Mark Eugene Russinovich (born December 22, 1966) is a Spanish-born American

software engineer Software engineering is a systematic engineering approach to software development. A software engineer is a person who applies the principles of software engineering to design, develop, maintain, test, and evaluate computer software. The term ''p ...

and author who serves as CTO of

Microsoft Azure Microsoft Azure, often referred to as Azure ( , ), is a cloud computing platform operated by Microsoft for application management via around the world-distributed data centers. Microsoft Azure has multiple capabilities such as software as a ...

. He was a cofounder of software producers

Winternals Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website (formerly known as ntinternals) was created in 19 ...

before it was acquired by Microsoft in 2006.

Early life and education

Russinovich was born in

Salamanca, Spain Salamanca () is a city in western Spain and is the capital of the Province of Salamanca in the autonomous community of Castile and León. The city lies on several rolling hills by the Tormes River. Its Old City was declared a UNESCO World Heritag ...

and was raised in

Birmingham, Alabama Birmingham ( ) is a city in the north central region of the U.S. state of Alabama. Birmingham is the seat of Jefferson County, Alabama's most populous county. As of the 2021 census estimates, Birmingham had a population of 197,575, down 1% fr ...

, United States, until he was 15, when he moved with his family to

Pittsburgh, Pennsylvania Pittsburgh ( ) is a city in the Commonwealth (U.S. state), Commonwealth of Pennsylvania, United States, and the county seat of Allegheny County, Pennsylvania, Allegheny County. It is the most populous city in both Allegheny County and Wester ...

. His father was a

radiologist Radiology ( ) is the medical discipline that uses medical imaging to diagnose diseases and guide their treatment, within the bodies of humans and other animals. It began with radiography (which is why its name has a root referring to radiatio ...

and his mother was a business administrator of his father's radiology practice in

Pittsburgh Pittsburgh ( ) is a city in the Commonwealth (U.S. state), Commonwealth of Pennsylvania, United States, and the county seat of Allegheny County, Pennsylvania, Allegheny County. It is the most populous city in both Allegheny County and Wester ...

. Russinovich is of Croatian descent. He was introduced to computers when his friend's father got an

Apple II The Apple II (stylized as ) is an 8-bit home computer and one of the world's first highly successful mass-produced microcomputer products. It was designed primarily by Steve Wozniak; Jerry Manock developed the design of Apple II's foam-m ...

in the 1970s. He was able to

reverse engineer Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...

its

ROM Rom, or ROM may refer to: Biomechanics and medicine * Risk of mortality, a medical classification to estimate the likelihood of death for a patient * Rupture of membranes, a term used during pregnancy to describe a rupture of the amniotic sac * R ...

and write programs for it. At age 15, he bought himself his first computer, a Texas Instruments TI99/4A. About six months later his parents bought him an

Apple II+ The Apple II (stylized as ) is an 8-bit home computer and one of the world's first highly successful mass-produced microcomputer products. It was designed primarily by Steve Wozniak; Jerry Manock developed the design of Apple II's foam-m ...

from his local high school when it upgraded the computer labs to

Apple IIe The Apple IIe (styled as Apple //e) is the third model in the Apple II series of personal computers produced by Apple Computer. The ''e'' in the name stands for ''enhanced'', referring to the fact that several popular features were now built-in ...

s. He also wrote magazine articles about Apple II. In 1989, Russinovich earned his

Bachelor of Science A Bachelor of Science (BS, BSc, SB, or ScB; from the Latin ') is a bachelor's degree awarded for programs that generally last three to five years. The first university to admit a student to the degree of Bachelor of Science was the University of ...

degree in

computer engineering Computer engineering (CoE or CpE) is a branch of electrical engineering and computer science that integrates several fields of computer science and electronic engineering required to develop computer hardware and software. Computer engineers ...

from

Carnegie Mellon University Carnegie Mellon University (CMU) is a private research university in Pittsburgh, Pennsylvania. One of its predecessors was established in 1900 by Andrew Carnegie as the Carnegie Technical Schools; it became the Carnegie Institute of Technology ...

, where he was a member of the

Pi Kappa Alpha Pi Kappa Alpha (), commonly known as PIKE, is a college fraternity founded at the University of Virginia in 1868. The fraternity has over 225 chapters and colonies across the United States and abroad with over 15,500 undergraduate members over 30 ...

Beta Sigma chapter. The following year he received a

Master of Science A Master of Science ( la, Magisterii Scientiae; abbreviated MS, M.S., MSc, M.Sc., SM, S.M., ScM or Sc.M.) is a master's degree in the field of science awarded by universities in many countries or a person holding such a degree. In contrast to ...

degree in computer engineering from

Rensselaer Polytechnic Institute Rensselaer Polytechnic Institute () (RPI) is a private research university in Troy, New York, with an additional campus in Hartford, Connecticut. A third campus in Groton, Connecticut closed in 2018. RPI was established in 1824 by Stephen Van ...

. He later returned to Carnegie Mellon, where he received a

Ph.D. A Doctor of Philosophy (PhD, Ph.D., or DPhil; Latin: or ') is the most common degree at the highest academic level awarded following a course of study. PhDs are awarded for programs across the whole breadth of academic fields. Because it is a ...

in computer engineering in 1994 with thesis titled ''Application-transparent fault management''. under the supervision of Zary Segall.

Career

From September 1994 through February 1996 he was a research associate with the

University of Oregon The University of Oregon (UO, U of O or Oregon) is a public research university in Eugene, Oregon. Founded in 1876, the institution is well known for its strong ties to the sports apparel and marketing firm Nike, Inc, and its co-founder, billion ...

's computer science department. From February through September 1996 he was a developer with

NuMega Technologies NuMega Technologies, Inc. (also known as NuMega), was a software company founded in 1987 by Frank Grossman and Jim Moskun in Nashua, New Hampshire. The company developed a Kernel mode debugger, now SoftICE, for DOS and the Windows NT family.Mark R ...

, where he worked on performance monitoring software for

Windows NT Windows NT is a proprietary graphical operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems sc ...

. In 1996, he and

Bryce Cogswell Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website (formerly known as ntinternals) was created in 19 ...

cofounded

Winternals Software Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website (formerly known as ntinternals) was created in 1 ...

, where Russinovich served as Chief Software Architect, and the web site sysinternals.com, where Russinovich wrote and published dozens of popular Windows administration and diagnostic utilities including Autoruns,

Filemon Process Monitor is a tool from Windows Sysinternals, part of the Microsoft TechNet website. The tool monitors and displays in real-time all file system activity on a Microsoft Windows or Unix-like operating system. It combines two older tools, ' ...

, Regmon,

Process Explorer Process Explorer is a freeware task manager and system monitor for Microsoft Windows created by SysInternals, which has been acquired by Microsoft and re-branded as Windows Sysinternals. It provides the functionality of Windows Task Manager along ...

, TCPView, and

RootkitRevealer RootkitRevealer is a proprietary freeware tool for rootkit detection on Microsoft Windows by Bryce Cogswell and Mark Russinovich. It runs on Windows XP and Windows Server 2003 (32-bit-versions only). Its output lists Windows Registry and file sy ...

among many others. From September 1996 through September 1997, he worked as a consulting associate at OSR Open Systems Resources, Inc., a company based in

Amherst, New Hampshire Amherst is a town in Hillsborough County in the state of New Hampshire, United States. The population was 11,753 at the 2020 census. Amherst is home to Ponemah Bog Wildlife Sanctuary, Hodgman State Forest, the Joe English Reservation and Baboosi ...

. From September 1997 through March 2000, he was a research staff member at IBM's

Thomas J. Watson Research Center The Thomas J. Watson Research Center is the headquarters for IBM Research. The center comprises three sites, with its main laboratory in Yorktown Heights, New York, U.S., 38 miles (61 km) north of New York City, Albany, New York and with ...

, researching operating system support for Web server acceleration and serving as an operating systems expert. Russinovich joined Microsoft in 2006, when it acquired Winternals Software. In his role as an author, he is a regular contributor to ''

TechNet Magazine Microsoft TechNet was a Microsoft web portal and web service for IT professionals. It included a library containing documentation and technical resources for Microsoft products, a learning center which provides online training, discussion forums ...

'' and ''

Windows IT Pro ''Windows IT Pro'' was a trade publication and web site owned by Informa serving the information needs of IT professionals working with the Microsoft Windows platform. The magazine's editorial offices were located in Ft. Collins, Colorado, USA. ...

'' magazine (previously called ''Windows NT Magazine'') on the subject of the Architecture of Windows 2000 and was co-author of ''Inside Windows 2000'' (third edition). Russinovich is the author of many tools used by

and

Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...

kernel-mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...

programmers A computer programmer, sometimes referred to as a software developer, a software engineer, a programmer or a coder, is a person who creates computer programs — often for larger computer software. A programmer is someone who writes/creates ...

, and of the

NTFS New Technology File System (NTFS) is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default file system of the Windows NT family. It superseded File Allocation Table (FAT) as the preferred fil ...

file system driver for

DOS DOS is shorthand for the MS-DOS and IBM PC DOS family of operating systems. DOS may also refer to: Computing * Data over signalling (DoS), multiplexing data onto a signalling channel * Denial-of-service attack (DoS), an attack on a communicatio ...

Works

In 1996, Russinovich discovered that altering two values in the

Windows Registry The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and use ...

of the Workstation edition of

Windows NT 4.0 Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 3.51, which was released to manufacturing on July 31, 1996, and then to retail ...

would change the installation so it was recognized as a

Windows NT Server Windows NT is a proprietary graphical operating system produced by Microsoft, the first version of which was released on July 27, 1993. It is a processor-independent, multiprocessing and multi-user operating system. The first version of Window ...

and allow the installation of Microsoft BackOffice products which were licensed only for the Server edition. The registry key values were guarded by a worker thread to detect tampering, and later a program called NT Tune was released to kill the monitor thread and change the values. Russinovich wrote LiveKD, a utility included with the book ''Inside Windows 2000''. As of 2022, the utility is readily available to download. In 2005, Russinovich discovered the

Sony rootkit A scandal erupted in 2005 regarding Sony BMG's implementation of copy protection measures on about 22 million CDs. When inserted into a computer, the CDs installed one of two pieces of software that provided a form of digital rights management ...

Sony , commonly stylized as SONY, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan. As a major technology company, it operates as one of the world's largest manufacturers of consumer and professional ...

DRM DRM may refer to: Government, military and politics * Defense reform movement, U.S. campaign inspired by Col. John Boyd * Democratic Republic of Madagascar, a former socialist state (1975–1992) on Madagascar * Direction du renseignement militai ...

products. Its function was to prevent users from copying their media. In January 2006, Russinovich discovered a

rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...

Norton SystemWorks Norton SystemWorks is a discontinued utility software suite by Symantec Corp. It integrates three of Symantec's most popular products – Norton Utilities, Norton CrashGuard and Norton AntiVirus – into one program designed to simplify solving c ...

Symantec Symantec may refer to: *An American consumer software company now known as Gen Digital Inc. *A brand of enterprise security software purchased by Broadcom Inc. Broadcom Inc. is an American designer, developer, manufacturer and global supplier ...

. Symantec immediately removed the rootkit. He also analyzed the

Windows Metafile vulnerability The Windows Metafile vulnerability—also called the Metafile Image Code Execution and abbreviated MICE—is a security vulnerability in the way some versions of the Microsoft Windows operating system handled images in the Windows Metafile format. ...

and concluded that it was not a deliberate

backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so title ...

. This possibility had been raised – although tentatively – by Steve Gibson after a cursory investigation of the nature of the exploit and its mechanism. Russinovich's novels ''Zero Day'' (foreword by

Howard Schmidt Howard Anthony Schmidt (October 5, 1949 – March 2, 2017) was a partner with Tom Ridge in Ridge Schmidt Cyber LLC, a consultancy company in the field of cybersecurity. He was the Cyber-Security Coordinator of the Obama Administration, operating i ...

) and ''Trojan Horse'' (foreword by

Kevin Mitnick Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author, and convicted hacker. He is best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crim ...

) were published by

Thomas Dunne Books Thomas Dunne Books was an imprint of St. Martin's Press, which is a division of Macmillan Publishers. From 1986 until April 2020, it published popular trade fiction and nonfiction. History The imprint signed David Irving, a scholar, for a Joseph ...

on March 15, 2011 and September 4, 2012. Both are in a series of popular

techno-thriller A techno-thriller or technothriller is a hybrid genre drawing from science fiction, Thriller (genre), thrillers, spy fiction, action (fiction), action, and War novel, war novels. They include a disproportionate amount (relative to other genres) o ...

s, that have attracted praise from industry insiders such as

Mikko Hyppönen Mikko Hermanni Hyppönen (; born 13 October 1969) is a Finnish computer security expert, speaker and author. He is known for the Hyppönen Law about IoT security, which states that whenever an appliance is described as being "smart", it is vulner ...

and

Daniel Suarez Daniel is a masculine given name and a surname of Hebrew origin. It means "God is my judge"Hanks, Hardcastle and Hodges, ''Oxford Dictionary of First Names'', Oxford University Press, 2nd edition, , p. 68. (cf. Gabriel—"God is my strength"), ...

. A short story, "Operation Desolation" was published just before Trojan Horse and takes place 1 year after the events of Zero Day. Book 3, ''Rogue Code: A Novel'' (Jeff Aiken Series, May 2014) deals with vulnerabilities of the

NYSE The New York Stock Exchange (NYSE, nicknamed "The Big Board") is an American stock exchange in the Financial District, Manhattan, Financial District of Lower Manhattan in New York City. It is by far the List of stock exchanges, world's largest s ...

. It has a foreword by Haim Bodek, author of ''The Problem of HFT: Collected Writings on

High Frequency Trading High-frequency trading (HFT) is a type of algorithmic financial trading characterized by high speeds, high turnover rates, and high order-to-trade ratios that leverages high-frequency financial data and electronic trading tools. While there is no ...

& Stock Market Structure Reform''.

Works

Computer books * * * * * * * Russinovich, Mark; Margosis, Aaron (October 17, 2016).
Troubleshooting with the Windows Sysinternals Tools
'. Microsoft Press. ISBN 978-0-7356-8444-7. Novels * * * * Articles * * * * * * * * * * * Videos * * * *

References

External links

*
Video interview with Mark in his office at Microsoft on TechNet Edge

Mark's public event/session videos on Microsoft IT's Showtime! by TechNet

Original Article on Sony's rootkit

Inside the WMF backdoor

Windows Sysinternals Tools written by Mark Russinovich

Interview with Scott Hanselman about Zero Day and Trojan Horse, 26 July 2012

Mark on Security Now, 19 Sep 2012

Mark on Windows Weekly, 20 Sep 2012
{{DEFAULTSORT:Russinovich, Mark Microsoft Windows people Living people Microsoft technical fellows Microsoft employees Writers from Birmingham, Alabama Carnegie Mellon University alumni Rensselaer Polytechnic Institute alumni Year of birth uncertain American people of Croatian descent Techno-thriller writers American chief technology officers Industry and corporate fellows 1966 births People from Salamanca Spanish emigrants to the United States