Services are program modules that Windows use to perform many native (default) functions. These programs run the instant Windows boot and even before any user logs in to the operating system. Most are essential to the overall function of Windows, but some (in fact, quite a few of them) are unnecessary and present security risks to your computer when they are run. Microsoft's intentions are not doubted, but some services can be used by unscrupulous hackers to break in and control your PC if left to automatically run on every boot of your Windows. We would strongly recommend (see Disclaimer below*) you turn off these services if you have absolute control on your PC. Administrators of a slew of workstations are recommended* to seriously consider turning off these services if they do not serve any useful functions to the operation and administration of the workstations within the local network. As an added advantage, Windows will run faster when unneeded services are disabled.
The list of services which can/should be turned off are as follows (see also the page on How to Turn Off Services):
Services that can/should be disabled
| Service Name | Description (comments) |
| Alerter | Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. (Unless you, as Administrator, use this services to alert you remotely about problems of the PC, this should be "Disabled">) |
| Application Layer Gateway Service | Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows. (This allows 3rd party programs to automatically circumvent the firewall, such as Instant Messaging services, IP phone, etc. Rather than allow such programs to automatically jump over your firewall, you should opt instead to allow them manually. This may make the installation of such programs a hustle, but it is better to do this manually than to allow any 3rd party protocol to do it themselves. DISABLE THIS service if possible. Please see the section on Firewall tweaking for more information.) |
| Automatic Updates | Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. (Keep "Disabled" and turn to "Automatic" only just before you do a Windows Update. Be sure to "Disable" again, after you have finished the Windows Update.) |
| Background Intelligent Transfer Service | Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. (Keep "Disabled" and turn to "Manual" only just before you do a Windows Update. Be sure to "Disable" again, after you have finished the Windows Update. Background file transfers are convenient, but in the hands of the unscrupulous, this is a very dangerous function.) |
| ClipBook | Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. ("Disable" this as it is seldom if ever needed.) |
| Error Reporting Service | Allows error reporting for services and applications running in non-standard environments. (Where do these reports go? Disable it unless you know specifically what and where data is sent!) |
| Help and Support | Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (I "Disable" this service because I don't need it and can present a security risk if a hacker reverse engineer the functions.) |
| IPSEC Services | Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. (Optional. I "Disable" it because I don't need it -- I restore the OS at least once on a daily basis. Security policies are great if you can check their settings once in while, but who does? If a hacker manipulates the policy settings without your knowledge, you are done for.) |
| Machine Debug Manager | Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly. (This would have been great if the debugging process is only on a local basis, but the "remote" function is a worry. I "Disable" this just to be on the safe side.) |
| Messenger | Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start. (This service has nothing to do with Instant Messaging -- it is a messaging service intended for administrators of a network. If you, as administrator, do not use this service, "Disable" it. There is no legit reason for your PC to automatically receive/send messages to other PC's in the local network.) |
| MS Software Shadow Copy Provider | Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. ("volume shadow copies" are seldom, if ever, needed. Besides, where do these copies go? Disable it.) |
| NetMeeting Remote Desktop Sharing | Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (If you are not in a corporate environment, disable this service. And even if you are, unless you, as administrator, use this function, disable it anyway. This can be a high risk security hole if a PC is connected to the Internet and not exclusively run in an Intranet.) |
| Network DDE | Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Optional. But if you don't run any program that dynamically exchange data to/from several computers, you probably don't need it. I disable it for safety sake.) |
| Network DDE DSDM | Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Optional. But if you don't run any program that dynamically exchange data to/from several computers, you probably don't need it. I disable it for safety sake.) |
| Remote Desktop Help Session Manager | Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box. (Remote Assistance is a great concept, but few actually use this function. Remote Assistance suggests that someone, somewhere, can have access to your PC, presumably with your permission. The fact that by default this is on is dubious. It should be disabled by default -- disable it.) |
| Remote Registry | Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. (DISABLE THIS! Only Administrators in a corporate environment should have the "rights" to modify your PC's registry, and even then, I wouldn't recommend it be done remotely if the PC has Internet connection.) |
| Routing and Remote Access | Offers routing services to businesses in local area and wide area network environments. (For most, this service is not needed. Disable it.) |
| Security Center | Monitors system security settings and configurations. (Optional. If you are like me and have conscious control over security settings, you don't need any monitoring help. Check it out yourself periodically to make sure no hacker has changed the settings. The monitoring service actually may help hackers to know what your security settings are.) |
| System Restore Service | Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties (Optional. If you do your own system restore, such as using Ghost, for example), you can turn off Windows automatic restore function. My problem with this service is that if the PC is infected, the system restore function actually help to "keep" your PC infected. I turn system restore functions in my own PCs.) |
| Task Scheduler | Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. (This service is damn useful, but it can be a security risk -- imagine a hacker inserting a task to run at specific times without your knowledge? I disable this and enable it ONLY if/when I what to schedule a program to run on a specific date/time. Disable this if you have no use for it.) |
| TCP/IP NetBIOS Helper | Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. (This service may or may not be needed for Window's LOCAL network, but it is not usually necessary for Internet use. Since it gives out information on your computer (and local network), you may be better off to disable this service. I disable this specially for my "Internet" enabled machines.) |
| Telnet | Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet (DISABLE THIS! This may be useful for network administrators to connect to your PC and manipulate it at the command line, but if your PC is Internet enabled, this means that just about anybody else can do the same to you PC. Unless your PC is disconnected from the Internet, disable this service because it is one of the easiest ways for hackers to get into your Internet enabled PC.) |
| Terminal Services | Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. (DISABLE THIS! This one is pretty obvious... you wouldn't want others to see what you are doing in your PC.) |
| Uninterruptible Power Supply | Manages an uninterruptible power supply (UPS) connected to the computer. (Unless you have a UPS device attached to your PC, you can disable this as running it only eats up resources in your PC.) |
| Volume Shadow Copy | Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. (Use your own backup process and don't allow Volume Shadow Copies unless you know exactly how/where these copies are being made and sent to. I disable these in all my machines because I use my own backup schemes.) |
| Windows Media Player Network Sharing Service | Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play. (Unless you are an audio fanatic and do a lot of music networking, disable this. I am not comfortable with any network sharing and enable sharing only when needed and even so, only temporarily.) |
Note: If IIS (Internet Information Server, the packaged Windows web server) is installed, we also recommend you turn off the FTP and SMTP services unless your web site under development uses these services explicitly. They are services that can easily be abused by hackers. These services are installed by default when you install IIS.
*DISCLAIMER: Disabling the above listed services can affect the functionality of your PC and should be fully tested one at a time in your own environment before committing the changes. The listed services were disabled in our own particular environments without any adverse effects, but the same may not be true to your environment. Please treat these changes with caution and return them to their default settings if you find your PC does not work as you expect. We cannot be held responsible for any problems that may result from disabling the services contrary to their default settings.
