Every time you boot, Windows XP must start more than 80 services, and the average user knows little about these services running in the background. What are they doing? Do I really need all of these services? This article will tell you which services are required to run and which services do not have to be running. Removing the services that don't need to be started will increase the speed of the computer and reduce the possibility of being hacked.
past two years, many people have first-hand experience of the dangers of Internet worms, such as the August 2003 attack shock wave (Worm.Blaster) and Sasser (Worm.Sasser) in May 2004 attack. Both viruses belong to the network worm, which exploits vulnerabilities in Windows services to spread and destroy. The Shockwave (Worm.Blaster) virus exploits the vulnerability of the RPC (Remote Procedure Call) service, which is one of the services that Windows XP must run. When the Blaster virus attacks, your machine will automatically shut down within 60 seconds. The Sasser virus uses the LSASS (Local Security Authority Subsystem Service) service of Windows to attack and infect. According to anti-virus organizations, if not guarded, these network worms can spread all the computers on the Internet through the Internet within an hour.
key problem is that in fact we can not do without these services, Windows XP's many features are achieved through these services. Simply put, you can think of these services as programs that perform system tasks in the background, such as getting automatic updates or managing print jobs. The biggest difference from the average application is that they all run in the "background", so you basically don't feel they exist.
order to implement various functions of Windows XP, Microsoft will automatically configure these services when you install Windows system. Windows will set some of these services to "boot automatically" state, others will load when needed, and some services will only load when the user chooses to load. Most computers do not need to run all the "boot autorun" services. These unnecessary services increase the risk of the system being attacked and take up valuable system resources. If you want to see the running status of all services, you can open "Control Panel" "Administrative Tools" "Services" (as shown in Figure 1). Figure
a
understand these services
In Figure 1, you can see every service has the following attributes: name, description, status, startup type, login identity Dependency. Some properties are not shown in Figure 1. You can see more properties by double-clicking on a service with your mouse. For example, the task of the Task Scheduler service is to "enable users to configure and schedule automatic tasks on this computer. If this service is terminated, these tasks will not run in the schedule time. If this service is disabled, any services that depend on it. Will not start." By default, the Task Scheduler service's startup state is "Automatic", which will start as Windows starts. In the dependency relationship, you can see that it relies on the Remote Procedure Call (RPC) service. The path to the executable file of the Task Scheduler service is "C:\\Windows\\System32\\svchost.exe -k netsvcs", so its process name in the task manager is "svchost.exe", because there are several services. Called with svchost.exe, so you will see multiple "svchost.exe" processes in the task manager (as shown in Figure 2).
Figure 2
If you reinstall a Windows XP Professional Service Pack 2, you will find a total of 79 system services installed: 34 services will run automatically, 38 services will be started when needed, only 7 services are not activated. If you install Windows XP or Windows XP SP1, it will install a total of 77 system services, 34 of which will run automatically, 41 services will be started when needed, and only 2 services will not be activated. In fact, in most cases, there are about 20 auto-running services that don't have to be run. Turning them off will increase system efficiency and security.
Potential Hazards
Perhaps you have not enough knowledge about the security risks posed by Windows services, because these services are related to the core of the system and have various permissions, so once they are illegal Mastering the game is likely to cause the operating system to crash. In order to protect your computer from infringement as much as possible, it is necessary to shut down those services that are not needed. And doing so can reduce system resource consumption and improve system operation efficiency. Why not? Let's first use a tool to see which services are accessible externally. The nmap tool from www.nmap.org (now changed to www.insecure.org) can scan the port (Figure 3). Thereby checking out the services that are open to the outside of a certain machine. Another free scanning tool, SuperScan v4.0 (
http://www.foundstone.com/resources/freetools.htm
), can also help you (see Figure 4).
Figure 3
Figure 4
Newly installed Windows XP usually has 5 open ports, SP1 is also the case, to SP2, Microsoft has strengthened the protection of the port, you can only find three open ports (if If the firewall is not started). And if you open the SP2 firewall, the port scanner can't even scan for any results. However, no firewall is omnipotent. Using a firewall and turning off unnecessary services will make the security of the computer more secure.
Service Management Tools
In addition to viewing services through the "Control Panel" "Administrative Tools" "Services", there are many other ways to manage Windows services. In the command line mode, you can use sc.exe (short for Service Control) to manage the service. This command requires parameters to run. Common running parameters are: sc.exe query (show all service list); sc.exe Queryex (displays more status information such as process ID and setting flags); sc.exe query state=all (displays all installed services). If you run sc.exe without arguments, it will display a description of each parameter option. The biggest role of Sc.exe is to start or shut down a service, or send a service to the run queue. Later in this article we will teach you how to use sc.exe and automatic scripts to configure these services.
Another command, netstat, allows Windows XP to display all currently active network connections. There are three open port services for Windows XP SP2 installed by default, namely Epmap (port 135), Microsoft-ds (port 445), and NetbiOS-ssn (port 139). TCPvIEw (http://www.sysinternals.com/ntw2k/source/tcpvIEw.sHtml
) is another free network monitoring tool similar to the Netstat feature that comes with Windows XP, but provides Graphical interface (as shown in Figure 5).
Figure V
automatically started service
using the various tools, you will be able to view a variety of information about Windows services. First let's focus on the 34 services that Windows is set to automatically start with the computer by default. In order to find ways to optimize, we need to understand their role. In general, we can classify these 34 services into several categories by function: networking, security, error handling, communication, and ease of use.
Networking
A Windows PC needs to run many programs in the background in order to connect to the network correctly. The Workstation service is used to create a connection to the server; the TCP/IP NetBIOS Helper service provides support for the "NetBIOS (NetBT)" service on TCP/IP and NetBiOS name resolution; the Computer Browser service maintains an updated list of computers on the network and will The list is provided for computer browsing, it also manages file and printer sharing information; the DHCP Client service manages network configuration by registering and changing IP addresses and DNS names; the DNS ClIEnt service resolves IP addresses and buffered Domain Name System (DNS) for computers; if you To remotely operate the registry over the network, you must open the Remote Registry service; if you want to share files and printers, you need to start the Server service; the Windows Time service maintains the time and date synchronization of all clients and servers on the network.
Security
There are also some services related to PC security. The Automatic Updates service automatically searches for the latest Windows XP updates and downloads and installs them from Microsoft servers; the IPSEC Services service manages IP security policies and launches ISAKMP/Oakley (IKE) and IP security drivers; the Secondary Logon service allows for ordinary identity users. Perform some operations that require administrator privileges; Security Center is a new service for Windows XP SP2 that manages Windows Firewall, Windows updates, and virus scanning; and System Restore Service is used to create and restore system restore points. Communication between the various program
and communication between the various components of the operating system must rely on a number of important communications services. The DCOM Server Process Launcher is a new service introduced by Windows XP SP2 that allows programs to collaborate with another program; the Remote Procedure Call (RPC) service, which is famous for the onset of the Worm.Blaster virus, is also Windows. Indispensable communication services; Distributed Link Tracking The ClIEnt service maintains links between NTFS files on the computer or links between computers in the network domain; the Windows Management Instrumentation service provides a unified interface and object model for accessing the operating system, Management information for devices, applications, and services.
Error Handling
Error handling is also an important function of Windows services: Error Reporting Service is responsible for recording, identifying and processing errors when the application is running in a non-standard environment.