Running Windows With No Services 619
mattOzan writes "So how many of the almost 4 dozen default-enabled services does Windows XP really need in order to preserve basic functioning, like web surfing and running applications?
Zero, as it turns out.
Mark Russinovich at Sysinternals demonstrates that if certain steps are followed, Windows XP will still run with only two active processes: System and Csrss.exe. No Smss.exe, Winlogon.exe, Services.exe, Lsass.exe...
And, contrary to the expectations of various lead engineers at Microsoft, even Internet Explorer will still work under such conditions."
For sufficiently small quantities of "run" (Score:3, Interesting)
Re:No Thanks (Score:3, Interesting)
Lots of work (Score:5, Interesting)
I wonder how this well XP will run on qemu (Score:5, Interesting)
So how about Mac OS-10.4? (Score:4, Interesting)
Interesting (Score:5, Interesting)
I wonder if you can automate that.
And then, I wonder if you can provide the functionality that goes missing by running your own services. Sort of subverting Windows from the inside, and giving you more control over it.
But then, I'm not that interested. I've got my control. Total control. Without having to wrestle it from Windows.
Emptiness (Score:2, Interesting)
"As the scientist dug deeper into the structure of the atom, he found out that underneath the quarks, etc. there was nothing - just emptiness."
Seems to me that this applies in some way
Optimization (Score:3, Interesting)
I don't like how programmers bloat their programs; how the programs expand to fill the speed and HD capacity of the modern computer. I have half a mind to install DOS 6.22 and Windows 3.1 on my 1.2 GHz box. Fewer unnescessary services, and programs really will open instantly.
Speed is the very reason my default photo-editing client is Paint Shop Pro 4, not Photoshop Elements. Why the hell should I wait minutes for a program to load? What is this, 1980?
Benchmarks (Score:2, Interesting)
Has anyone tried the following? (Score:1, Interesting)
Re:No Services on Boot? (Score:5, Interesting)
So we're supposed to blame MS for Spyware? Windows doesn't ship with system-crashing spyware, and it's not even like viruses are its primary way in. Most spyware is willingly installed by clueless users.
My Windows machine at work is currently at 221 hours of uptime. I don't even remember why it was rebooted prior to that, but it wasn't because of a crash. The current version of Windows XP is pretty stable if you ask me - not as good of a 24/7 OS as most *nix's, though not for reasons of stability. Its interface is not designed for keeping large numbers of applications open at once, and it doesn't seem to handle memory all that well at this point (this used to be one of its strong suits compared to other OS's). But it doesn't crash unless you do something stupid (like install spyware) to make it crash.
Re:Reminds me of the good old days... (Score:2, Interesting)
Not that I'm totally sure what would happen if you killed one of the 24 processes associated with the kernel . . .
Re:You can even close explorer.exe... (Score:5, Interesting)
From memory (haven't done this for some time, so I could be a bit off...)
Start Regedit, find HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ Winlogon, Change the value of Shell from Explorer.exe to cmd.exe.
Re:I used to do this (Score:3, Interesting)
1. The system taking FOREVER To start up
2. Some increidbly bizarre quirks.
3. Turning services back on didn't resolve the problem.
I realized it just wasn't worth my time on Win2K. darn, and I honestly didn't need to be running fax services either.
Later on in life I found myself having to do it on WinXP when it was pretty much running at 100% CPU power, just about every minute of operation for no reason.
WRONG!! (Score:1, Interesting)
And I'm talking about RECENT Dell optiplex and above... not some ancient POS like emachines or such. (which all ship with windows and spyware) and on the upside, explorer still comes with Alexa which IS known spyware.
Re:No Thanks (Score:3, Interesting)
-matthew
Re:No Services on Boot? (Score:5, Interesting)
On your typical Joe User system with broadband, your point is laughable at best. I have seen far too many typical Joe Users with system that are just "owned" by spyware/adware/malware/viruses. I live 1,300 miles from most of my family. Their systems are really, really bad. Every time I fly up to see everyone, I really an just doing "Windows admin" tasks for everyone. It is pretty sad that MS Windows allows a typical Joe User to totally destroy their system so easily, especially if those Joe Users use the "recommended"/"preferred" MS software of IE and outlook express.
Yes, technical users can lock down their home WinXP systems. My corporate WinXP dev workstation has not been rebooted for a long time and runs well (with the exception of explorer.exe crashing every time I log out!); This is at a fortune 500 that has spent 100's of thousands if not more on security (on a side note, we just spent a lot on an SSL VPN (in addition to our traditional VPN) solution so that any of our users that want to access our intranet from home need to go through that SSL VPN. Why did we buy this? Because we have 140,000+ employees and the _majority_ of those home users had viruses that were trying to get into our network and we had to protect our MS Win based servers (not our Linux or Solaris servers)! The majority of our non-technical home users had viruses running MS Windows!). My home WinXP system runs very well because I have protected it with a hardware firewall and a Linux firewall and locked down my wife's login account to just "Power User" so she cannot totally kill the system.
Now try to get the millions of Joe Users to implement these types of restrictions/securities/etc and see the backlash. They just won't/can't do it. The tasks are just too technical for most. The funny thing about all of this is that most Joe Users _do_ have some type of security. Many of them have Norton "firewall" or some other end-user type "protection". It is just funny how most of them _still_ are able have their systems destroyed in an average of 2-3 months or so.
Of my family members, so far I have gotten my brother-in-law to switch to Mac OS X (he is a photographer and wanted Mac anyway) and my sister to switch to Linux (web/email junkie only). I wrote down the root password for both of them, though they have no clue what to do with that root password. Both of their systems are still chugging along without issue. I can logged into each system every so often thanks to dyndns.org and I apply patches. I tried to do dyndns.org on some of my families WinXP boxes, however, they were getting infected faster then I could patch/clean them. It really is much easier for me to go North once a year with a bootable Linux CD and burn backups of their personal files and then do a restore, than to try to admin all their systems remotely.
Mark Russinovich and Bryce Cogswell (Score:5, Interesting)
Automating This Procedure, and debunking miths (Score:2, Interesting)
This may be useful for maintenance purposes, as some posters commented in the article's comments zone. Not that is very wise to run a machine like that all the time, as the article itself says.
But what I like the most about this, is that the article shows that WinNT 5.0 (A.K.A. Windows 2000) and WinNT 5.2 (A.K.A. Windows XP) can be trimmed down to a bare minimum. Another mith debunked.
Other of my pet peves comes from the dos era. The slashdot crowd used to say that DOS can not mount a drive into a a directory to form a unified directory tree like in Unix. This was false then (please see the description of the JOIN command mor the method in DOS). The functionality was present in Win95 and 98, but seems absent in 2000 and XP.
Miths like this abound on Slashdot and are repeated time and time again, until they become truth. Check first, post later.
Re:Lots of work (Score:4, Interesting)
1. Rename krnl386.exe (to whatever)
2. Copy command.com to krnl386.exe
The thing would boot to command prompt with all the VxDs loaded and the VM fully functional -- pretty cool, if you have a use for such a beastie.
Finally a way to get rid of Winlogon viruses (Score:2, Interesting)
Now, the fact that Winlogon.exe can actually be subverted by malware is another story entirely...
Re:Finally a way to get rid of Winlogon viruses (Score:3, Interesting)
Then do whatever registry or other process modifications that are necessary.
You can use Process Explorer to suspend processes.
Winlogon.exe is not subverted in any ways -- what are you talking about?
They Would Say That (Score:2, Interesting)
Re:Lots of work (Score:4, Interesting)
Basically it had similar effect to replacing init with sh on your friendly *NIX box, which is a useful trick that has its own merits:-).
In case of Windows 98 the most useful thing you got by running COMMAND.COM like this was logn file names without need to start the bulky and unscriptable GUI. I've built a custom image replicator this way that was used for loading hard drive images into embedded 98 boxes (yeah, I know:-)) on the production line. The other option was to use linux, but I wasn't quite sure how to do a "SYS C:" from linux, and the capitalization on the filenames was getting all screwed up (back then VFAT module was still somewhat "new").
NT (including 2000 and XP) has a completely different architecture. I figure, you'd want to replace something like WINLOGON.EXE, or whatever the closest equivalent of init there is on Windows. I'm sure there are people here who are a lot more knowledgable about how WinNT starts.
Try no hard drive. (Score:3, Interesting)
Re:No Services on Boot? (Score:3, Interesting)
I can see that with the video drivers.
What about everything else?
Do I need my sound card to run at kernel speed?
The hard disk driver?
Even the NIC card?
I don't think so. The CPU is spending most of its time idle on most machines, so why do drivers for SLOW HARDWARE have to be running at kernel speed?
Because some designer thought it was a good idea back in the 286 days?
Modern OS's do not allow user space to control the hardware. Why allow drivers to take control of the system totally away from the OS?
The biggest annoyance I have with Windows (and even with Linux to a lesser degree) is how it can go wool-gathering for several minutes when some app is trying to do something with hardware that isn't responding? Even Task Manager isn't responsive.
On most mainframe OS, no matter what the hardware is doing (because it's being controlled by an external controller, mostly), the OS can be woke up with a couple keystrokes. This needs to be done on PCs. The point of a preemptive OS is that it can regain control of the system on its terms - which means it's responsive to the USER, not the hardware. Which keeps the USER in control.
Putting drivers outside the OS's control is just dumb design - let alone letting any moron at any hardware company write one and then install it at kernel level. That's just plain idiocy.
IE works but no LAN - pffft (Score:2, Interesting)
Windows XP Home and Professional Service Pack 2 Service Configurations by Black Viper http://dhost.info/kyeu/mirror/blackviper/WinXP/se
Re:Tiny windows (Score:3, Interesting)
Brilliant! Allow home-grown tagging for an anchor,
use the URI as the anchor text, but still append
a stupid [foo.com]. Brilliant!
Re:No Services on Boot? (Score:3, Interesting)
1. It encourages people to reboot. (i.e., as intended)
2. It causes people to delay installing the patches because, well, they have to reboot in the first place, and they get sick of the nagging.
So the result is that most people do what I've done, which is "download updates for me but let me choose when to install them." The problem is that a lot of the time they'll wind up not installed. (*I*'ll install them, but God only knows about Joe Bob.)
This kind of thing is rampant in the Windows world. For example, Norton Antivirus (I think it is) has an option to do automatic virus scans on a schedule. This is a GOOD thing. It should be done. Unfortunately, since it doesn't run with the equivelent of a "nice 20" and it insists on hogging the console as well (until you background the thing), a lot of people, including me, just turn the autoscan feature off.
The one exception to this is probably firewalls. When firewalls do this kind of thing and don't play nice, they do it ONCE for an application most of the time, so it doesn't become annoying. Sure, it might crash the whole freaking 3D app when it unceremoniously grabs the desktop to pop up a little bubble dialog, but it should happen once if at all, and that's it. So it isn't the same thing.
Now, while we're on the topic, I might as well get my post downmodded by saying something that Windows tends to do well that I like. Well, Windows specifically doesn't do it, but the various firewalls out there do. You authorize *applications* to either access the net or not, which is nice. Granted, it isn't all that you need for a decent firewall, but it would be nice if Linux made that kind of enforcement fairly transparent. (Of course, make the admin have to turn it on. Don't do it by default or all sorts of stuff will break.)
Re:Lots of work (Score:3, Interesting)
I suspect you'd have to replace either CSRSS.EXE or SMSS.EXE, and the app you replace it with would have to be a native application, so it couldn't be CMD.EXE which is a win32 console subsystem application. More info on sysinternals, here [sysinternals.com] and here [sysinternals.com].
Note that I/O will be your primary difficulty -- the only API available to you was designed for output only during the blue screen phase of Windows NT's boot process, and for display BSODs. You will probably have to install a device driver that enables access to a text console and use that for IO.
This can be done, as both Windows Setup and the Recovery Console seem to use this approach.