![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
WinXP -- is it normal to have 4 instances of svchost.exe running in task mgr?
- Thread starter AceTKK
- Start date
Disabling services has never been proven to provide any performance increase at all. It's total bullshit.
As for "security risks," all you need to do is turn on ICF. Presto! No security risks. Running any machine on the net without a firewall is Russian roulette.
By the way, Ranma Sao, can you send me a private message? I have a question to ask you.
As for "security risks," all you need to do is turn on ICF. Presto! No security risks. Running any machine on the net without a firewall is Russian roulette.
By the way, Ranma Sao, can you send me a private message? I have a question to ask you.
Please don't tell me you know how to get through it. I get really sick of the prolific bullshit around here. ICF is just as safe as ZoneAlarm. The only better thing is to have a NAT firewalled between you and the internet.
Disabling services != security;
Disabling services < ICF;
Disabling services == TEH GHEY;
S
shade91
Guest
I agree. I normally shut down 2 services (remote registry, wireless) for peace of mind though.
A NAT'd router is enough. Although if you feel you need protection from other LAN systems then ICF is good enough for me. Once SP2 comes out then there is absolutely no need for a firewall outside of the native XP one. I bought the Sygate firewall for the two owners of my company as the Sygate had functionality that the native XP one couldn't provide (yet).
One thing I can definitely concur on.. is the stupid 'prolific' "it isn't secure" statements people make with nothing to back it up.
I thought ICF only detected risks coming from the outside, not inside going out. That is why a better brand firewall is a better choice. In addition, how often do you think Microsoft improved ICF over the years. Enough said.
Even hardware firewalls don't detect unauthorized internet usage from the client's side. So, I personally run both, a hardware firewall (Netgear FWG114P) and a software one (Sygate).
Even hardware firewalls don't detect unauthorized internet usage from the client's side. So, I personally run both, a hardware firewall (Netgear FWG114P) and a software one (Sygate).
Stanley Pain
2[H]4U
- Joined
- Apr 5, 2001
- Messages
- 2,510
Mandatory Linux plug.
iptables > *
iptables > *
Prior to SP2, the ICF only for incomming connections yes. Starting with SP2 the firewall wall was reworked for incomming and outgoing connections. Yes, prior to SP2, a third party solution would be needed to monitor\block outgoing connections.
Note that there are still other features that third party solutions provide though, above the functionality of your average firewall. After all, we wouldn't want to be forced to removed the firewall due to being anticompetative right?
XPSP2?
A true firewall prevents access from both sides, incomming and outgoing. This is true of both hardware and software firewalls. Thus the reason that the ICF wasn't seen as a "real" firewall prior to SP2.
As for disabling services, it doesn't really gain you much. It's possible to get a liitle extra available memory, but that's only likely to make a difference if you're running on 128MB or less. It may save a slight bit a startup time in the best case, and could take longer in the worst case.
Two examples given previously were remote registry and wireless. Since remote registry requires authentication of a valid user (administrator to really do anything), disabling the service is a case of treating the symtom rather than the source. If you don't want valid users connecting to the machine from the network use the local security to deny access from the network. Simply shutting down remote registy to keep an admin from touching the registry from the network isn't going to prevent that admin from connecting to your system in other ways, or even restarting the remote registry service.
Wireless? Well, if you use wireless, it's likely that the settings on the machine will have already been set up by you or another person. If you don't use it, then no harm done, it's paged out and doesn't impact the system.
However, removing services from the machine can lead to application failing, or having errors that are difficult to diagnose. If an application has a bug such that it expects to be able to query some information from a service and doesn't first check that the service is running, then the app could fail.
S
shade91
Guest
Keep in mind I can also unshare that c$ share via the registry as well as those other various hidden shares. No, they won't come back on a reboot if you unshare them by the registry.
There used to be only 1 svchost running a while ago, now I notice 4 for me too... If i disable my firewall, a sound file is played looped untill I either start up the firewall again, put my modem in standby or termintate one of the 4 svchosts. Anyone know why? AVG also notifies me of svchost when I run a scan too, but I can't get rid, only isolate or something...
OK, then I could just connect to the computer via WMI and tell it to start the remote registry service. Or I could use the task scheduler to run a command to turn it on.... Or I could mstsc to the system and turn in on from there....
You're missing our point completely. Turning off services to keep an authentic admin from accessing the sytem from the network is like trying to lock a home owner out of his own house by closing one of the windows (and leaving all other doors and windows open). I mean, what's really the point? It doesn't really make you any more secure.
If you want to explicitly deny a valid user from using the system over the network, DO IT THROUGH THE SECURITY POLICY. There's a reason there's a security policy editor. Of course, you could make it much easier on yourself by not giving other people accounts on the system in the first place, that removes the problem completely. After all, none of these things are even accessable unless it's comming from a authenticated user (valid username\password).