian). Retrieved November 27, 2012. 
2. "Interview with Mark Russinovich by Microsoft Student Partners". YouTube. Google. Retrieved April 15, 2012. 
3. "Mark Russinovich". Making it Big in Software. Making it Big Careers Inc. Retrieved February 13, 2011. 
4. "Affidavit of Mark Russinovich in Support of Plaintiffs’ Motion for Final Approval of Class Action Settlement" (PDF). United States District Court Southern District of New York. SonySuit.com. April 2, 2005. 
5. Andrew Schulman (1996-09-16). "Differences Between NT Server and Workstation Are Minimal". O'Reilly and Associates. Retrieved 2005-11-16. 
6. Turner, Suzi (January 11, 2006). "Symantec confesses to using rootkit technology". ZDNet. CBS Interactive. Retrieved November 6, 2012. 
7. "Symantec Norton Protected Recycle Bin Exposure". Security Response. Symantec. January 10, 2006. Retrieved November 11, 2012. 
8. Russinovich, Mark (16 January 2006). "Rootkits in Commercial Software". Mark Russinovich’s Blog. Winternals. Retrieved 13 March 2013. 
9. Russinovich, Mark (19 January 2006). "Inside the WMF Backdoor". Mark Russinovich’s Blog. Winternals. Retrieved 13 March 2013. 
10. Steve Gibson (2006-01-12). "grc.news.feedback newsgroup". Gibson Research Corporation. Retrieved 2007-11-06.  "The only conclusion that can reasonably be drawn is that this was a deliberate backdoor put into all of Microsoft's recent editions of Windows."
11. "Zero Day: A Novel". Amazon.com. Retrieved November 11, 2012. 
12. "Trojan Horse: A Novel". Amazon.com. Retrieved November 11, 2012. 

External links

• Mark's TechNet blog
• Video interview with Mark in his office at Microsoft on TechNet Edge
• Mark's public event/session videos on Microsoft IT's Showtime! by TechNet
• Appearance on The Stack Exchange Podcast, Nov 11, 2011
• Original Article on Sony's rootkit
• Inside the WMF backdoor
• Windows Sysinternals Tools written by Mark Russinovich
• Official List of Microsoft Technical Fellows
• Interview with Scott Hanselman about Zero Day and Trojan Horse, 26 July 2012