long post, sorry.
by Nightmares0nwax - 6/4/09 4:59 AM
In Reply to: Hmm by Captianbreaker
dns stands for domain name service, where a domain name is google.com for example.
there are servers dotted all over the internet that match up domain names to ip addresses. so if you typed www.google.com then your request will be sent to a DNS server and the IP address will be returned to your browser.
the dns resolver (DNSRC) is a cache of websites you've visited previously and it stores their IP address, much like your own mini DNS server on your computer, it dynamically build a profile so next time you type in that domain, your browser checks the dns resolver cache first then your HOST file, if its not in either it will makes a request to your DNS server. your ISP provides you with a dns server by default.
DNSRC has been exploited by malware in the past to redirect you to malicious sites, so is probably better to turn off as its not really needed. the HOSTS file does the exact same thing except the ip addresses and domains need to be added manually.
well just before you go through and start disabling services you might want to weigh out the pros and cons, first, some services dont really take up a lot of memory, some of them are just single dll files that are tiny.
for example, if you use process explorer to examine that instance of svchost that had tons of services running from it, right click it and go to "properties" then click the performance tab, under the "physical memory" section it says how much memory that instance of svchost is using, "working set" is how much ram it would typically use, "peak performance" is obviously when its load is at its heaviest. one of my instances of svchost was running 26 services! but its working set was only 12mb, and peak performance 30mb, which is tiny! most computer will have at least 1gb of ram, and unless you are using some extremeny memory heavy applications, such as modern computer games it remains to be seen if you will notice the difference. some of the virtual size for these instances of svchost are quite big, so its trial and error really. it should help a bit when starting up your computer, especially if its an older model.
also you might want to consider when you will need them. these services are there for a reason, usually to aid different needs you may have now or in the future. once such example is the "wireless zero configuration" service, you dont need it if your not using wireless, but in the future if you get wireless and realise it dosnt work, it could be quite a while before you figure out why. it dosnt mean you shouldnt disable unused services, it just means you have to take some precautions and do a little bit of research on things you are unsure of, weigh up resources vs conveninence, sometimes its just good that things work, but to spend 3 hours trying to fix a computer, because you disabled a service that took up 512kb of memory just isnt practical =P so i gues syou really have to find which services are actually causing a problem or even if a particular service is a security issue, such as net bios or UNPNP.
i have a couple of suggestions to make if you decide to disable any, one is to set the services to "manual" instead of "disabled" that way windows can still enable the service if its needed, such as if another service needs it, but that could be a service that is totally useless, starting another useless service.
My second suggestion is write down all the services you are changing. write down a brief description for each, that way you know what has changed and its easy to reference if you are trouble shooting.
and lastly a complete fail safe is to back up the registry key that contains your current service configuration. it can be found at:
right click that key and select "export" and give it a descriptive name. if things stop working, at least you can use this to change it back to the configuration you have now. i would use this as a last resort though, as it could have some quirky side effects, mainly enabling or disabling services that you have changed since you backed it up.
the elder geek is pretty helpful for windows boxes, check the service list at the bottom.
also blackvipe has a more comprehensive description of services
dont take the recommended settings literally, read the descriptions, example:
it says that service isnt needed, but automatic updates rely on it, also some services have dependancies, that is some service depend on others, you can check the dependancy tab in your service manager.
1. Computer Browser -- Disable if your not on a network ie if you have a stand alone pc
2. DHCP Client - Only if you have a static IP address, if you dont know what that is, leave it enabled.
3. Distributed Link Tracking Client - If your not on a network, disable it.
4. Error Reporting Service - Disable this, 100% not needed
5. Fast User Switching Compatibility - only needed if you use the "switch user" funtion, in other words to switch between logins, set to disabled if you dont need it
6. Help and Support - Disable, help and support is useless anyway. in all the years ive used windows its never once been of any help, nor has it ever supported me.
7. IPSEC Services - used for encrypting data transfer across a network or subnet(s), not really something a typical home user has use for. set it to manual if you are unsure, but mine is set to disabled. its quite safe to do so.
8. Java Quick Starter - personally i would disable it as i have never had any use for java. do you use java? even so, this service is only to speed up the initialisation of java applets, unless you use java applets all the time and it would make a difference, i would disable it. it also uses 20mb of ram + whatever is running in virtual memory.
9. Network Location Awareness (NLA) - only needed if you are using windows firewall or if you are connecting to the internet through another computer, or vice versa. also if you are connecting to multiple networks. i would set it to manual but it looks to be one of those services that continue to run when set to manual. probably because of windows firewall.
10. Print Spooler - do you have a printer?
11. Protected Storage - used for securely storing passwords in memory for the "auto complete" function when browsing the web or using applications, can be useful. up to you. i use mine.
12. Remote Access Connection Manager - if you have a router, like me, you dont need this, only if you connect directly to the internet this is sometimes needed, or if you connect to the internet through another computer (ICS) mine is disabled, set it to manual if that is more comfortable.
13. Server Service - for filesharing and network printers. useless if you dont have a network.
14. Shell Hardware Detection - used to detect new hardware such as usb devices etc and used with the autoplay feature. most of the time when you connect new hardware you have software to go with it, so all round pretty pointless. it can also be exploited in an privilege escalation attack. set it to manual and take note of this particular service, if you find symptoms that match what it is used for, set it back to automatic.
15. SSDP Discovery Service - useless wiothout a network, probably useless with one too. the service "Universal Plug and Play Device Host" depends on this, but you can disable that too. you need this service for ICS, connecting to the internet through another computer, unless you do that then their is not point.
16. TCP/IP NetBIOS Helper disabled! also disable netbios:
17. Telephony - manual.
18. Terminal Services - the following services make use of this, Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. remeber "fast user switching"? also if you are expeting remote assistance from anyone you will need this running, the others you wont need to worry about. also it displays usernames next to running processes in task manager, so if you dont have a need for any of these set it to manual, however i use mine for fast user switching and usernames in taskmanager.
19. Themes - i use mine, for xp themes.
20. Viewpoint Manager Service - no idea what it is, apparently comes bundled with AOL software and some other stuff, viewpoint has several applications, media player, toolbar etc. its used for graphical programs of somesort, its described as bloatware, in other words software that takes up resources. disable it because there is no need for a service for it.
some people say its spyware, which im not sure it is.
some info on it:
21. WebClient - has apparently no use, set it to manual and stop the service.
22. Windows Image Acquisition (WIA) - used for cameras and scanners. set to manual, or leave it as automatic if you think you will need it.
23. Wireless Zero Configuration - needed for wireless configuration. do you use wireless? disable and take note for future reference.
24. Workstation only really needed on a domain based network, set it to manual.
25. reboot your pc. and see if everything works, ie youc an connect to the internet etc.
26. Remote Access Connection Manager - i left this until last because it makes no sense. the description is "creates a network connection" i have a small single pc network at home, where i connect to my router, i have this service disabled and it does not affect me in any way, rather pointless.
that description say sif you use a router there is no need, i guess its only needed for direct connection to a larger network such as the internet. i donno beyond me. if you have a router/gateway then you dont need it.
dont take my word as absolute, do a bit of research behind each service if you are uncomfortable disabling them. just remeber you can undo any changes with that regisrty backup you done, you can also set a restore point before you start, but they are one and much the same thing.