As long as Microsoft Windows has been a network capable operating system, it has come with quite a few
services turned on by default, and it is a good idea for the security conscious user of Microsoft’s
fl agship product to shut down any of these that he or she isn’t using.
Each version of MS Windows provides different services, of course, so any list of services to
disable for security purposes will be at least somewhat particular to a given version of Microsoft
Windows. As such, a list like this one needs to be identifi ed with a specifi c Microsoft Windows
version, though it can still serve as a guide for the knowledgeable MS Windows user to check
out the running services on other versions as well.
If you are running Microsoft Windows XP on your desktop system, consider turning off the
following services. You may be surprised by what is running without your knowledge.
• IIS — Microsoft’s Internet Information Services provide the capabilities of a Webserver for
your computer.
• NetMeeting Remote Desktop Sharing — NetMeeting is primarily a VoIP and
videoconferencing client for Microsoft Windows, but this service in particular is necessary
to remote desktop access.
• Remote Desktop Help Session Manager — This service is used by the Remote
Assistance feature that you can use to allow others remote access to the system to help you
troubleshoot problems.
• Remote Registry — The capabilities provided by the Remote Registry service are
frightening to consider from a security perspective. They allow remote users (in theory, only
under controlled circumstances) to edit the Windows Registry.
• Routing and Remote Access — This service bundles a number of capabilities together,
capabilities that most system administrators would probably agree should be provided
separately. It is rare that any of them should be necessary for a typical desktop system such
as Microsoft Windows XP, however, so they can all conveniently be turned off as a single
service. Routing and Remote Access provides the ability to use the system as a router and
NAT device, as a dialup access gateway, and a VPN server.
• Simple File Sharing — When a computer is not a part of a Microsoft Windows Domain,
it is assumed by the default settings that any and all fi lesystem shares are meant to be
universally accessible. In the real world, however, we should only want to provide shares to
very specifi c, authorized users. As such, Simple File Sharing, which only provides blanket
access to shares without exceptions, is not what we want to use for sharing fi lesystem
resources. It is active by default on both MS Windows XP Professional and MS Windows
XP Home editions. Unfortunately, this cannot be disabled on MS Windows XP Home. On
Performance 101 Microsoft Windows XP tips, tweaks, and hacks you need to know 8
MS Windows XP Professional, however, you can disable it by opening My Computer ->
Tools -> Folder Options, clicking the View tab, and unchecking the Use simple fi le sharing
(Recommended) checkbox in the Advanced settings: pane.
• SSDP Discovery Service — This service is used to discover UPnP devices on your network,
and is required for the Universal Plug and Play Device Host service (see below) to operate.
• Telnet — The Telnet service is a very old mechanism for providing remote access to a
computer, most commonly known from its use in the bad ol’ days of security for remote
command shell access on Unix servers. These days, using Telnet to remotely manage a Unix
system may be grounds for fi ring, where an encrypted protocol such as SSH should be used
instead.
• Universal Plug and Play Device Host — Once you have your “Plug and Play” devices
installed on your system, it is often the case that you will not need this service again.
• Windows Messenger Service — Listed in the Services window under the name Messenger,
the Windows Messenger Service provides “net send” and “Alerter” functionality. It is
unrelated to the Windows Messenger instant messaging client, and is not necessary to use
the Windows Messenger IM network.
On your system, these services may not all be turned on, or even installed. Whether a given
service is installed and running may depend on whether you installed the system yourself,
whether you are using XP Home or XP Professional, and from which vendor you got your
computer if MS Windows XP was installed by a vendor.
With the exception of Simple File Sharing, all of the above listed services can be disabled from
the same place. Simply click on the Start button, then navigate to Settings -> Control Panel,
open Administrative Tools, and from there open the Services window. To disable any service
in the list, double-click on its entry in that window and change the Startup type: setting. In
general, you should change services you are turning off for security purposes to a “Disabled”
state. When in doubt about whether a given service is necessary for other services, check the
Dependencies tab in the service’s settings dialog.
Obviously, this is not a comprehensive list of everything running on your computer that you
may want to turn off. It is merely a list of ten items that you most likely do not need to have
running, and constitute a security vulnerability if left running. Most users will never have need
of any of the services in this list, once the computer is up and running. Other services may be
disabled without ill effect as well, though you should research each item in the complete services
list before you disable it to ensure that you actually do not need it running. Some of them are
quite critical to the normal operation of your system, such as the Remote Procedure Call (RPC)
service.
Every running — but unused — service on your machine is an unnecessary security
vulnerability. If a service is not important at all for authorized users and basic system
functionality, turn it off.
