1.NetMeeting Remote Desktop sharing: allows authorized users to access each other on the network via NetMeeting. This service is not very useful for most individual users, and the opening of the service also poses a security issue because it sends the user name in clear text to the client connecting it, and the hacker's sniffer program can easily detect the account information.
2.Universal Plug and Play Device Host: This service provides support for Universal plug-and-hold devices. There is a security vulnerability to this service, and the computer running the service is vulnerable to attack. An attacker who sends a bogus UDP packet to a network with multiple win XP systems could cause the win XP host to attack the specified host (DDoS). In addition, if you send a UDP packet to the system 1900 port, so that the address of the "Location" field points to the Chargen port of another system, it can cause the system to fall into a dead loop, consuming all of the system's resources (which need to be manually turned on when you install the hardware).
3.Messenger: known as Messenger service, computer users can use it for data exchange within a local area network (transmission of net send and Alerter service messages between client and server, which is not related to Windows Messenger.) If the service is stopped, the Alerter message will not be transmitted. This is a dangerous and annoying service, the Messenger service is basically used in enterprise network management, but spam and spam advertising vendors, also often use the service to publish pop-up ads, titled "Messenger Service." And the service is vulnerable, msblast and slammer viruses are used for rapid transmission.
4.Performance Logs and Alerts: collects performance data for a local or remote computer based on preconfigured schedule parameters, and then writes this data to the log or triggers an alert. To prevent data from being searched by remote computers, it is strongly prohibited.
5.Terminal ServiCES: allows multiple users to connect and control a machine and display desktops and applications on a remote computer. If you don't use Win XP's remote control feature, you can disable it.
6.Remote Registry: enables remote users to modify registry settings on this computer. The registry can be said to be the core of the system, the general user does not recommend their own changes, not to mention to allow others to remotely modify, so this service is extremely dangerous.
7.Fast User Switching Compatibility: provides management for applications that require assistance under multiple users. Windows XP allows for fast switching between multiple users on a single computer. But this feature has a loophole, when you click "Start → logout → fast switch", in the traditional login mode to repeatedly enter a user name to log in, the system will be considered to be brute force, and locked all the Non-administrator account. If you do not use it frequently, you can disable the service. or cancel "Use Fast User Switching" in the control Panel → user account → change user logon or Logoff mode.
8.Telnet: allows remote users to log on to this computer and run programs, and supports a variety of TCP/IP Telnet clients, including unix-based and Windows based computers. Another dangerous service, if launched, remote users can log in, access the local program, or even use it to modify your ADSL modem and other network settings. Unless you are a network professional or the computer is not used as a server, you must prohibit it.
9.Remote Desktop Help session Manager: If this service is terminated, Remote Assistance will not be available.
10.tcp/ip NetBIOS Helper: NetBIOS is often used for attacks under win 9X, and can be disabled for users who do not need file and print sharing.