Windows Service Optimization Detailed

WINDOWSXP Service Details 1. The process name of the Alerter Alerter service is Services.exe (that is, the name of the process running in the background after starting this service, which can be seen by the Task Manager). The function of the Alerter service is that WinXP sends management-related events on the system to the specified computer or user on the network, such as when a printing error occurs or the hard disk is about to be full. Collected and sent by XP's Alerter Service. Although the Alerter-dependent service does not have a Messenger service, the Alerter service must rely on the latter to send information. Therefore, after starting the Alerter service, it must be determined that the Messenger service is also working, and the receiving computer must also start the Messenger service. After the Alerter service is running, the service allows the user to send pop-up information to other users, which may be used by an attacker to perform an attack, such as tricking the user into modifying the password, thereby posing a security risk. At the same time, the service causes the user account name to leak, and may also be used by an attacker to conduct a password guessing attack. So for home single-user users, even for most small LANs, this feature is completely disableable, which not only saves system resources and speeds up startup, but also improves machine security. 2. Application Layer Gateway Service abbreviation "ALG" (application layer gateway), the process name is alg.exe, WinXP Home/PRO default installation start type is manual. ALG is also known as a proxy server (Proxy Server), which is a type of network firewall classified from the functional surface. When the internal computer is connected to an external host, the proxy server (Proxy Server) acts as a link relay between the internal computer and the external host. The advantage of using ALG is to hide the address of the internal host and prevent externally abnormal connections. If the agent designed for the application is not installed on the proxy server, any packets belonging to this network service will not pass through the firewall at all. Popularly speaking, specific to ALG itself, it is the specific control program for Internet connection sharing/firewall that comes with WinXP. If you need to enable both, this service is a must. Of course, only one computer Internet home can consider disabling this service, but I personally think that the built-in firewall effect of WinXP is still good, if you do not insist on using a third-party firewall, it is recommended to open it. 3. The process name of Application Management AppMgmt (Application Management Service) is Svchost.exe. The default startup type of WinXP Home/Pro is manual, without any dependent service relationship. Starting with Win2000, Microsoft introduced a new and effective software management solution based on the MSI file format (application installation information package file) - Application Management Component Service (Application Management), which not only manages the installation and deletion of software. You can also use this service to modify, repair, and repair existing applications, monitor file recovery, and troubleshoot basic failures through recovery. Usually this service we keep its default state is better. Many friends may have the impression that when ACDSee 4.0 was first released, due to the lack of consideration in the installation and production, it did not take into account that most people's systems did not support the MSI installation format at that time, and the result was that they had to download and install a name. The problem is solved by the MSI auxiliary file for Windows Installer. Software that is usually installed in the MSI file format is very easy to recognize. For example, Office XP, when you run the software installer again after installation, it usually has "reinstall", "fix software", "uninstall Software " and many other options, rather than the previous installer, simply uninstall or overwrite the installation. 4.Automatic Updates The process name of Wuauserv (automatic update service) is Svchost.exe. The default startup type of WinXP Home/Pro is automatic, without any dependent service relationship. This is a system automatic update function that everyone is very familiar with, so I won't say much. A friend who uses the kitten to surf the Internet and remembers it is not enough to close it in the system properties. It is also necessary to disable the Automatic Updates service. If you need to update later, you can manually update the address by typing the Windows Update website in IE. 5.Background Intelligent Transfer ServiceBITS process name is Svchost.exe, WinXP Home/Pro default installation start type is manual, relying on Remote Procedure Call, Workstation service. Microsoft claims that BITS can use the remaining bandwidth to transfer files. When the network is shut down or the computer needs to be restarted, the background intelligent transmission service will automatically maintain the file transfer. When the network is reconnected, the background intelligent transfer service will continue to continue from where it left off. Transfer files. In fact, this service was originally used to realize the transmission of information between HTTP 1.1 servers. Basically, its application is to support the resume of Windows automatic update. If you disable Automatic Updates, it doesn't make much sense to keep it. 6. The process name of ClipBook ClipSrv (Clipboard Viewer Service) is clipsrv.exe. The default startup type of WinXP Home/Pro is manual and depends on the Network DDE service. ClipBook provides a network dynamic data exchange service provided by Network DDE and Network DDE DSDM, which can be used to view the clipboard in a remote machine. In other words, ClipBook supports the ClipBook Viewer program, which allows scrapbook pages to be remotely computerized. Browse on the ClipBook. For example, there is a large document project, which is jointly developed by A, B, and C. A is responsible for the Excel data part, B is responsible for the Visio drawing part, and C is responsible for the integration of the two parts of the document. C often needs to copy the data of A and B. Stupid way is to open the documents shared by A and B on the network neighbor, and then copy the relevant content. Users who have a certain understanding of the Windows system should have heard of OLE. The above EXCEL data and Visio drawings can be considered as independent OLE objects. If the Clipbook services on the 3 machines of A, B, and C are all Open, you can use ClipBook to share these OLE objects, C as long as the link to create OLE objects in your own documents points to A, B Excel and Visio, A, B any changes to their work can be automatically in the C compound document reflect. Thus, ClipBook is object-based sharing, not simple file sharing. Therefore, it is also very well understood that this is a double-edged sword, which brings great security and hidden dangers of illegal remote access to ClipBook scrapbook pages. For users who do not have the above-mentioned similar work and are not ready to use or rarely use Remote Desktop, this service can be completely disabled and opened when needed. 7.COM+ Event System EventSystem (Schost.exe) The process name is Svchost.exe. The default startup type of WinXP Home/Pro is manual, relying on the Remote Procedure Call service. For non-software development professionals, COM+ is a very difficult term to understand. Simply put, COM+ is a standard for software components/components. For example, writing a software is like building a house. The components such as doors and windows will be designed according to the standard, in order to save time and effort, COM components are standard components such as Windows windows and doors, COM+ is a further extension of COM, the specific meaning is not detailed here, Windows system It is a typical message (event) processing system, many functions are triggered by messages, which produces the COM+ Event System. we want