Submitted by Dave Solomon of Sysinternals was experimenting about how many services are necessary for at least basic funtionality of Windows. What he discovered, however is that Windows can be perfectly used for almost all basic use, such as web browsing or running aplications, without any services running. In his article he explains how to achieve this. Apparently even Microsoft’s own vice president of the Core Operating Systems Division was surprised about this.
If microsoft wanted they could ship a copy of XP with almost no services running that would probably run on a 486 but they chose not to because they would be creating a longer upgrade cycle and negatively impacting their own sales. This could also be the answer to defeating Linux but Microsoft is intentionally holding back for that reason.
Linux (desktop) does not have this same hardware agenda but most mainstream Linux distros are every bit as bloated (or more so) out of the box as windows XP.
Placing any new services in startup should require a federal license if you ask me.
I’m a service-tweaker myself, being a ‘long-time’ user of Blackviper’s Service Tweaking tips (now no longer online, but mirrored by dozens of tweak-sites, often without acknowledgements).
He described which services could be safely turned off, which could be safely turned off in case you dind’t need certain functionality (like wireless networtking, networking in general, printing, etc.) and which services were absolutely necessary. This greatly helped me to tweak my system.
If you wanted barebones, only 6 services were absolutely necessary to function. See it here:
http://web.archive.org/web/20041128084144/www.blackviper.com/WinXP/…
So this is..an interesting article.
why is he head of core OS division if he doesn’t even know his own OS. iknow plenty of people who could do a better job.
Many of the tools needed to run Windows properly don’t come from Microsoft — or Symantec for that matter. They come from Sysinternals and a very short list of companies and individuals who know what is really needed to make use of an OS that is obfuscated in the name of simplicity.
Sysinternals is one of the reasons why admins everywhere have a fighting chance to use Windows in a serious way as opposed to the marketer-driven, unstable and unsecure, way that it is shipped.
Thank you Dave Solomon!
Seconded.
Would have like to see a “netstat -anp” to see what’s still is listening.Ideally and trivially to adchieve is a all ports closed message from a scanner like nmap.
XP added -o to netstat, which displays the parent process IDs for each socket. SP2 went a step farther, adding -b to display the executable name, and -v to display the components involved.
I find it amusing that these guys made it so difficult to achieve. Mac OS X works right out of the box as a great client system with ZERO services running by default. Why does Windows need anything running at all? It just creates a big security hole every time it’s turned on.
> I find it amusing that these guys made it so difficult
> to achieve
They made it so difficult because
1. most services ARE essential. RTFA – they could not even log off after shutting down all serrvices, nor would the task bar display any windows.
2. shutting down these services is “outside the specification”. You cannot *expect* anything to work in this state, and they made it difficult to prevent people from abusing any effects they observe in this state.
> Mac OS X works right out of the box as a great client
> system with ZERO services running by default. Why
> does Windows need anything running at all?
So OSX does not have a kernel nor processes running after startup? Or do you think the microkernel-ish idea of moving functionality out of the kernel and into separate services is bad (and if so, then why)?
They made it so difficult because
1. most services ARE essential. RTFA – they could not even log off after shutting down all serrvices, nor would the task bar display any windows.
Essential by design under Windows. Other operating systems don’t have that limitation and thus can start with no services and still be quite functional.
2. shutting down these services is “outside the specification”. You cannot *expect* anything to work in this state, and they made it difficult to prevent people from abusing any effects they observe in this state.
This only emphasises that MS has made some questionable design decisions…after all no other OS seems to have this design and the associated limitations.
So OSX does not have a kernel nor processes running after startup? Or do you think the microkernel-ish idea of moving functionality out of the kernel and into separate services is bad (and if so, then why)?
Microkernel has nothing to do with it. The same applies to monolythic kernel operating systems.
Having services local and network accesable as appropriate and only spawned as needed is a good idea. That’s why you may hear about unix/Unix being secure — it uses things like init (and improvements to init) to lessen the impact of running an arbitrary service. Windows has svchost, though it’s not as aggressive as init/xinit and others.
The fewer things that are running, the lower the complexity. The lower the complexity, the more likely that defects or odd interactions will not impact the system. Require that everyone runs 48 services and not only do you loose these benifits but you introduce the chance that attack vectors are plentiful and easily exploited — something that should sound familiar.
Didn’t need blackvipers site in order to screw my system by experiment a long time ago 🙂 I wonder though who runs in bare bones mode from day to day (must be a machosist).Disabling RPC resulted in a awfull long login time.
Gentoo also has only the services running you specifically choose to run.I think rather more important are the services who can be reached over the net to be shutdown as much as possible.
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-07-26 16:38 UTC
All 1663 scanned ports on localhost (127.0.0.1) are: closed
Nmap finished: 1 IP address (1 host up) scanned in 0.333 seconds
Or “netstat -tap | grep LISTEN” which produces absolutely no service listening.
Or “netstat -tap | grep LISTEN” which produces absolutely no service listening.
netstat -oap tcp | findstr LISTEN
Windows netstat has no -t option.
Really, this made my belief true. I have worked extensively in windows user mode and kernel mode. I always felt that windows kernel is quite clean with everything well defined. Dave Cutler (aka VMS fame) has indeed designed a good kernel with NT series.
But jokers at MS with their user mode crap and always trying to make things easier (or DUMB) for users have crippled it. I mean look at the dependencies and polling, frankly did they really have to make it so complex and make so many services running? I personally think they didn’t think much working under hard deadlines of Microsoft and made poo. Last i heard, in longhorn they are correcting many of these things.
The proprietary Microseft XP system is such a joke. I honestly can’t understand why people keep using (and paying for) such a piece of shit when they can get Linux and *BSD for free.
I think it’s because… let’s face it: XP is easy to use. I won’t say it’s fast because I’ve got an OpenBSD computer with 64mb of ram and it runs like .. well .. something fast, but XP will barely run with that much!
> Dave Cutler (aka VMS fame) has indeed designed a good kernel with NT series.
Wasn’t he also the one who wrote the kernel such that after starting up four processes, it overwrote existing ones in the process table?
“Wasn’t he also the one who wrote the kernel such that after starting up four processes, it overwrote existing ones in the process table?”
how the hell would that ever work?
OT
the fastest OS out there, in graphical mode, is BeOS. Try it yourself.
I never understood why some services always have to be running and some can just run and stop. For instance why should print spooler run even when I’m not printing, why can’t it start itself when I’m printing and then turn itself off?
Windows Update is the worst for requiring useless services. On XP it needs Automatic Updates, BITS, and Cryptographic to work. Other than performing updates I usually have these 3 services turned off.
hardly news..
I’ve been doing this for years on my boxes.. between manually editing thing in the registry, disabling all the services cept the few you might need for something, using nlite and xplite plus a few otehr apps.. xp can run nicely 
xp will run fine on a fast 486 with enough ram. It can run usably on a p133/32mb (its using 19mb on that system right now…)…
I’m surprised more people don’t know about this kind of stuff…
>xp will run fine on a fast 486 with enough ram
While the rest of your statements is true, this must be crap that you never tested yourself, right?
XP will not install on anything less than a Pentium-1.
For further “windows on extremely crappy hardware” tests, see: http://www.winhistory.de/more/386/xpmini.htm [in german, but you get the idea: it is possible to run XP on a 20Mhz P1 with 32 MB RAM – way below Microsoft’s stated minimum hardware requirements]
hmm.. oh well, I read several places that people had it running on a 486.. it has an option in the setup for some form of 486..
anyways, 25mhz is pretty cool :]
slowest I’ve ever had it on pentium wise is 60mhz…
I havent read the article yet but the only services i “need” to run properly is RPC and dhcp (because im to lazy to set up everything manually
2 services. If you kill RPC a BUNCH of stuff breaks.. I have it off on a tower than I dont need sound and such on.. using blackbox as windowmanager since explorer is more or less dead
Essential by design under Windows. Other operating systems don’t have that limitation and thus can start with no services and still be quite functional.
It depends on your definition of “service” and in what context the term is being used.
Maybe someone needs to define just what a service is in Windows NT. Its nothing special beyond an application that can respond to messages from the service control manager. Besides having to follow certain security policies that are different than an admin while running in the SYSTEM security account thats the only difference. Its a regular executable application otherwise.
This only emphasises that MS has made some questionable design decisions…after all no other OS seems to have this design and the associated limitations.
OS X has a login process and like the xp login process it runs at all times. Kill it and fast user switching etc. is gone just like on XP.
The Dock on OS X is a process, just like the taskbar is a part of explorer.exe on windows.
I do not know many people who would consider OS X usable without the Dock. Its listed as a core service of OS X.
Yes other Operating Systems do have this design (all of them in fact as every software application or ‘service’ has some kind of runtime requirement or dependancy) and most people consider it to be a limitation when they cannot do basic things like navigate the UI of their computer as advertised once they disable all the ‘services’ on the machine.
Having services local and network accesable as appropriate and only spawned as needed is a good idea.
Agreed and it can be done on a windows system but historically has not been done by default as shipped from MS.
The fewer things that are running, the lower the complexity. The lower the complexity, the more likely that defects or odd interactions will not impact the system.
Agreed.