OT - reining in svchost on XP

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

On running XP without Microsoft's snoopware
constantly coming and going...

There was a discussion awhile back about running
XP online without enabling various Windows snoopware
programs, and without letting svchost.exe out, not
knowing what process it's representing. Some people
seemed to think that svchost was needed for DNS contact.
It turns out that's not true. (The DNS Client service actually
has nothing to do with DNS contact for URL-to-IP translation.)

I got to playing around with this, since most of my friends
are now using XP. The results follow. They may be of interest
to anyone concerned with privacy/security on XP. Also, for
Stefan, who asked to be informed if a way was found to
stop svchost. ...Though stopping svchost on a networked
PC may be another matter entirely.

--------------
WinXP SP2
Firefox 1.5
Zone Alarm 2.6.88 (earliest version that fully supported XP.)
Dial-up Networking
--------------

I disabled the following 61 services and blocked svchost.
There was no trouble getting online and nothing seemed to
be trying to get out. (At least nothing that Zone Alarm saw.
I used the older version of ZA because in later versions ZoneLabs
redefined svchost as a "normal function" and stopped providing
the option to block it.)

The only uninitiated traffic was something I've never seen
before: Every page load in Firefox brought a UDP call on port
1039+_ from 209.69.188.132, a company called "NTT America".
They seem to be some kind of network services company. I have
no idea why they're apparently trying to elicit some sort of
response from Firefox.

----- Disabled services: ------------------

Related to windows firewall and internet connection sharing:

Internet Connection Firewall/Internet Connection Sharing
Application Layer Gateway Service
Network Location Awarenes

Related to Automatic Updates:

Background Intelligent Transfer Service
Cryptographic Services
Automatic Updates

Mainly specific to networked PCs:

Alerter
Network Provisioning
ClipBook
Network DDE
Network DDE DSDM
System Event Notification
COM+ Event system
COM+ System Application
DCOM Server Process Launcher
QoS RSVP
Computer Browser
Distributed Link Tracking Client
Distributed Transaction Coordinator
Messenger
Net Login
Universal Plug and Play Device Host
SSDP Discovery Service
Workstation
Server
DNS Client
NetMeeting

Network-related services that may be necessary in some cases
with a high-speed connection:

DHCP Client
IPSEC services

General:

Error reporting
Fast User Switching Compatibility
Terminal Services
Fax Service
Help and Support
Human Interface Device Access
Indexing Service
Volume Shadow Copy
MS Software Shadow Copy Provider
NT LM Security Support Provider
Performance Logs and Alerts
Portable Media Serial Number
QoS RSVP
Remote Desktop Help Session Manager
Remote Registry Service
Routing and Remote Access
Secondary Logon
Security Center
Smart Card
Smart Card Helper
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper Service
Telnet
Themes
Uninterruptible Power Supply
Upload Manager
WebClient
Windows Time
Wireless Zero Configuration
WMI Performance Adapter
--------------------------------

Note: These services were disabled with a VBScript using
WMI. After disabling there was no sign of problems running
and online browsing worked fine, but there was an interesting
example of how intertwined these services can be:
On second run the script failed because the WMI services
object requires DCOM Server Process Launcher to be running.
Even though the PC is standalone, apparently the fact that
the WMI Win32_Service is DCOM-capable has rendered it also
DCOM-dependent. Oddly, DCOM Server Process Launcher seems
to be something that was added in SP2.


.

Relevant Pages

  • Re: Svchost.exe
    ... >How do you tell what processess are running under svchost? ... >Before the network became active this svchost never ... Steve Winograd, MS-MVP (Windows Networking) ...
    (microsoft.public.windowsxp.network_web)
  • Lost networking - doesnt recognize Workgroup
    ... I have a peer-to-peer network between a W2K and an XP computer. ... suddenly quit working, apparently because of a problem with the W2K ... "Microsoft Windows Network ... full reboot svchost is now using 0% CPU. ...
    (microsoft.public.win2000.networking)
  • Re: PID 1212 slowly maxing out?
    ... Windows 2003 servers, but could it affect Windows XP as well? ... I'm on a home network running on wireless. ... Logical Disk Manager service ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: Printing from Win9x clients stops
    ... Open Server Management. ... then right-click the name of the computer running Windows Small Business ... >From the client computer: ... The Select Network Component Type ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant print to my Windows 98 shared printer from my XP compute
    ... >>>I can't print from the printer attached to my Windows 98 machine using my XP ... >>>Add Printer wizard and has a pipe attached, indicating a network printer. ... >>>98 machine and I can successfully ping the 98 machine from my XP laptop. ... >>>driver name showed up as UNIDRV.DLL on my XP test page when it last worked. ...
    (microsoft.public.windowsxp.network_web)