The "No Network is 100% Secure" series
- Windows XP Services -
A White Paper
All rights reserved - may not be copied without permission
Easyrider LAN Pro, NOC Design Consultants
Purpose for this white paper: Running unnecessary services wastes computer
power and reduces performance. But more important, having unnecessary services
running on your computer can make you vulnerable to attack from hackers, crackers,
viruses and all sorts of malware. As a best practice, you should not enable any
service on any computer that isn't actually needed.
Cautions: It's certainly possible to "break" a Microsoft Windows workstation by disabling a service that is required for proper operation. We would advise that the reader proceed slowly and carefully when reducing the number of services that are running on their PCs. For example, it would be unwise to disable every service listed in this white paper in one shot. Better to stop a few services at a time, set them to manual, document what you've done and then continue to use the workstation for a day or two to see if you notice any adverse effects. If everything seems fine, reboot the workstation and see if everything comes back up and continues to operate properly. If there are any problems, it will be a lot easier to roll back to your last known good configuration if you've only made a small number of changes.
You would probably want to set these services to "manual" rather than disabling them, at least during the test phase. Only when you are positive that a stopped service is absolutely not needed should it be set to "disable".
Also note that Microsoft Windows workstations that are in a domain will need services running that may be listed here as not needed. In a corporate environment, you are probably supported by an IT staff that would take a dim view of users fooling with service settings. You would want to discuss your plans with your favorite IT person before making any changes to your workstation. But for home or SOHO users, the recommendations on this list are fairly safe to implement. But again, proceed slowly and carefully, documenting all of the changes you make every step of the way.
We will assume that you know how to bring up the services GUI already. If you don't, implementing the changes in this white paper might be ill-advised. This white paper was written for Windows XP Pro but the settings for other XP offerings would be similar.
The studious reader will likely note that many services are not listed in this white paper. These have been intentionally omitted because those services should not be stopped in most cases. Others do not present a significant security risk if left running and/or the performance gain by stopping the service is so trivial as to not be worth the effort.
Alerter: You can safely stop and disable this service. A caveat is if you are in a domain that issues notices about upcoming password expirations or things like that. With this service disabled, you will not get these notices and could find yourself locked out of network one day.
Application Layer Gateway Service: Again, in almost all cases you can safely stop and disable this service.
ClipBook: Disable it.
Computer Browser: If you are on a network with other computers, and need to see them, this may be a useful tool. Otherwise, disable it.
Distributed Transaction Coordinator: If you are not accessing network filesystems and databases, disable it.
Help and Support: If you don't use this feature, disable it or at least stop it and set it to manual.
Human Interface Device Access: You should be able to safely disable this service.
Messenger: Disable it.
Net Logon: Not needed unless you are in a domain.
NetMeeting Remote Desktop Sharing: If you need this service, you already know it. Otherwise, you can safely disable it.
Remote Desktop Help Session Manager: Same as NetMeeting.
Remote Procedure Call (RPC) Locator: In most cases you can stop this service and set it to manual.
Remote Registry: In my opinion, having this running is a big security risk. Stop it and set it to manual.
TCP/IP NetBIOS Helper: This service is rarely used any more even in the corporate environment. Stop it and set it to manual. If you find that you are unable to print or to access some types of network file systems, you may need to restart this service.
Telephony: This service is used by all sorts of hardware that you wouldn't think would use it. You can try setting it to manual and keeping an eye on the event logs.
Telnet: Disable it. Definitely!
Terminal Services: Your systems administrator may disagree, but I'd stop this service and set it to manual. Or just disable it.
Themes: Disable it.
Uninterruptible Power Supply: Unless you are using a UPS on your computer and it has the capability of managing the system, disable it.
Wireless Zero Configuration: Unless you are using wireless on your workstation, disable it.
Workstation: If you are not in a local network sharing files, data or services, disable it.
Comments: We would welcome feedback regarding this list and especially any problems that were encountered disabling services that turned out to be needed. We will update this white paper with feedback caveats and comments as appropriate.
Next in the security white paper series:
How Cyber Criminals will mature over the next ten years
Are you vulnerable to drive-by exploits?
High value sites recent hacks
IT employment challenges of the 21st century
Employment reference checking white paper
Competency Certifications White Paper
Firewall White Paper
Virus White Paper
GhostNet White Paper
Password White Paper
Digital Identification Certificates White Paper
Cryptography White Paper
OpenID White Paper
Intrusion Detection Systems IDS White Paper
Rootkit White Paper
Scareware White Paper
Exaflood Internet Brownout White Paper
Cloud Computing White Paper
Proxy Server White Paper
Personal Computer PC Security White Paper
Phishing White Paper
DNS Poisoning White Paper
Conficker White Paper
SPAM White Paper
Best Practices White Paper
Denial of Service DoS White Paper
Trojan Virus Attacks White Paper
Port Scanning White Paper
Monitoring Basics 101 White Paper
Monitoring Basics 102 White Paper
Monitoring Basics 103 White Paper
Virtual Machine Security White Paper
Aurora vulnerability White Paper
Shelfware White Paper
Outsourced IT White Paper
Easyrider LAN Pro Consulting services:
Network Security Audit and PC Tune-up service
- Proxy server installation and configuration
- Enterprise security consultations
- Disaster recovery planning
- Disaster recovery services
- Capacity, migration and upgrade planning
- Build and deploy central syslog server
- Build trouble ticket systems
- Design and build monitoring environments
- Design and build Network Operations Centers (NOC)
- HP Openview, BMC Patrol consulting
Last modified March 29, 2009
Copyright 1990-2012 Easyrider LAN Pro