Services: which ones to disable to increase security?

Discussion in 'other software & services' started by jo3blac1, Feb 20, 2013.

Thread Status:
Not open for further replies.
  1. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Last edited: Feb 20, 2013
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    For what it's worth department: Just leave 'em all alone. ;)
     
  3. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Including remote registry?
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    IMO, if you're behind a router, and have a reasonable setup, and don't go asking for trouble or doing idiotic things, then there really IS no threat, you're fine. Some might disagree, but that's my take on it. I don't touch anything here on Win 7x64...
     
  5. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    No, I have a laptop and often I move around to areas with free wifi. I am not always behind a router and i do not own a hardware firewall.
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Ok, that's a bit different.. Also, of course there is nothing wrong with experimenting with the services for sheer educational purposes, I think we've all done some of that.

    Even with wifi though, I think you're ok, there is Win Firewall, and whatever else you're running there. IMO, as a simple home or laptop user, there really is nothing to worry about. The odds are near zero that anything would ever happen.
     
  7. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    If you aren't familiar with them, IMO it is best to research each, using BlackViper or whomever you prefer for a resource. They were easier in XP, as vista/7 both have changed things up a good degree.

    Most of them are easy enough to figure out. You either use the service or you don't. If you understand services, then turn if off when in doubt. You can always turn it on if needed anyway. I have never understood the very adamant response of some to just leave them alone, like they are some voodoo taboo evil mojo you don't want to mess with. Its really easy to use net start or the faster sc start from run box or command prompt... as long as you know what you want to start or stop of course ;)

    The most confusing in win7 is going to be the network portion. Some of it is just silly. You will turn one thing off to see you cannot see others shares, turn it on and another off and they can't see yours. Its not like just turning off the server service any longer. But, a couple hours of studying and experimenting should yield you with some results.

    As I have told others many times, I use pserv. Primary reason is that I can export the current services state in an .xml file. The GUI is better than the M$ snap-in too, IMO. But to be able to import/export is super handy when you are figuring it all out. Allows those who don't know all the services to be able to play without as much fear because they can restore to any given saved state.

    If you don't know how to use sc from run box or command line, take the time. Very handy tool to know the syntax for. Net is so very slow compared to sc.

    Sul.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    In my case, I recommend leaving them alone mostly because I think there is little to no benefit in messing with them and that doing so is pretty much a waste of time, unless one is just looking to educate themselves, which is fine. There is also a small chance of bungling things and ending up with a mess, unless, as you mentioned, you do it one at a time and observe the results. As always, people will do what they are bent on doing.. ;)
     
  9. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Hmmm. Im not really looking to disable services that I don't use. I want to know which services are a potential security risk if any. I know back in XP there was a lot of commotion about disabling the messenger, etc... I am running 7 now however.
     
  10. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    You really should disable Remote Registry in services, and Remote Desktop through the Control Panel system settings. Disable these two areas, and really most of the others being turned off might provide some breathing room for resources. You don't want anything turned on that allows modification of anything remotely unless you absolutely must use it. Even then I'd turn these off until I needed them. The Black Viper site isn't that spectacular imho, and you can learn just as much about a particular service and the experience of other people turning it on or off through a quick Google/Bing search.
     
  11. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Any service running which holds a comm port open is fair game. While behind a router/nat or your firewall, a moot point really. However, you don't have to go to a lan party have your desktop come in contact with other pcs. Wireless devices are prolific. Trimming the services you don't need reduces the footprint within the lan. At least that how I see it with all these wireless devices requesting connection to my network.

    Sul.
     
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    :thumb:

    In the day ... Some Windows XP Services that were somewhat known but do this day, unproven, could be disabled or stopped with any ill effect.

    * Hat Tip * @ Kelly.

    That said, I don't prescribe to diving in your Services.

     
  13. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Doesn't the user have to be connected to a network, and doesn't a perpetrator need to be an authenticated user - user with an account and password on the network?

    Otherwise, lax security could lead to exploitation.

    From a SANS institute paper (covering through WinXP):

    That's the way it used to be, anyway. A quick search didn't turn up anything else... perhaps you know of something!

    thanks,

    ----
    rich
     
  14. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,423
    What do these do? Interested.
     
  15. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    Hi jo3blac

    I agree with the others about services, in fact with a Thinkpad Tablet, it has several extra services.

    If you use free wifi because it's free, stop reading now. My solution is I don't use them. I use Verizonwireless 4g network. What it consists of is a very small shirt pocket size device. The computer connects to that device thru a secure wireless connection and the device then connects to Verizons 4g cellphone network. That network is far more secure then free wifi.

    Yes there is an expense with that, but there really is no free solution. You can disable a lot of things and then "maybe" you are secure. Not good enough for me.

    Pete
     
  17. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Make sure you've done a system backup/image before messing with services. I remember following blackviper.com recommendations years back and borked one service I later needed to use through disabling something that was supposedly safe to disable. Most are interdependent.
     
  18. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Also, I don't think I even bothered disabling anything with Win 7. I am pretty much OCD about disabling services that are dangerous or unwanted - I just felt it was best left alone.

    There's more danger to your running services from user error, downloading malware, etc, and my bugbear ... resource hassle from safe applications like Skype, Google,etc.
     
  19. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    In your case you need to do two things re services:

    ENABLE
    Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.

    DISABLE
    Remote Register as it Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer


    IMHO you need to strenghten your security due to your risk profile.

    Install (a free 2 way SW FW) with a real time scanner

    Install a free AV if it has a real time scanner turn the SW FW scanner OFF

    Load your host file.

    what about backup images?
     
  20. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
  21. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Thanks. But I have no reason to disable services except for those that pose security risk. I'd like to know which ones specifically pose that risk and not which services can be in general disabled.
     
  22. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    None of the services of supported Windows versions have known uncorrected vulnerabilities being exploited in the wild AFAIK.
     
  23. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    There are some services I disable. Server - Workstation - windows search - windows media player network sharing - remote registry - TCP\IP NetBIOS. I have never experienced any issues. I also disable remote connection. Some services you will find there in manual mode anyways rather then automatic start up.

    just for the record By default on our two windows 8 laptops the Remote registry is disabled.
     
  24. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
  25. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    I guess then disabling services will not increase security at all.
     
Loading...
Thread Status:
Not open for further replies.