Services: which ones to disable to increase security?

Which services do I disable to increase the security of windows? I do not care about services which are useless. There is a threat with those here https://www.wilderssecurity.com/showthread.php?t=338923.

 

For what it's worth department: Just leave 'em all alone.

 

Including remote registry?

 

IMO, if you're behind a router, and have a reasonable setup, and don't go asking for trouble or doing idiotic things, then there really IS no threat, you're fine. Some might disagree, but that's my take on it. I don't touch anything here on Win 7x64...

 

No, I have a laptop and often I move around to areas with free wifi. I am not always behind a router and i do not own a hardware firewall.

 

Ok, that's a bit different.. Also, of course there is nothing wrong with experimenting with the services for sheer educational purposes, I think we've all done some of that.

Even with wifi though, I think you're ok, there is Win Firewall, and whatever else you're running there. IMO, as a simple home or laptop user, there really is nothing to worry about. The odds are near zero that anything would ever happen.

 

If you aren't familiar with them, IMO it is best to research each, using BlackViper or whomever you prefer for a resource. They were easier in XP, as vista/7 both have changed things up a good degree.

Most of them are easy enough to figure out. You either use the service or you don't. If you understand services, then turn if off when in doubt. You can always turn it on if needed anyway. I have never understood the very adamant response of some to just leave them alone, like they are some voodoo taboo evil mojo you don't want to mess with. Its really easy to use net start or the faster sc start from run box or command prompt... as long as you know what you want to start or stop of course

The most confusing in win7 is going to be the network portion. Some of it is just silly. You will turn one thing off to see you cannot see others shares, turn it on and another off and they can't see yours. Its not like just turning off the server service any longer. But, a couple hours of studying and experimenting should yield you with some results.

As I have told others many times, I use pserv. Primary reason is that I can export the current services state in an .xml file. The GUI is better than the M$ snap-in too, IMO. But to be able to import/export is super handy when you are figuring it all out. Allows those who don't know all the services to be able to play without as much fear because they can restore to any given saved state.

If you don't know how to use sc from run box or command line, take the time. Very handy tool to know the syntax for. Net is so very slow compared to sc.

Sul.

 

In my case, I recommend leaving them alone mostly because I think there is little to no benefit in messing with them and that doing so is pretty much a waste of time, unless one is just looking to educate themselves, which is fine. There is also a small chance of bungling things and ending up with a mess, unless, as you mentioned, you do it one at a time and observe the results. As always, people will do what they are bent on doing..

 

Hmmm. Im not really looking to disable services that I don't use. I want to know which services are a potential security risk if any. I know back in XP there was a lot of commotion about disabling the messenger, etc... I am running 7 now however.

 

You really should disable Remote Registry in services, and Remote Desktop through the Control Panel system settings. Disable these two areas, and really most of the others being turned off might provide some breathing room for resources. You don't want anything turned on that allows modification of anything remotely unless you absolutely must use it. Even then I'd turn these off until I needed them. The Black Viper site isn't that spectacular imho, and you can learn just as much about a particular service and the experience of other people turning it on or off through a quick Google/Bing search.

 

Any service running which holds a comm port open is fair game. While behind a router/nat or your firewall, a moot point really. However, you don't have to go to a lan party have your desktop come in contact with other pcs. Wireless devices are prolific. Trimming the services you don't need reduces the footprint within the lan. At least that how I see it with all these wireless devices requesting connection to my network.

Sul.

 

In the day ... Some Windows XP Services that were somewhat known but do this day, unproven, could be disabled or stopped with any ill effect.

* Hat Tip * @ Kelly.

That said, I don't prescribe to diving in your Services.

 

Doesn't the user have to be connected to a network, and doesn't a perpetrator need to be an authenticated user - user with an account and password on the network?

Otherwise, lax security could lead to exploitation.

From a SANS institute paper (covering through WinXP):

That's the way it used to be, anyway. A quick search didn't turn up anything else... perhaps you know of something!

thanks,

----
rich

 

What do these do? Interested.

 

very informative: http://www.blackviper.com/windows-services/

 

Make sure you've done a system backup/image before messing with services. I remember following blackviper.com recommendations years back and borked one service I later needed to use through disabling something that was supposedly safe to disable. Most are interdependent.

 

Also, I don't think I even bothered disabling anything with Win 7. I am pretty much OCD about disabling services that are dangerous or unwanted - I just felt it was best left alone.

There's more danger to your running services from user error, downloading malware, etc, and my bugbear ... resource hassle from safe applications like Skype, Google,etc.

 

In your case you need to do two things re services:

ENABLE
Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.

DISABLE
Remote Register as it Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer


IMHO you need to strenghten your security due to your risk profile.

Install (a free 2 way SW FW) with a real time scanner

Install a free AV if it has a real time scanner turn the SW FW scanner OFF

Load your host file.

what about backup images?

 

Try these:

For 7: http://www.blackviper.com/2010/12/16/windows-7-service-pack-1-services-registry-files-2/

For XP: http://www.blackviper.com/2008/06/16/windows-xp-service-pack-3-services-registry-files/

Download and apply the appropriate "Safe" .reg file (these are contained inside the .zip files) for your OS, reboot and it's done.

 

Thanks. But I have no reason to disable services except for those that pose security risk. I'd like to know which ones specifically pose that risk and not which services can be in general disabled.

 

None of the services of supported Windows versions have known uncorrected vulnerabilities being exploited in the wild AFAIK.

 

There are some services I disable. Server - Workstation - windows search - windows media player network sharing - remote registry - TCP\IP NetBIOS. I have never experienced any issues. I also disable remote connection. Some services you will find there in manual mode anyways rather then automatic start up.

just for the record By default on our two windows 8 laptops the Remote registry is disabled.

 

great advice for saving resources

 

I guess then disabling services will not increase security at all.