This information is based on the IT Security blog post "10 services to turn off in MS Windows XP," by Chad Perrin. I got the information through ZD.Net and TechRepublic. You should consider joining both to keep up with a lot of the technical issues. Keep in mind that you may not want to turn any of this stuff off but if you are reasonably technical you may wish to close some of these holes.
Microsoft Windows is a network-capable operating system, it has come with quite a few services turned on by default, so it's a good idea for security-conscious users of Microsoft’s flagship product to shut down any of these services they aren't using. If you're running Microsoft Windows XP on your desktop system, consider turning off the following services. You will be surprised by what is running without your knowledge.
IIS Microsoft’s Internet Information Services provide the capabilities of a Web server for your computer. I turned this one off.
NetMeeting Remote Desktop Sharing
NetMeeting is primarily a VoIP and videoconferencing client for Microsoft Windows, but this service in particular is necessary to remote desktop access. I turned this one off.
Remote Desktop Help Session Manager
This service is used by the Remote Assistance feature that allows others remote access to the system to help you troubleshoot problems. You may want to leave this alone but I turned it off. You can always turn it on if you need to have someone help out on your computer.
Remote Registry
The capabilities provided by the Remote Registry service are frightening to consider from a security perspective. They allow remote users (in theory, and only under controlled circumstances) to edit the Windows Registry. You may want to leave this alone if you download and use software that does need to change the registry. I left it alone.
Routing and Remote Access
This service bundles a number of capabilities, which most system administrators would probably agree should be provided separately. It is rare that any of them should be necessary for a typical desktop system such as Microsoft Windows XP, however, so they can all conveniently be turned off as a single service. Routing and Remote Access provides the ability to use the system as a router and NAT device, as a dialup access gateway, and as a VPN server. I turned this one off.
Simple File Sharing
When a computer isn't part of a Microsoft Windows domain, it's assumed by the default settings that all filesystem shares are meant to be universally accessible. In the real world, however, we should want to provide shares only to specific, authorized users. Simple File Sharing, which provides blanket access to shares without exceptions, is not what we want to use for sharing filesystem resources. It is active by default on both Windows XP Professional and Windows XP Home editions. Unfortunately, this can't be disabled for Windows XP Home. For Windows XP Professional, you can disable it by opening My Computer | Tools | Folder Options, clicking the View tab, and deselecting the Use Simple File Sharing (Recommended) check box in the Advanced settings: pane. I turned this one off.
SSDP Discovery Service
This service is used to discover UPnP devices on your network and is required for the Universal Plug and Play Device Host service (see below) to operate. I left this alone as I add devices all the time.
Telnet
The Telnet service is an old mechanism for providing remote access to a computer, most commonly known from its use in the bad ol’ days of security for remote command shell access on UNIX servers. These days, using Telnet to remotely manage a UNIX system may be grounds for firing, and an encrypted protocol such as SSH should be used instead. I turned this one off.
Universal Plug and Play Device Host
Once you have your Plug and Play devices installed on your system, it is often the case that you will not need this service again. I left this alone as I add devices all the time.
Windows Messenger Service
Listed in the Services window under the name Messenger, the Windows Messenger Service provides “net send” and “Alerter” functionality. It is unrelated to the Windows Messenger instant messaging client and is not necessary for using the Windows Messenger IM network. I turned this one off.
Again directly form TechRepublic:
On your system, these services may not all be turned on, or even installed. Whether a given service is installed and running may depend on whether you installed the system yourself, whether you are using XP Home or XP Professional, and from which vendor you got your computer (if Windows XP was preinstalled).
With the exception of Simple File Sharing, all of the above listed services can be disabled from the same place. Simply click on the Start button, then navigate to Settings | Control Panel, open Administrative Tools, and from there open the Services window. To disable any service in the list, double-click on its entry in that window and change the Startup Type setting. In general, you should change services you are turning off for security purposes to a Disabled state. When in doubt about whether a given service is necessary for other services, check the Dependencies tab in the service’s settings dialog.
Obviously, this is not a comprehensive list of everything running on your computer that you may want to turn off. It is merely a list of items you most likely do not need and that constitute a security vulnerability if left running. Most users will never need any of the services in this list once the computer is up and running. Other services may be disabled without ill effect as well, though you should research each item in the complete services list before you disable it to ensure that you really don't need it. Some of them, such as the Remote Procedure Call (RPC) service, are critical to the normal operation of your system.
Every running—but unused—service on your machine is an unnecessary security vulnerability. If a service is not important at all for authorized users and basic system functionality, turn it off.
Microsoft Windows is a network-capable operating system, it has come with quite a few services turned on by default, so it's a good idea for security-conscious users of Microsoft’s flagship product to shut down any of these services they aren't using. If you're running Microsoft Windows XP on your desktop system, consider turning off the following services. You will be surprised by what is running without your knowledge.
IIS Microsoft’s Internet Information Services provide the capabilities of a Web server for your computer. I turned this one off.
NetMeeting Remote Desktop Sharing
NetMeeting is primarily a VoIP and videoconferencing client for Microsoft Windows, but this service in particular is necessary to remote desktop access. I turned this one off.
Remote Desktop Help Session Manager
This service is used by the Remote Assistance feature that allows others remote access to the system to help you troubleshoot problems. You may want to leave this alone but I turned it off. You can always turn it on if you need to have someone help out on your computer.
Remote Registry
The capabilities provided by the Remote Registry service are frightening to consider from a security perspective. They allow remote users (in theory, and only under controlled circumstances) to edit the Windows Registry. You may want to leave this alone if you download and use software that does need to change the registry. I left it alone.
Routing and Remote Access
This service bundles a number of capabilities, which most system administrators would probably agree should be provided separately. It is rare that any of them should be necessary for a typical desktop system such as Microsoft Windows XP, however, so they can all conveniently be turned off as a single service. Routing and Remote Access provides the ability to use the system as a router and NAT device, as a dialup access gateway, and as a VPN server. I turned this one off.
Simple File Sharing
When a computer isn't part of a Microsoft Windows domain, it's assumed by the default settings that all filesystem shares are meant to be universally accessible. In the real world, however, we should want to provide shares only to specific, authorized users. Simple File Sharing, which provides blanket access to shares without exceptions, is not what we want to use for sharing filesystem resources. It is active by default on both Windows XP Professional and Windows XP Home editions. Unfortunately, this can't be disabled for Windows XP Home. For Windows XP Professional, you can disable it by opening My Computer | Tools | Folder Options, clicking the View tab, and deselecting the Use Simple File Sharing (Recommended) check box in the Advanced settings: pane. I turned this one off.
SSDP Discovery Service
This service is used to discover UPnP devices on your network and is required for the Universal Plug and Play Device Host service (see below) to operate. I left this alone as I add devices all the time.
Telnet
The Telnet service is an old mechanism for providing remote access to a computer, most commonly known from its use in the bad ol’ days of security for remote command shell access on UNIX servers. These days, using Telnet to remotely manage a UNIX system may be grounds for firing, and an encrypted protocol such as SSH should be used instead. I turned this one off.
Universal Plug and Play Device Host
Once you have your Plug and Play devices installed on your system, it is often the case that you will not need this service again. I left this alone as I add devices all the time.
Windows Messenger Service
Listed in the Services window under the name Messenger, the Windows Messenger Service provides “net send” and “Alerter” functionality. It is unrelated to the Windows Messenger instant messaging client and is not necessary for using the Windows Messenger IM network. I turned this one off.
Again directly form TechRepublic:
On your system, these services may not all be turned on, or even installed. Whether a given service is installed and running may depend on whether you installed the system yourself, whether you are using XP Home or XP Professional, and from which vendor you got your computer (if Windows XP was preinstalled).
With the exception of Simple File Sharing, all of the above listed services can be disabled from the same place. Simply click on the Start button, then navigate to Settings | Control Panel, open Administrative Tools, and from there open the Services window. To disable any service in the list, double-click on its entry in that window and change the Startup Type setting. In general, you should change services you are turning off for security purposes to a Disabled state. When in doubt about whether a given service is necessary for other services, check the Dependencies tab in the service’s settings dialog.
Obviously, this is not a comprehensive list of everything running on your computer that you may want to turn off. It is merely a list of items you most likely do not need and that constitute a security vulnerability if left running. Most users will never need any of the services in this list once the computer is up and running. Other services may be disabled without ill effect as well, though you should research each item in the complete services list before you disable it to ensure that you really don't need it. Some of them, such as the Remote Procedure Call (RPC) service, are critical to the normal operation of your system.
Every running—but unused—service on your machine is an unnecessary security vulnerability. If a service is not important at all for authorized users and basic system functionality, turn it off.
Comments