Tuesday, August 21, 2007

Turn Off Unnecessary Windows XP Services

[Check out Why windows takes so long to start up., when you're done with this article.]

Turning off unnecessary services in Windows XP can greatly reduce your exploit risk, while improving system performance. It's a good time to inject that often there are all sorts of "download optimizers" and other cute programs that vendors like to push on users. Most of the time, installing such things slows your computer down at best. It could subject you to potential security risks. The first rule is "If you don't know you need it, you probably don't."

Unnecessary services don't just subject you to security risk. They also slow down the operation of your computer. So, don't get lazy here and think you can just deal with the infections later. Go ahead and turn that junk off and recapture your system from these resource hogs. You get to services by going to Control Panel, Administrative Tools, then Services. You should see a long list of services, some running and some dormant. Use this checklist to help determine which services you can live without.

If you don't know how to find Windows Services in Windows XP, click on Start, Control Panel, Administrative Tools, and Services. Below is a simple step by step to finding and changing your services on Windows XP. Keep in mind that your view settings may make your's appear slightly different, but will be the same basic path.

Click on Start then Control Panel
Click on start, then click on Control Panel.

Click on Administrative Tools
In Control Panel, click on Administrative Tools

Click on Services
In Administrative Tools, click on Services.

Choose the Service to Modify
Choose the service you wish to modify.

Changing the Service Settings

Once you select the service you wish to modify, you have several buttons to turn the service off immediately, drop down choices to disable a service, make it autmatic, or make it manual.

Windows XP Pro (and Home); Stuff to turn off:

Each service is listed as it is in Microsoft's WIndows XP Professional. These should be similar in Microsoft's XP Home as well. Under each is the definition given in the Services Manager.

  • Alerter
    Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: I don't want my personal computer telling me anything, ever. Shut up and work! There's few things I find more annoying than a computer constantly wanting to interact with me while I'm using it to do work or entertain myself. A computer is a tool, not a friend or work companion. No Hal, I don't want to talk to you. Perhaps there's a software vendor that can give you a compelling reason why you need this service, but for most home and SOHO PC use it's just an unnecessary service taking up resources and providing risk. Unless you are running a product that requires this service, disable it.

  • Application Layer Gateway Service
    Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall

    Comment: Do you want to share your internet connection? That's an article waiting to be written. Let me be clear. Since you can buy a router for $50 or less, and Windows does an awful job routing, using a computer to gateway your other computers to the internet is just stupid. "What about firewalling and admission control?" Well, that's not going to be done through the built-in internet sharing tools. So, we''re not talking about that. If you use a personal computer to gateway your other computers to the internet (and calling it a server doesn't change the reality), you are wasting resources. Buy a $50 router, or a $1000 router for that matter. But, buy a discrete device that is designed to do the job. Use hardware based firewalling (OK, it's all based on software - but I mean a boxed solution, not software installed on a PC that's prone to lose autonomy). And, what about all those cute third-party firewalling tools that plug in to this thing? Man, give me a break. If it runs on top of your Windows installation, it's not a real firewall. Unless this is required by a product you think is necessary, disable it.

  • Automatic Updates
    Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated.

    Comment: There's only two options that may make sense with this service. You should either set it to disable or manual. I'd disable it. Automatic Updates is designed as a tool to aid Microsoft in controlling their product. Props to Microsoft for trying to protect their product from piracy. But, some updates have been known to cause problems. Use it when you need it, and disable it when you don't, unless you're too lazy to do updates on your own. Don't you wonder why all the computers in big, well managed networks don't run Automatic Updates? It's mostly because managers of big networks create their own update policies. If you more completely understand the thinking that goes into deciding whether or not to distribute an update, you could better administer your own PC. Either turn it on and assume the risk, or turn it off and regularly visit Mircosoft's update and news page (discussed more below).

  • Background Intelligent Transfer Service
    Uses idle network bandwidth to transfer data.

    Comment: This is one of those tools they require you turn on to enable Automatic Updates. Think about it. It connects your PC to the internet or network and works behind your back to do stuff you didn't explicitly tell it to do. It sounds like a great tool to help hackers collect data from your PC and slowly seep it back to their lair. Unless it's immediately required, disable it. It you use it and then go for some time with no need to use it, disable it. If you can't remember to keep your PC updated with the latest security fixes, you'll need it.

  • ClipBook
    Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: So, you want to copy stuff to your clipbook and allow remote computers to access it? I don't. There may be a software vendor that requires this service to run. I've yet to find it useful. I suggest you disable it.

  • Computer Browser
    Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: If you are on a network with other computers, and need to see them, this may be a useful tool. Otherwise, disable it.

  • Cryptographic Services
    Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: It is very necessary if you are passing certificates for networking. Unless you are in a large corporate network where connections are managed through authentication, this is unnecessary; disable it.

  • Distributed Transaction Coordinator
    Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: Extremely few personal computers will require this service. If you use it, you may want to review the reasons it is being used. Unless you are accessing network filesystems and databases, disable it.

  • DNS Client
    Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: It's typically good to leave this on.

  • Error Reporting Service
    Allows error reporting for services and applications running in non-standard environments.

    Comment: Erorr reporting is very useful, if you know what to do with the errors or you are running software that adjusts based on error reporting. This is that annoying "feature" in Windows that constantly pops up wanting to ship information about your software failures to Redmond. People promise me it helps find problems and solutions. I've mostly seen problem reports that you could as easily search out yourself. If you're advanced enough to use this, you'll likely use a search engine just as well. Chances are, the best thing for you to do is disable it.

  • Help and Support
    Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: I don't find this service useful, other than sucking up resources. If you know how to use Google, I'd disable it.

  • Human Interface Device Access
    Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: Whether or not you should disable this service, depends on other services you need. If you don't know, turn it off and see if it breaks anything. It says that it deals with hotkeys, however all the system hotkeys that most of us enjoy aren't controlled by this service, they are built into the core OS. Control C, for example, to copy and Control V to past, do not stop working when you turn this service off. It seems this has more to do with specific hotkeys that a software vendor may want to insert into their installed program or internet product. Until you see a reason for it, I'd turn this one off. Personally, I consider relying on such services to be lazy programming. But, there may be good reason for using it if it's more efficient.

  • Indexing Service
    Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.

    Comment: To date, nobody has shown me real system performance improvements with this technology. Keep in mind, I'm limited in this conversation to Windows. Indexing is very useful. Indexing databases is very useful. Indexing your computer isn't very useful at all. Typically, if you are on a network, you know where on a network to find your chosen data. If you are not on a network, there's no real performance enhancement to this service that justifies the complexity and resource use. Chances are good you should disable it.

  • IMAPI CD-Burning COM Service
    Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: Obviously, there may be some usefulness leaving this service as manual, if you have a CD burner installed. If you don't, disable it.

  • Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
    Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.

    Comment: This tool does a great job of complicating my internet connection and slowing down transactions. It's not likely this tool is sophisticated enough to make a major impact in your system's performance. You should disable it.

  • Messenger
    Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: Turn this thing off! It's a simple kit for anybody that can connect via any network to your computer to access your system and do things you don't want them to. Disable it.

  • Net Logon
    Supports pass-through authentication of account logon events for computers in a domain.

    Comment: Unless you need this to operate inside a domain, it's likely not necessary or useful. If you are using a home or SOHO PC and don't have a local domain based network, disable it.

  • NetMeeting Remote Desktop Sharing
    Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: Do you really want a built in tool to share control of your desktop over your network connection? There are better tools for doing this kind of work, if needed. If someone you buy software from insists you let them use this tool to help you install it one time, then enable it and disable it immediately afterward. For typical use, you should disable it.

  • Remote Desktop Help Session Manager
    Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.

    Comment: Refer to NetMeeting. If you don't want to share control of your computer through your network, disable it.

  • Remote Procedure Call (RPC) Locator
    Manages the RPC name service database.

    Comment: There are some network programs and protocols that require this to be turned on. Chances are you could just turn it off and see if you break anything. If you are using a single PC in your home or SOHO, it's likely just a security risk. If you don't know you need it, disable it.

  • Remote Registry
    Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: Seems self-explanatory. You can enable this service to help remote people or programs change your registry. Great hacker tool if you can't secure it. Disable it.

  • System Restore Service
    Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties

    Comment: This is almost useless if you ever have a problem with damaged drives, corrupted data, or malware. It uses a lot of resources and isn't useful for most people. You can turn it on before you install a big piece of software. This service allows you to backup to a previous system should you mess your's up with an installation of software or a modification to your system settings, usually registry damage. To improve system performance and take the minor risk of not being able to make your computer work like it did yesterday, disable it.

  • TCP/IP NetBIOS Helper
    Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.

    Comment: Very few people use NetBIOS at home. This is the Windows built-in protocol for simple networking. You may need it. Otherwise, disable it.

  • Telephony
    Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.

    Comment: If you use telephony, you probably use discrete devices or proprietary services that don't rely on this service. However, you do need this servive if you use a modem to connect to the ineternet. If you don't specifically need the Microsoft Telephony service, disable it. If you use a modem to connect to the internet, leave it enabled.

  • Telnet
    Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: There's just not a circumstance where I can imagine that turning this service on is a good idea. Unless you need to let people telnet into your computer and have a really good reason for doing so, disable it.

  • Terminal Services
    Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.

    Comment: As I've said above, there's better tools for remote desktop administration. The idea of Terminal Services is to allow remote desktop administration of a system, like the user was on the actual console. In almost all circumstances you should disable it.

  • Themes
    Provides user experience theme management.

    Comment: Themes are cute and bloated. Enabling themes is not a good way to increase performance, but you may think it's neat. If you aren't addicted to cute desktop eye candy, disable it.

  • Uninterruptible Power Supply
    Manages an uninterruptible power supply (UPS) connected to the computer.

    Comment: Unless you are using a UPS on your computer and it has the capability of managing the system, disable it.

  • Upload Manager
    Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: If you are not in a local network sharing data (files and/or services), disable it.

  • Windows Time
    Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: Sometimes it works. Unless you are really needing your time to sync to something running a Windows time server, disable it.

  • Wireless Zero Configuration
    Provides automatic configuration for the 802.11 adapters

    Comment: Unless you use 802.11 devices, disable it.

  • Workstation
    Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

    Comment: If you are not in a local network sharing data (files and/or services), disable it.

If you turn off all the services suggested above and try to use Automatic Updates via WindowsUpdate.Microsoft.com, you will likely see a message something like this:

Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:

"Automatic Updates enables detection, downloading, and installation of critical updates for your computer.

Background Intelligent Transfer Service (BITS) enables faster, restartable downloading of updates.

Event Log logs Windows Update events for troubleshooting. To ensure that these services are enabled:"

It's easy to just go back to Services, and turn these services on as you need them. An operating system shouldn't need daily updates to run. And, the more services you run, the more likely you are to need updates. See a circle here? Occasionally, a little laziness won't kill you. Though you could just go to Technet (Microsoft's only support for IT professionals) and get all your news and update files with descriptions of their efficacy and safety, you may occasionally just want to veg out and let Microsoft do the work for you. You should still read each update and decide for yourself whether it makes sense. Some of them are flat out bad news. But, turning up these services for a few minutes to run Automatic Updates may be a shortcut to periodic updates.

So, let's look at the services they want you to turn on.

Automatic Updates
Background Intelligent Transfer Service
Event Log

I haven't a clue why you need Background Intelligent Transfer Services to run so you can go to a website, download, and install service packs. But, you can turn it, and the others, on and then turn it back off when you are done. It's just three services.

If you turn off all the services suggested above and try to use Automatic Updates via WindowsUpdate.Microsoft.com, you will likely see a message something like this:
Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:
Automatic Updates enables detection, downloading, and installation of critical updates for your computer.
Background Intelligent Transfer Service (BITS) enables faster, restartable downloading of updates.
Event Log logs Windows Update events for troubleshooting. To ensure that these services are enabled:

It's easy to just go back to Services, and turn these services on as you need them. An operating system shouldn't need daily updates to run. And, the more services you run, the more likely you are to need updates. See a circle here? Occasionally, a little laziness won't kill you. Though you could just go to Technet (Microsoft's only support for IT professionals) and get all your news and update files with descriptions of their efficacy and safety, you may occasionally just want to veg out and let Microsoft do the work for you. You should still read each update and decide for yourself whether it makes sense. Some of them are flat out bad news. But, turning up these services for a few minutes to run Automatic Updates may be a shortcut to periodic updates.

So, let's look at the services they want you to turn on.

  1. Automatic Updates
  2. Background Intelligent Transfer Service
  3. Event Log

I haven't a clue why you need Background Intelligent Transfer Services to run so you can go to a website, download, and install service packs. But, you can turn it, and the others, on and then turn it back off when you are done. After all, it's just three services.

If you take a minimalist's point of view to running both software and services on your computer, it will perform faster and more safely than it will if you just randomly load anything anyone tells you to. To better secure your PC, stick to a mindset that if you don't absolutely need a service running right now, you should just turn it off.

For those of you that break stuff when you turn off services I suggest are unnecessary.

If you turn off all the stuff that blatantly doesn't have anything to do with the network, you should be fine. Then, turn off one thing at a time that you /think/ doesn't support your network connection. If you lose your connection, turn the service back on. Next, and this part is very important, make sure your network settings are accurate and set for "on" so you can reconnect. You should find out how your PC connects to your local network before you get started and document it. But, anything you turn off that breaks something needs to be carefully examined and documented (write it down somewhere).

Just because you turn a service back on, doesn't mean your broken software will magically start working again. For example, remember the issue of using a computer in your network to manage your connection? If that's how you connect, you'll have to reconfigure that connection to get online if you kill it by killing a service. Likely, Computer Browser will cause this kind of problem. Also, just enabling the service doesn't turn it on. You need to manually restart it, since the start, enable, stop, settings go into action on bootup. So, if you don't want to wait til your box reboots, you'll need to manually turn off the service if you want it disabled, and manually turn it on if you want to enable it (and see if that given service is your problem).

What about System Restore? Well, I don't like it. If I had a dollar for every time someone fouled up their PC, ran system restore, and were amazed that all wasn't suddenly happy sunshine, I'd have a really nice vacation home. I realize it makes life easier for newbies that randomly screw stuff up and can't be hassled with learning the things they use. But, for most cases, it's a great tool for virus and worms to avoid capture. You delete them, they have a backup switch to recapture control through the restore program. Many antivirus programs don't work properly when you have this feature enabled. You can leave it on if you're a fan. Perhaps it makes you feel good, like it would make everything right again if you had it around. But, it won't save you from a serious problem. Backups and safe computer practices will.

You need to learn enough about your PC to run a functional backup and restoration of your critical data. If you can't do this, you're just waiting to lose everything.

Don't be afraid to learn more about your PC. It's one thing to run through a checklist of stuff I suggest you don't need. But, it's not a guarantee that I address every concern for every user. With a few hours here and there of learning now, you'll save yourself a lot of frustration later. The things I learned about Windows five and six years ago still serve me today. The things I learned about networks running Unix systems serve me every day, no matter what operating system I may run.

Enjoy learning; it's the first line of defense against bad software and broken PCs.

[Check out Why windows takes so long to start up., when you're done with this article.]

    

0 Comments:

Post a Comment

<< Home