--------------------------------------------------------------------------------
1. NetMeeting Remote Desktop Sharing: allows authorized users to access each other over the network through netmeeting. This service is not very useful to most individual users. Moreover, opening the service will bring security issues, because the service will send the user name to the client connected to it in plaintext when accessing the Internet, hacker sniffing programs can easily detect the account information.
2. Universal Plug and Play Device Host: This service provides support for General Plug and Play devices. This service has a security vulnerability. Computers running this service are vulnerable to attacks. As long as an attacker sends a fake UDP packet to a network with multiple Windows XP systems, these windows XP hosts may attack the specified host (DDoS ). In addition, if you send a UDP packet to the system port 1900 and direct the address of the location domain to the chargen port of another system, the system may be in an endless loop, all resources of the system are consumed (manually enable hardware installation ).
3. Messenger: commonly known as the messenger service. Computer users can use it in the LAN for data exchange (transfer the net send and Alerter service messages between the client and the server. This service has nothing to do with Windows Messenger. If the service is stopped, Alerter messages are not transmitted ). This is a dangerous and annoying service. The messenger service is basically used for enterprise network management. However, spam and spam advertising vendors often use this service to publish pop-up advertisements, the title is "courier service ". In addition, this service has vulnerabilities, and msblast and Slammer viruses are used for rapid propagation.
4. Terminal Services: Allows multiple users to connect to and control a machine and display desktops and applications on a remote computer. If you do not use Windows XP's remote control function, you can disable it.
5. Remote Registry: enables remote users to modify registry settings on this computer. The Registry can be said to be the core content of the system. Generally, users are not recommended to modify the Registry on their own, not to mention remote modification. Therefore, this service is extremely dangerous.
6. Fast User Switching Compatibility: Provides management for applications that require assistance under multiple users. Windows XP allows fast switching between multiple users on a computer, but this feature has a vulnerability. When you click "Start> logout> Quick Switch ", when you repeatedly enter a user name for Logon in the traditional logon mode, the system considers it as brute-force cracking and locks all non-administrator accounts. You can disable this service if it is not frequently used. You can also cancel "Use Quick User Switch" in "Control Panel> User Account> Change User Logon or logout mode ".
7. telnet: allows remote users to log on to this computer and run programs, and supports multiple TCP/IP Telnet clients, including UNIX and Windows-based computers. Another dangerous service, if started, remote users can log on to and access local programs, or even use it to modify network settings such as your ADSL modem. Unless you are a network professional or computer that is not used as a server, you must disable it.
8. Performance Logs and alerts: Collects performance data from local or remote computers based on pre-configured schedule parameters, and then writes the data to logs or triggers alarms. In order to prevent data from being searched by remote computers, it is strictly prohibited.
9. Remote Desktop Help Session Manager: if the service is terminated, remote assistance will become unavailable.
10. TCP/IP NetBIOS Helper: NetBIOS is often used for attacks under Win 9X. This option can also be disabled for users who do not need to share files or print files.
Prohibited services
The above ten services are services that pose great security threats. Normal users must disable them. There are also some services that normal users can disable as needed:
1. Alerter: notifies the selected user and computer of system management-level alarms. If you are not connected to a LAN and do not need to manage alarms, disable it.
2. Indexing Service: Index content and attributes of files on local and remote computers, providing fast file access. This service is of little use to individual users.
3. Application Layer Gateway Service: provides support for third-party protocol plug-ins for Internet Connection Sharing and Internet Connection Firewall. If you have not enabled Internet Connection Sharing or the built-in firewall of Windows XP, you can disable this service.
4. uninterruptible power supply: Manages uninterruptible power supplies connected to your computer. You can disable uninstalled ups.
5. Print Spooler: load the file to the memory for printing later. If no printer is installed, disable it.
6. Smart Card: Manage the computer's access to the smart card. Can be disabled.
7. SSDP Discovery Service: Enable Automatic Discovery of UPnP devices on the home network. There are not many devices with UPnP, Which is useless for us.
8. Automatic Updates: automatically updates patches from the Windows Update network. Using the Windows Update function for upgrading is too slow. We recommend that you download the patch to your local hard disk through the multi-threaded download tool before upgrading.
9. ClipBook: Enable the clipboard viewer to store information and share it with remote computers. If you do not want to share information with a remote computer, you can disable it.
10. imapi CD-Burning COM Service: Uses imapi to manage CD recording. Although this function is provided in Win XP, most of us will choose professional recording software. If the recorder is not installed, you can also disable this service.
11. Workstation: Create and maintain a client network connection to the remote service. If the service is stopped, these connections are unavailable.
12. Error Reporting Service: Allows error reporting when a service or application runs in a non-standard environment. If you are not a professional, this error report is useless.
The following services have no effect on common users, such as Routing and Remote Access, Net Logon, Network DDE, and Network dde dsdm.