 |
 Securing your Windows XP vol. 1
April 4, 2005 - Part III
by Andrew Cooper
3. Identifying Startup programs
You can control which programs will be started automatically when the Windows XP is loaded by using the System Configuration Utility. For that, just click the Windows' Start button, select the "Run" menu, and type in msconfig.exe. In the opened window, select the Startup tab.
Programs that are check-marked will be automatically started with Windows. To disable any of them, simply uncheck the appropriate box. Here you need to recognize that it's important for some programs to be started with Windows, so apply caution and informed judgment when disabling some of them. Again, use processlibrary.com to identify which role each auto-started program plays, there you can also find an abundance of other materials dedicated to this issue.
Track all the changes you make to the programs originally configured to be auto-loaded, so in case after you've made changes and Windows begins to operate erratically, you can revert them back to their previous working state by toggling the appropriate checkboxes.
System Startup Utility actually mirrors the settings of the respective startup (run) Windows registry keys.
4. Spotlight on Windows services
As we learned earlier, services are programs that work with Windows and enable various features or components to work. Services are listed in the Task Manager's Services window, and by using the Services configuration console, you can select which services should be automatically started with Windows.
Although Microsoft tries to make each user's Windows experience as smooth and versatile as possible, it cannot envisage the individual needs of each and every one of its users. While it attempts to make a best "estimate" of which services should be working on each individual's PC, the Windows creator cannot anticipate and aggregate the interests of millions of separate users into one single product. That's why the company has decided to enable basic services which are often NOT required for most home or office users. Additionally, computing power and hardware configurations vary from machine to machine, as do the users' skills and expectations.
Windows XP Service Pack 2 has brought many changes and improvements to the protection of Windows-operated machines, and among those changes is the way various Windows processes get loaded when the system boots. Microsoft has been successful in removing dubious and often unnecessary processes from the startup, thus eliminating the potential for hackers to gain control over the machines running those redundant and often flawed processes. Nevertheless, there are some processes Microsoft has left enabled by the default which I advise you to consider switching off.
Read through the next section of the text to learn how to work with Windows processes, and to find out which of them can be safely disabled.
Managing services
To access the Services configuration console, go to the Start menu, select "Run", and then type in services.msc.
By clicking the "started" column from an opened window, you can filter processes by their status, and see which of them are currently working. Then, with the started processes grouped together, you can commence "tuning" your Windows by selecting which services to allow and which to preclude from an automatic startup. Double-clicking on a service's name will open up a window from which you can configure its properties. This window is provided in the screenshot below.
In the "general" tab, all the relevant information on the service is given. From the service description and display name to the startup mode selection, the user can decide whether this service is required. Carefully learn about the process and try to retrieve as much information as possible about the specific process before making changes to the way the services are started. Disabling too many services or precluding critical ones from a startup could potentially lead to the "limited" operation of your PC. To avoid these occurrences, record your actions, and in the event that something begins to function improperly, revert the settings you've made back to their original state. You risk nothing. Just put every modification made back where it was and restart your PC. The previous operation mode of your machine will be restored. But again, remember not to do things you're uncertain about. Study the situation further until you're all ready and knowledgeable about what you're doing.
At the end of Part I of this article I will provide a list of processes that can be safely disabled:
| Services and their startup parameters |
| Process's display name | Process details | Default startup mode | Recommended startup mode | When needed |
| Computer Browser |
Browser service maintains a listing of computers and resources located on the network. Network browsing would still be possible. Low-risk exposure to modification. |
auto |
disable |
Almost never, with rare exceptions |
| Error Reporting Service |
Offers to report an application error to Microsoft's technical staff for review. First off, if your problem has been common, it has already been submitted, and, conversely, if it's only user-specific you can bet Microsoft won't even accept the report. Absolutely useless feature that presently doesn't work. |
auto |
disable |
Only if you want to submit your application error report which Microsoft won't even consider |
| NetMeeting Remote Desktop Sharing |
Enables a user to access his/her computer remotely using NetMeeting. Creates another open door for hackers to take advantage of the host of flaws found in the NetMeeting software. No one with their wits about them would want to share his/her remote desktop over the Net. |
manual |
disable |
Only if you're a proponent of Microsoft's redundant and unnecessary features. Also needed if you want to welcome a hacker in :-) |
| QoS RSVP |
Provides traffic control on a network using IPSEC and applications that support QoS, and have an adapter that supports it. The QoS Packet Driver installs by default on any TCP/IP connections. I recommend uninstalling it if it is not needed on your network. All in all, this service is NOT needed in most networks, and even if it is, networks without it still function normally. |
manual |
disable |
Only if your network requires QoS RSVP. |
| Remote Desktop Help Session Manager |
Manages and controls Remote Assistance. Few people really need remote assistance and the perils associated with it far outweigh the benefits. |
manual |
disable |
Only needed for folks who need Remote Assistance capability. |
| Remote Registry Service |
Enables remote users to modify registry settings on your computer. If this service is stopped, the registry can be modified only by users on this computer. Absolutely unneeded - even dangerous if someone can freely modify the registry of a remote user. Disable ANYWAY. |
N/A:
WinXP home
auto:
WinXP Pro
|
disable |
Only if you want to let someone modify the settings in your Windows Registry which is quite dangerous. |
| Secondary Logon |
Enables starting processes under alternate credentials. Why would you need it if it uses the credentials of another person to start an application normally started on your behalf? Disabling won't cause any trouble; on the contrary, it's greatly appreciated. |
auto |
disable |
Only if you want to allow starting the application on behalf of someone else's credentials. |
| Server |
Used for file and print sharing from your computer across LAN network it is connected to. Also used for Message Queuing.
Disable only if you don't use the sharing function of your computer's files and printers with others in your local network. Disabling the service when it's not needed will reflect positively on the computer's overall security. |
auto |
auto:
if the computer is included in the LAN and you want its files and printers sharable.
disable:
if you don't want to share your computer's resources over your local network.
|
When files and printers of your computer need to be shared with other computers across the LAN. |
| Smart Card |
Used to authenticate you on a network or local computer with the use of a smart card. If you're not using this card, or as most of us, don't have such a card, you won't need this service. |
manual |
disable |
Only for an authentication through smart cards. |
| SSDP Discovery Service |
Used to locate UPnP devices on your home network. Used in conjunction with Universal Plug and Play Device Host, it detects and configures UPnP devices on your home network. For security reasons and for the fact that I doubt that you have any of these devices, disable this service. UPnP is used for the purpose of connectivity on networks via TCP/IP to devices, such as scanners or printers. |
auto |
disable |
Only if any EXTERNAL device does not function because of this service being disabled, place it back in to automatic. MSN Messenger uses this service in conjunction with supported UPnP devices, to provide support for networks behind a NAT firewall or router. Also, if you are experiencing difficulty connecting to multiplayer games that use DirectX, place this service to automatic. |
| TCP/IP NetBIOS Helper |
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. If your local network doesn't use NetBIOS and/or WINS, you may safely disable this service. |
auto |
disable |
Only for somewhat odd, old-fashioned networks and even then the use of it would be questionable. |
| WebClient |
Enables Windows-based programs to create, access, and modify Internet-based files.
Basically, you won't ever need this service enabled. Enhances the level of a computer's security when disabled. If programs such as MSN Explorer, Media Player, NetMeeting or Messenger fail to provide a particular function, revert the setting to the default status. |
auto |
disable |
Only if some MS IM or media programs fail to function as they had previously. |
| Windows Time |
Maintains date and time synchronization for all clients and servers in the network. Allows you to access Microsoft' time server and puts your computer's clock in synch with it. Will contact the time server every 7 days for a synchronization request. |
auto |
disable |
Only when you need to synchronize the time of your computer's clock. If you still want to leave this service on, change the synch server from Microsoft's to the government's, at time.nist.gov. |
| Wireless Zero Configuration |
Provides automatic configuration for wireless network devices and connection quality feedback. If you do not have any wireless network devices in use on the local system, disable this service. You may require this service for connectivity with some wireless-ready PDA's, laptops or other portable computer equipment that supports wireless communication.
Even if you do use wireless technologies to connect compatible devices, this type of communication is still very vulnerable and immature, so apply caution and investigate the subject thoroughly. |
auto |
disable |
You need it only if you use the latest wireless technologies. |
| Security Center |
The summarizing window introduced by the SP2 that aims to inform a user about the security stance of his/her computer. Alerts, informs, but actually irritates and doesn't do anything by itself to enhance that security. |
auto |
disable. |
Only if you want to be reminded of your security stance. |
Making the above modifications to the way processes get loaded will lead to a lighter, more robust and secure Windows in the sense that unnecessary processes will stop consuming memory, processor and network resources, and also won't present any obvious security loopholes to hackers.
In the next part we will continue with our topic of making the Windows XP more secure, and resilient, so stay on.
Read next:
Back to Part II
Back to Part I
|
|
