Disable risk services for XP systems to mitigate the threat of vulnerabilities

In the XP system, the system usually starts many services by default, these services are basically useless, not only occupy the disk space, but also can cause system security problems, so users can disable some unnecessary services to ensure system security.

View the service items that are being enabled

Take Win XP as an example, first you have to use the system administrator account or as a user who has administrator privileges to log in, and then in "Run" enter "cmd.exe" open a command line window, and then enter "net start" return, will show the system is running services

In order to see the information of each service in more detail, we can double-click services in the Start → control Panel → admin tool, or enter "Services.msc" directly in "run" to open the Service Settings window

Turn off, disable, and re-enable services

The service is divided into three types of startup:

1. Automatic: If some useless services are set to Automatic, it will be started with the machine, which will prolong the system boot time. Services that are typically closely associated with the system must be set to Automatic.

2. Manual: It will be started only when it is needed.

3. Disabled: Indicates that the service will no longer start, even when it is needed, and will not be started unless modified to the above two types.

If we want to turn off the service that is running, just select it and select Stop in the right-click menu. But it may also run automatically or manually the next time the machine is started.

If the service item is really useless, you can choose to prohibit the service. When you select Properties in the right-click menu, and then select Disabled in the general → startup type list, the service is completely disabled.

If you need to reactivate it later, just choose "Automatic" or "manual" here, or you can start with the command line "net Start service name ", such as "net start Clipbook".

Services that must be prohibited

1.NetMeeting Remote Desktop Sharing: Allows authorized users to access each other on the network via NetMeeting. This service is not very useful for most individual users, and the opening of the service also poses a security issue because it sends the user name in clear text to the client connecting it, and the hacker's sniffer program can easily detect the account information.

2.Universal Plug and Play Device Host: This service provides support for Universal plug-and-hold devices. There is a security vulnerability to this service, and the computer running the service is vulnerable to attack. An attacker who sends a bogus UDP packet to a network with multiple win XP systems could cause the win XP host to attack the specified host (DDoS). In addition, if you send a UDP packet to the system 1900 port, so that the address of the "Location" field points to the Chargen port of another system, it can cause the system to fall into a dead loop, consuming all of the system's resources (which need to be manually turned on when you install the hardware).

3.Messenger: Known as Messenger service, computer users can use it for data exchange within a local area network (transmission of net send and Alerter service messages between client and server, which is not related to Windows Messenger.) If the service is stopped, the Alerter message will not be transmitted. This is a dangerous and annoying service, the Messenger service is basically used in enterprise network management, but spam and spam advertising vendors, also often use the service to publish pop-up ads, titled "Messenger Service." And the service is vulnerable, msblast and slammer viruses are used for rapid transmission.

4.Terminal Services: Allows multiple users to connect and control a machine and display desktops and applications on a remote computer. If you don't use Win XP's remote control feature, you can disable it.

5.Remote Registry: Enables remote users to modify registry settings on this computer. The registry can be said to be the core of the system, the general user does not recommend their own changes, not to mention to allow others to remotely modify, so this service is extremely dangerous.

6.Fast User Switching Compatibility: Provides management for applications that require assistance under multiple users. Windows XP allows for fast switching between multiple users on a single computer. But this feature has a loophole, when you click "Start → logout → fast switch", in the traditional login mode to repeatedly enter a user name to log in, the system will be considered to be brute force, and locked all the Non-administrator account. If you do not use it frequently, you can disable the service. or cancel "Use Fast User Switching" in the control Panel → user account → change user logon or Logoff mode.

7.Telnet: Allows remote users to log on to this computer and run programs, and supports a variety of TCP/IP Telnet clients, including unix-based and Windows based computers. Another dangerous service, if launched, remote users can log in, access the local program, or even use it to modify your ADSL modem and other network settings. Unless you are a network professional or the computer is not used as a server, you must prohibit it.

8.Performance Logs and Alerts: Collects performance data for a local or remote computer based on preconfigured schedule parameters, and then writes this data to the log or triggers an alert. To prevent data from being searched by remote computers, it is strongly prohibited.

9.Remote Desktop Help Session Manager: If this service is terminated, Remote Assistance will not be available.

10.TCP/IP NetBIOS Helper:netbios is often used under win 9X to attack, and can be disabled for users who do not need file and print sharing.

Through the above mentioned small series of XP system within the various services, is not more understanding of the system, hurriedly start up, the presence of dangerous loopholes in the service, to ensure that the XP system more secure.