Many Windows Services are double-edged sword. Poor use may cause many security risks. This article describes ten services. We recommend that you disable them. In addition, there are more than ten suggestions for your reference.
Services that must be disabled in Windows XP
1. NetMeeting Remote Desktop Sharing
Authorized users are allowed to access each other through NetMeeting on the network. This service is not very useful to most individual users. Moreover, opening the service will bring security issues, because the service will send the user name to the client connected to it in plaintext when accessing the Internet, hacker sniffing programs can easily detect the account information.
2. Universal Plug and Play Device Host
This Service supports General plug-and-play devices. This service has a security vulnerability. Computers running this service are vulnerable to attacks. If an attacker sends a fake UDP packet to a network with multiple Windows XP systems, these Windows XP hosts may launch DDoS attacks on the specified host ).
In addition, if you send a UDP packet to the system port 1900 and direct the address of the Location domain to the chargen port of another system, the system may be in an endless loop, all resources of the system are consumed (manually enable hardware installation ).
3. Messenger
Commonly known as the Messenger service, a computer user can use it in the LAN for data exchange (transfer the Net Send and Alerter service messages between the client and the server, this service has nothing to do with Windows Messenger. If the service is stopped, Alerter messages are not transmitted ).
This is a dangerous and annoying service. The Messenger service is basically used for enterprise network management. However, spam and spam advertising vendors often use this service to publish pop-up advertisements, the title is "courier service ". In addition, this service has vulnerabilities, and MSBlast and Slammer viruses are used for rapid propagation.
4. Terminal Services
Allows multiple users to connect to and control a machine and display desktops and applications on a remote computer. If you do not use Windows XP's remote control function, you can disable it.
5. Remote Registry
Allows remote users to modify the Registry Settings on this computer. The Registry can be said to be the core content of the system. Generally, users are not recommended to modify the Registry on their own, not to mention remote modification. Therefore, this service is extremely dangerous.
6. Fast User Switching Compatibility
Provides management for applications that require assistance under multiple users. Windows XP allows fast switching between multiple users on a computer, but this feature has a vulnerability. When you click "Start> logout> Quick Switch ", when you repeatedly enter a user name for Logon in the traditional logon mode, the system considers it as brute-force cracking and locks all non-administrator accounts.
You can disable this service if it is not frequently used. You can also cancel "Use Quick User Switch" in "Control Panel> User Account> Change User Logon or logout mode ".
7. Telnet
Allows remote users to log on to this computer and run programs, and supports multiple TCP/IP Telnet clients, including UNIX and Windows-based computers. Another dangerous service, if started, remote users can log on to and access local programs, or even use it to modify network settings such as your ADSL Modem. Unless you are a network professional or computer that is not used as a server, you must disable it.
8. Performance Logs And Alerts
Collect performance data from local or remote computers based on pre-configured schedule parameters, and then write this data into logs or trigger alarms. In order to prevent data from being searched by remote computers, it is strictly prohibited.
9. Remote Desktop Help Session Manager
If the service is terminated, remote assistance will become unavailable.
10. TCP/IP NetBIOS Helper
NetBIOS is often used for attacks in Windows 9X. This option can also be disabled for users who do not need to share files or print files.
Prohibited services
There are also some services that normal users can disable as needed:
1. Alerter
Notifies the selected user and computer of system management-level alarms. If you are not connected to a LAN and do not need to manage alarms, disable it.
2. Indexing Service
Index content and attributes of files on local and remote computers to provide fast file access. This service is of little use to individual users.
3. Application Layer Gateway Service
Provides third-party protocol plug-ins for Internet Connection Sharing and Internet Connection Firewall. If you have not enabled Internet Connection Sharing or the built-in firewall of Windows XP, you can disable this service.
4. Uninterruptible Power Supply
Manage the uninterruptible power supply that is connected to the computer. You can disable it if no UPS is installed.
5. Print Spooler
Load the file to the memory for printing later. If no printer is installed, disable it.
6. Smart Card
Manage computer access to smart card reading. Can be disabled.
7. Ssdp Discovery Service
Start the upnp Device on the home network for automatic discovery. There are not many devices with upnp, Which is useless for us.
8. Automatic Updates
Updates patches automatically from the Windows Update network. Using the Windows Update function for upgrading is too slow. We recommend that you download the patch to your local hard disk through the multi-threaded download tool before upgrading.
9. Clipbook
Enable clipboard viewer to store information and share it with a remote computer. If you do not want to share information with a remote computer, you can disable it.
10. Imapi Cd-burning Com Service
You can use Imapi to manage CD recording. Although this function is embedded in Windows XP, most of us will choose professional recording software. In addition, if you do not have a burner installed, you can disable this service.
11. Workstation
Create and maintain a client network connection to the remote service. If the service is stopped, these connections are unavailable.
12. Error Reporting Service
Error Reporting is allowed when services and applications run in non-standard environments. If you are not a professional, this error report is useless.
The following services have no effect on common users, such as Routing and Remote Access, Net Logon, Network DDE, and Network dde dsdm.