Services overview: *term: svchost.exe A Description of Svchost.exe In Windows XP http://support.microsoft.com/default.aspx?scid=kb;en-us;q314056 Without a doubt the most asked question is what is svchost.exe and why is it running so many times at once. That's a fair question, especially if you've looked in Task Manager and seen it listed three or four times, each instance gobbling up memory. The official answer, straight from the mouth of Microsoft is: "Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs)." (personal note: Unfortunately, I am running myself XP Home edition and the command line : tasklist /svc does not work on this version. Here is where PE comes to the rescue) *term: SERVICE: service A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage. Some examples of services are the Security Accounts Manager service, File Replication service, and Routing and Remote Access service. NOTE: Use caution when changing default settings. Changing the default settings for services might prevent key services from running correctly. It is especially important to use caution when changing the Startup Type and Log On As settings of services that are configured to start automatically. If you enable or disable a service and you encounter a problem starting the computer, you might be able to start the computer in safe mode. Then you can change the service configuration or restore the default configuration. Another solution, Create A Restore Point with the Restore Program so if you are messing badly you can restore the system back to the way it was before you started changing settings. How to access Services area: Start > Settings > Control Panel > click on Administrative Tools > click Services. Get to know them: Click Help, then Help Topics. You can also click once (highlight) each one and a brief description will show in the left panel. Clicking twice, it will bring up its property panel, and the Dependency tab will show you which other services are hooked on it, or on which other services it is hooked itself. SERVICE: Application Layer Gateway Service : ALG Provides support for 3rd party protocol plug-ins for Internet Connection Sharing (ICS) and the Internet Connection Firewall (ICF). C:\WINDOWS\System32\alg.exe Depends on: nothing Dependees: ICF / ICS On a standalone computer (not networked) set this to Manual, on a network (2 or more computers sharing one connection, one IP number (set to Automatic). If you are using your computer as a gateway, read down, if you are using a router as gateway...read anyways..for general info. WHAT IS ICS, WHAT IS NAT? Internet Connection Sharing and Internet Connection Firewall : ICS / ICF http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceics/html/_wcecomm_network_address_translation.asp Pretty explanatory there: ICS is an application running on a Windows OS-based computer that serves as main gateway for the other computers hooked on same network and sharing same internet connection. If you use a router to perform a sharing connection you do not need to use the ICS application. The router will become the main gateway serving the other computers hooked to it. What ICS does: In networking terms, ICS combines several elements: a proxy server, a router and a DHCP server. ICS uses Network Address Translation (NAT), which is also known as "IP masquerading". In NAT, the identity of the client submitting a request is hidden: Instead, the request appears to come from the host. Network Address Translation : NAT http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceics/html/_wcecomm_network_address_translation.asp Network address translation (NAT), an Internet Engineering Task Force (IETF) standard, is an immediate but temporary solution to the problem of 32-bit IPv4 addresses becoming exhausted. NAT allows an Internet Protocol version 4 (IPv4) gateway device to provide devices on a network with access to a public network or the Internet while sharing a single, globally routable IPv4 address provided by an Internet Service Provider (ISP). (read the rest in the link above). There's a problem occuring with NAT: Say you have two computers hooked to a router, Computer A , Computer B, Router X. Computer A will get access to the internet through Router X, Computer B as well. But Computer A will not be able to communicate with Computer B because they cannot see each other through the NAT router X. Windows XP fixes this problem, letting you communicate across two NAT routers, from one inside box to another inside box. I assume that both boxes, A and B should be using WinXP for this. Start > Settings > Network Connections > Right click the connection you are actually using > chose Properties > Advanced tab > Select Allow Other Network Users to Connect through This Computer's Internet Connection - check box. If you want other computers to be able to cause ICS to start up the network connection when it's not running, make sure Establish a Dial-up Connection whenever a Computer on My Network Attempts to Access the Internet check box is selected. Clear this check box if you want only the computer with the connection to be able to start the connection. ((Personal note: you better start studying the new, upcoming in few years ipV6. Here is where you can find about it: http://www.faqs.org/rfcs/rfc2460.html But ofcourse, without getting a decent background on the actual TCP/IP system, you will not get too far. Here is a basic course (free for anyone to learn): http://www.freesoft.org/CIE/Course/index.htm)) (many thanks to all those who have worked and put together e-books, articles and classes online free of charge - the OPEN everything e-world). I will try to follow up this one with research on other Services. An Idea about how many services are there and their names: Alerter Application Layer Gateway Service Application Management Automatic Updates Background Intelligent Transfer Service ClipBook COM+ Event System COM+ System Application Computer Browser Cryptographic Services DHCP Client Distributed Link Tracking Client Distributed Transaction Coordinator DNS Client Error Reporting Service Event Log Fast User Switching Compatibility Help and Support HID Input Service IMAPI CD-Burning COM Service Indexing Service Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) IPSEC Services Logical Disk Manager Logical Disk Manager Administrative Service Machine Debug Manager Messenger MS Software Shadow Copy Provider Net Logon Network Connections Network DDE Network DDE DSDM Network Location Awareness (NLA) NetMeeting Remote Desktop Sharing NT LM Security Support Provider Performance Logs and Alerts Plug and Play Portable Media Serial Number Print Spooler Protected Storage QoS RSVP Remote Access Auto Connection Manager Remote Access Connection Manager Remote Desktop Help Session Manager Remote Procedure Call (RPC) Remote Procedure Call (RPC) Locator Remote Registry Removable Storage Routing and Remote Access ScriptBlocking Service Secondary Logon Security Accounts Manager Server Shell Hardware Detection Smart Card Smart Card Helper SSDP Discovery Service System Event Notification System Restore Service Task Scheduler TCP/IP NetBIOS Helper Telephony Telnet Terminal Services Themes Uninterruptible Power Supply Universal Plug and Play Device Host Upload Manager Volume Shadow Copy WebClient Windows Audio Windows Image Acquisition (WIA) Windows Installer Windows Management Instrumentation Windows Management Instrumentation Driver Extensions Windows Time Wireless Zero Configuration WMI Performance Adapter Workstation
Kill the ALG ... EXE . Yes I look forward to your next writeups they are very good. I think most people who don't run servers (most home users) will benefit greatly from closing down unneeded and unwanted services. It will decrease loading time and give back a lot of resources. -Jason-
Thanks, Dolphi and Jason. Well I am writing as I am testing. I think not everyone can just axe some services or disable them. I am having a small network myself, two boxes, this one with XP the other one with Debian. I can say, Linux is way simpler to configure and firewall at command line than is XP on a GUI interface. Now I use a firewalled router. If I dare to axe ALG I lose connection, since anyways, ALG is confined behind the router, I guess nothing bad could come from there. I guess ALG could be safely ignored on a stand alone computer. I was just playing with the Socket Spy on PE, its my first time on such tool. And I figured out why I have to keep the SSDP alive: ...schemas-upnp-org:service:WANIPConnection:.... I guess upnp has to find, read the router somehow, if I shut it down, I lose connection. So for everyone reading up there ^^^ There are several different scenarios, depending on how your computer is hooked up. I am using a cheap little D-Link 604 / old model but the documentation and tech support are super, it has a firewall builtin and is flexible and very costumizable. Another thing that I lost after I stopped UpNP was the sound. XP was telling me it can't find a sound device in the system. Well, I will continue with issues as I test them. But I would not dare to personally recommend no one to apply this and that as I said, not everyone's system and connections are the same.