Checklist: Windows services you should disable today

Many Windows services running by default are exposing your systems to attack. Which ones should be turned off immediately? Find out in this checklist by site expert Roberta Bragg.

I prefer frequenting places where service is their forte: restaurants where someone fills your water glass before you ask, or hotels where you're quickly moved to a new room if your high-speed Internet access is down. I'm furthermore no fan of the airlines reduction in service over time. After being squeezed into seats like cattle and held without food for hours, I keep expecting to get knocked on the head.

However, when it comes to computing, the fewer services my systems use the better. Many Windows services running by default offer possible points of attack. For instance, services often listen on ports that might provide an attacker access to the system, or they may contain vulnerable code that can be exploited. Whether it's a desktop PC or a server, I can guarantee some service is running that's not being used and needs to be turned off to reduce the risk of a successful attack. But which services are those?

On one level, you need a comprehensive approach to the problem. You need to know what each service does, the potential risks and benefits of running it, and whether or not every machine on your network needs it. This is going to take some time. Microsoft provides several helpful hardening guides for Windows 2000, Windows XP and Windows Server 2003.

While you're working on that project, you should also make several immediate changes. Below is a checklist of five services you can disable today. (As always, test recommendations before deploying throughout your production network.)

You may download a printer-friendly version.

 Checklist: Windows services you should disable today
Disable the Alerter service and the Messenger service.
These services were used in early Windows NT networking days to provide support for quick communications from an administrator to all hosts. (Please note: The Messenger service has nothing to do with instant messaging.) Today an attacker can use them to send official-seeming pop-up alerts across the Internet to users' desktops. Whether the alert is a silly annoyance or it appeals to the gullible user and provides an attack base for malicious activity, you don't need it.
Disable the Clipbook service.
This service has nothing to do with the clipboard or its ability to help you transfer data from Excel into Word or from one document to another. The Clipbook service allows remote access to information stored on the local machine. The danger here is obvious: You just don't need one more way for someone to do that.
Disable the Human Interface Device service, except for those users who require it.
This service enables the use of specialized devices, such as Blue-Tooth-enabled mouse and keyboards, game controllers, virtual reality devices, vehicle simulation devices and other specialized input and output devices. That's great -- but do you need it to be enabled on every desktop and server?
Disable the Indexing service.
The Indexing service makes searching the local hard drive faster by keeping a sort of virtual index of the files you store there. However, most machines are not used as file servers, nor should users be storing data locally.
Disable Machine Debug Manager.
The Machine Debug Manager service is installed with Microsoft Script Editor and provides support for program debugging. If the computer is used for development, then you need the ability to debug Visual Studio and use a script debugger. If not, don't run the service. Disable the service, and disable any attempt at its use by opening Internet Explorer --> Tools --> Internet Options. Then select the Advanced tab and click the "Disable script debugging" check box. Don't forget to click OK to save the change.

Roberta Bragg
Roberta is author of "Hardening Windows systems" and a resident expert. She is an MCSE, CISSP and Microsoft MVP, and a well-known information systems security consultant, columnist and speaker.

Click to ask Roberta a question or purchase her book here. Also, if you have specific questions or comments about any of Roberta's checklists, click to e-mail her directly. Copyright 2004

Dig Deeper on Enterprise desktop management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.