A Windows “service” is a program that runs in the background on Windows.They aren’t programs that will show up on the Start Bar at the bottom of the screen or programs in the sense that you would directly access or interact with them. Windows services generally provide some functionality for the operating system or process actions and requests from other programs.
To see a list of the services installed on your computer and whether or not they are currently enabled, you need to go into the Services Console.You can accomplish this by going into the Control Panel / Administrative Tools folder and selecting Services.
You will see a number of services listed along with a brief description of what the service does, its current status, its startup configuration, and what access level it logs in under.
Select Services from the Administrative Tools Group to Open the Windows Services Console.
Many of these services are unnecessary or rarely used. Sites such as LabMice.net or TheElderGeek.com provide checklists and recommendations for how to configure each of the standard Windows services. For our purposes, we will just talk about the services that directly affect the security of your system. In general, any service you don’t have a need for should be disabled because they simply offer opportunities for someone to possibly exploit a vulnerability or security weakness in that service to gain access to your system.
The following is a list of Windows services that you should disable because they provide an avenue for an attacker to compromise your system while not providing any useful functionality for most users:
■ SSDP Discovery Service Enables discovery of UPnP (Universal Plug and Play) devices on your home network.This service provides half of the UPnP functionality which has no real-world purpose but has been proven vulnerable to attack.This service does not affect Windows 2000.
■ Universal Plug and Play Device Host Provides support to host Universal Plug and Play devices.This is the other half of the UPnP functionality. This service does not affect Windows 2000.
■ NetMeeting Remote Desktop Sharing Enables an authorized user to access the local computer remotely using the NetMeeting program. Unless you intend to use NetMeeting on a regular basis, leaving this on simply provides a possible way for an attacker to gain access to your system.
■ Remote Registry Enables remote users to modify Registry settings on the local computer.With rare exception there is no reason that you would want someone to be able to alter your Registry settings remotely. If you leave this service on, you run the risk that an unauthorized user may change your Registry settings remotely.
■ Messenger Transmits Net Send and Alerter service messages between clients and servers.This service is a security concern from the standpoint that spam pushers have discovered they can use Net Send to transmit spam messages directly to your desktop rather than sending them through your e-mail.
■ Internet Information Services Internet Information Services (IIS) should not be installed by default on any of these operating systems, but as long as you are in the Services Console you should take a look to make sure the Internet Information Services are not enabled unless you are actually using IIS to host web sites or FTP on your local computer. IIS is prone to vulnerabilities which have allowed viruses such as CodeRed and Nimda to propagate.
If you right-click any of the services in the Services Console, you can start and stop the service. However, stopping a service using this technique will only stop it temporarily.The next time you reboot the computer, or the next time another service tries to call or interact with the service, it will restart.
To disable a service so that it will not start again, right-click the service in the Services Console and select Properties. In the middle of the screen under the General tab is a drop-down box titled Startup Type.The drop-down box offers three choices: Automatic, Manual, and Disabled.
You Can Disable a Windows Service by Right-Clicking the Service in the Windows Services Console and Selecting Properties.
Services configured for Automatic startup will be started each time you boot up the computer and the Windows operating system begins. Services that are configured for Manual startup will only start when another program or service activates them or if you right-click the service and manually start it. Services that are disabled will be unable to start at all.
To secure your operating system and protect it from easy access by hackers, I recommend that you disable all of the services mentioned previously, if they are not already disabled.
