Yi-Min Wang, Roussi Roussev, Chad Verbowski, Aaron Johnson, and David Ladd
As computer programs grow more complex, extensible, and connected, it becomes increasingly difficult for users to understand what has changed on their machines and what impact those changes have. In this paper, we describe a tool, called AskStrider, that answers those questions by correlating volatile process information with persistent-state context information and change history. AskStrider automatically scans a system for active components, matches them against a change log to identify recently updated and hence more interesting state, and searches for context information to help users understand the changes. We use several real-world cases to demonstrate the effectiveness of using AskStrider to quickly identify the presence of unwanted software, to determine if a software patch is potentially breaking an application, and to detect lingering components left over from an unclean uninstallation.