Running Windows With No Services 619
mattOzan writes "So how many of the almost 4 dozen default-enabled services does Windows XP really need in order to preserve basic functioning, like web surfing and running applications?
Zero, as it turns out.
Mark Russinovich at Sysinternals demonstrates that if certain steps are followed, Windows XP will still run with only two active processes: System and Csrss.exe. No Smss.exe, Winlogon.exe, Services.exe, Lsass.exe...
And, contrary to the expectations of various lead engineers at Microsoft, even Internet Explorer will still work under such conditions."
And... (Score:4, Funny)
Re:And... (Score:2)
Not if it means turning them all off every boot...
Re:And... (Score:2, Funny)
less servicing? (Score:3, Funny)
No Thanks (Score:5, Informative)
The bottom line is that this stripped-down Windows configuration is not practical, but makes a cool demonstration of just how little of Windows is required for basic functionality.
- There will be a delay before Explorer redraws the desktop
- won't be able to logoff
- Networking is also crippled
I don't think this stripped-down Windows provides even the most basic functionality expected by many users nowadays.It's like patients are treated as long as their hearts are beating, even though everything else has shut down.
Re:No Thanks (Score:3, Interesting)
Re:No Thanks (Score:2)
Re:No Thanks (Score:3, Informative)
Re:No Thanks (Score:5, Insightful)
Run "su username" or "exec su username", and the problem is solved :).
Re:No Thanks (Score:5, Informative)
Re:No Thanks (Score:3, Interesting)
-matthew
De-infestation (Score:5, Insightful)
Re:No Thanks (Score:5, Funny)
Sounds alot like Linux!
[with all the cheap shots taken at Windows by
Re:No Thanks (Score:3, Informative)
Re:No Thanks (Score:3, Informative)
Re:No Thanks (Score:5, Insightful)
Re:No Thanks (Score:5, Informative)
Because Windows services support dependencies, some stuff will turn itself back on when needed. But at least you don't take the hit at boot time.
Re:No Thanks (Score:3, Informative)
In short, they're both right: for a while after you do this, the system will "mostly work" with only a few glitches. However, it won't "really work".
Re:No Thanks (Score:3, Insightful)
It wouldn't suprise me at this point if they had a few black projects hidden away in Redmond trying to rewrite the whole thing.
Re:No Thanks (Score:3, Funny)
Re:No Thanks (Score:3, Funny)
In THAT case, I'd totally agree, but I doubt you meant something so lucid.
For sufficiently small quantities of "run" (Score:3, Interesting)
...even Internet Explorer will still work... (Score:5, Funny)
Re:...even Internet Explorer will still work... (Score:4, Funny)
Is that you Bill Clinton?
Re:...even Internet Explorer will still work... (Score:5, Funny)
An excruciating slog through random and painful events beyond my control.
So, yes. I think 'work' applies to IE.
Need ma music! (Score:2, Funny)
Lots of work (Score:5, Interesting)
Re:Lots of work (Score:3, Insightful)
Re:Lots of work (Score:5, Insightful)
-matthew
Re:Lots of work (Score:4, Interesting)
1. Rename krnl386.exe (to whatever)
2. Copy command.com to krnl386.exe
The thing would boot to command prompt with all the VxDs loaded and the VM fully functional -- pretty cool, if you have a use for such a beastie.
Re:Lots of work (Score:4, Interesting)
Basically it had similar effect to replacing init with sh on your friendly *NIX box, which is a useful trick that has its own merits:-).
In case of Windows 98 the most useful thing you got by running COMMAND.COM like this was logn file names without need to start the bulky and unscriptable GUI. I've built a custom image replicator this way that was used for loading hard drive images into embedded 98 boxes (yeah, I know:-)) on the production line. The other option was to use linux, but I wasn't quite sure how to do a "SYS C:" from linux, and the capitalization on the filenames was getting all screwed up (back then VFAT module was still somewhat "new").
NT (including 2000 and XP) has a completely different architecture. I figure, you'd want to replace something like WINLOGON.EXE, or whatever the closest equivalent of init there is on Windows. I'm sure there are people here who are a lot more knowledgable about how WinNT starts.
Re:Lots of work (Score:3, Interesting)
I suspect you'd have to replace either CSRSS.EXE or SMSS.EXE, and the app you replace it with would have to be a native application, so it couldn't be CMD.EXE which is a win32 console subsystem application. More info on sysinternals, here [sysinternals.com] and here [sysinternals.com].
Note that I/O will be your primary difficulty -- the
Re:Lots of work (Score:3, Funny)
As long as... (Score:4, Funny)
Give me BSOD or give me ... (Score:5, Funny)
In Windows Vista it's a Transparent Ice Blue Screen Of Death, and it's tabbed.
You're still hosed, but it looks nicer.
Nothing for you to see here. Please move along. (Score:2, Informative)
Anywho, of course most of the services aren't needed at all times, but if they aren't turned on by default, a lot of extraneous apps that expect them will either not install or not work correctly. Hence, they are turned on. Are not most services blazing along on Linux by default to the glee of OpenBSD booster?
Alright then. Don't want em, kill em. It's easy, but the average user would have to read up and
I wonder how this well XP will run on qemu (Score:5, Interesting)
Impractical, but with useful implications (Score:5, Insightful)
Reminds me of the good old days... (Score:5, Insightful)
Re:Reminds me of the good old days... (Score:3, Insightful)
Hmm, I recognise you (Score:3, Funny)
CPU time.
Re:Hmm, I recognise you (Score:5, Funny)
Re:Reminds me of the good old days... (Score:4, Informative)
Most of what the perceptual slowness is in Linux comes from a couple things.
* Inefficient GUI software. GNOME 2 software simply starts up and runs more slowly than GNOME 1 software.
* Heavyweight desktop managers and similar programs. I use sawfish, have a copy of gkrellm running, and use xbindkeys to launch all my programs Most of what I have open at any one time are Firefox windows, xterms (not the far slower gnome-terminals), and xemacs windows. These are all interactive programs, but things are much snappier when running these than when running the GNOME or KDE suites.
* Use accelerated drivers. There aren't that many that have RENDER acceleration, for example, and without that, all the antialised character blits to the screen are unaccelerated -- one reason why the antialiasing in GTK/GNOME 2 "felt" so slow. I use a Radeon 9250/128 bit data path and have no problems.
For all that, there's still a few things I'd like to point out.
* As a kernel, Linux *is* generally faster than Windows. You might be using slower userspace software, though.
* In The Olden Days, Linux distros tended to have an awful lot more daemons running out of box -- my Red Hat 5.2 box, IIRC, ran fingerd, ftp, ssh, telnet, and I think even a web server by default. There might be more -- talk might have been in there as well.
* Linux does a pretty good job of paging. If a daemon isn't doing anything, it isn't going to be consuming your resources.
Exactly (Score:3, Informative)
Once Linux started shipping on CD's, as opposed to the early stack-o-floppies installs, the first reaction was to install and activate everything they could possibly download and pack on that CD.
(And I suppose the fact that at the time the flamewar was "but my Linux system gives me more free stuff than your Windows comes with", also didn't help the cause. Everyone just _had_ to pack 5 web servers and 20 IRC clients on a CD, and offer to install them by de
Let me get this straigt (Score:5, Funny)
Are they saying that, even without all that crap that normally get started...it still crashes?
Or is that not what they mean when they say Windows works?
Re:Let me get this straigt (Score:3, Funny)
Of course. That's what the "System Idle Process" is for...
;-)
So how about Mac OS-10.4? (Score:4, Interesting)
Easy (Score:3, Informative)
Re:So how about Mac OS-10.4? (Score:3, Informative)
If you are really having trouble with OS X 10.4, you can do a couple of things:
1) Upgrade from 5-10+ year-old Apple hardware (most complaints about OS
You can even close explorer.exe... (Score:5, Funny)
You probby won't notice any speed difference.. But your penis will be larger.
MOD PARENT DOWN!! (Score:5, Funny)
Re:You can even close explorer.exe... (Score:5, Interesting)
From memory (haven't done this for some time, so I could be a bit off...)
Start Regedit, find HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ Winlogon, Change the value of Shell from Explorer.exe to cmd.exe.
Re:You can even close explorer.exe... (Score:3, Insightful)
This is on XP pro, I'm not sure of the behaviour on xp home.
I think... (Score:5, Insightful)
For services you actually should disable... (Score:5, Informative)
Re:For services you actually should disable... (Score:3, Informative)
Windows 2000 services [dhost.info]
He doesn't have a list for Windows 2003, however.
Microsoft GA (Score:5, Informative)
Interesting (Score:5, Interesting)
I wonder if you can automate that.
And then, I wonder if you can provide the functionality that goes missing by running your own services. Sort of subverting Windows from the inside, and giving you more control over it.
But then, I'm not that interested. I've got my control. Total control. Without having to wrestle it from Windows.
Optimization (Score:3, Interesting)
I don't like how programmers bloat their programs; how the programs expand to fill the speed and HD capacity of the modern computer. I have half a mind to install DOS 6.22 and Windows 3.1 on my 1.2 GHz box. Fewer unnescessary services, and programs really will open instantly.
Speed is the very reason my default photo-editing client is Paint Shop Pro 4, not Photoshop Elements. Why the hell should I wait minutes for a program to load? What is this, 1980?
Re:Optimization (Score:3, Informative)
echo Closing Down...
net stop "Help and Support"
net stop "IIS Admin"
net stop "Messenger"
when you're done playing your game or whatever, you can start 'em back up with another batch file:
echo Starting Up...
net start "Help and Support"
net start "IIS Admin"
net start "Messenger"
(new-school guys could probably do this easily with a neato vbs script.)
I have a couple o
Re:Optimization (Score:3, Insightful)
I don't like how every fucking program, no matter how big or small, feels it needs to run itself on startup in the system tray and place icons in the start menu, quick launch bar, the programs menu and on the desktop.
For a web browser or something I can see _offering_ to put a shortcut in the quick launch bar. For something like a game it's just fucking stupid.
Example: Winzip
IIRC it puts a shortcut in the start bar, quick launch menu and on the desktop, an
Twisted and Obscure (Score:4, Insightful)
Re:Twisted and Obscure (Score:4, Insightful)
Sysinternals > Microsoft (Score:5, Informative)
No, seriously. If you don't know this, they have a utility called "Process Explorer" for Win32. It's like top on steroids. Actually, its vastly better than top, or any other process monitor I've ever seen. It will show you pretty much everything there is to know about a running Windows process; file handles, TCP connections, you name it. Its small, fast, mercifully lacking a "setup" and free.
They've got a bunch of other stuff for Windows I now consider essential. Check them out.
Mark Russinovich and Bryce Cogswell (Score:5, Interesting)
Mention Windows... (Score:3, Insightful)
This is great! (Score:5, Funny)
Big deal (Score:4, Funny)
Pfft.
inflammatory blurb, again (Score:3)
Try no hard drive. (Score:3, Interesting)
You CAN Kill System Processes From Task Manager (Score:3, Informative)
Supposedly - IF you run Task Manager from PowerPrompt which starts up a shell with System privilege.
Hard to find a downloadable copy of PowerPrompt though, you really have to search Google for it.
Great tool for trashing spyware that's protected by Windows itself.
Interesting but not news (Score:3, Funny)
Re:Aha! (Score:2)
Re:No Services on Boot? (Score:5, Insightful)
Really? Does it? Isn't this just an old joke with not much fact to back it up anymore?
Re:No Services on Boot? (Score:3, Informative)
Really? Does it? Isn't this just an old joke with not much fact to back it up anymore?
You clearly haven't been using a system recently that's been riddled with spyware, I've just had a hell of a time trying to get rid of some stuff on a friends pc that constantly kept rebooting the pc, restarting explorer and crashing winlogon.
Re:No Services on Boot? (Score:5, Interesting)
So we're supposed to blame MS for Spyware? Windows doesn't ship with system-crashing spyware, and it's not even like viruses are its primary way in. Most spyware is willingly installed by clueless users.
My Windows machine at work is currently at 221 hours of uptime. I don't even remember why it was rebooted prior to that, but it wasn't because of a crash. The current version of Windows XP is pretty stable if you ask me - not as good of a 24/7 OS as most *nix's, though not for reasons of stability. Its interface is not designed for keeping large numbers of applications open at once, and it doesn't seem to handle memory all that well at this point (this used to be one of its strong suits compared to other OS's). But it doesn't crash unless you do something stupid (like install spyware) to make it crash.
Windows Uptime: 221 ?!! (Score:5, Insightful)
I was just about to reply to this to say how either you must be lying, or else your system must be horribly insecure because you don't reboot it for the monthly critical updates. Then I noticed you wrote 221 hours and not 221 days.
Usually uptime is measured in days!
Worked on one today with 122 Days (Score:4, Informative)
(FreeBSD admin by choice, Windows admin by necessity)
Re:No Services on Boot? (Score:5, Insightful)
Probably. But maybe he's running a system with a microkernel, which doesn't need to be rebooted to patch a root exploit.
Hell, maybe he installed a minimal version of Linux a year ago, and is using kernel modules for all the advanced functionality. There probably aren't any root exploits in that (what root exploits are there in the kernel, and not the apps, anyway?)
Re:No Services on Boot? (Score:3, Insightful)
Re:No Services on Boot? (Score:3, Insightful)
If an OS can crash because of software then it has a basic design flaw.
Not if that software is running as the administrator.
If an OS can get a virus then it has a basic design flaw.
I don't understand that one. How could an OS possibly protect against all viruses? It'd have to be impossible to modify executables.
Re:No Services on Boot? (Score:5, Funny)
Something is horribly wrong with my OS!
Re:No Services on Boot? (Score:3, Interesting)
I can see that with the video drivers.
What about everything else?
Do I need my sound card to run at kernel speed?
The hard disk driver?
Even the NIC card?
I don't think so. The CPU is spending most of its time idle on most machines, so why do drivers for SLOW HARDWARE have to be running at kernel speed?
Because some designer thought it was a good idea back in the 286 days?
Modern OS's do not allow user space to
Re:No Services on Boot? (Score:5, Interesting)
On your typical Joe User system with broadband, your point is laughable at best. I have seen far too many typical Joe Users with system that are just "owned" by spyware/adware/malware/viruses. I live 1,300 miles from most of my family. Their systems are really, really bad. Every time I fly up to see everyone, I really an just doing "Windows admin" tasks for everyone. It is pretty sad that MS Windows allows a typical Joe User to totally destroy their system so easily, especially if those Joe Users use the "recommended"/"preferred" MS software of IE and outlook express.
Yes, technical users can lock down their home WinXP systems. My corporate WinXP dev workstation has not been rebooted for a long time and runs well (with the exception of explorer.exe crashing every time I log out!); This is at a fortune 500 that has spent 100's of thousands if not more on security (on a side note, we just spent a lot on an SSL VPN (in addition to our traditional VPN) solution so that any of our users that want to access our intranet from home need to go through that SSL VPN. Why did we buy this? Because we have 140,000+ employees and the _majority_ of those home users had viruses that were trying to get into our network and we had to protect our MS Win based servers (not our Linux or Solaris servers)! The majority of our non-technical home users had viruses running MS Windows!). My home WinXP system runs very well because I have protected it with a hardware firewall and a Linux firewall and locked down my wife's login account to just "Power User" so she cannot totally kill the system.
Now try to get the millions of Joe Users to implement these types of restrictions/securities/etc and see the backlash. They just won't/can't do it. The tasks are just too technical for most. The funny thing about all of this is that most Joe Users _do_ have some type of security. Many of them have Norton "firewall" or some other end-user type "protection". It is just funny how most of them _still_ are able have their systems destroyed in an average of 2-3 months or so.
Of my family members, so far I have gotten my brother-in-law to switch to Mac OS X (he is a photographer and wanted Mac anyway) and my sister to switch to Linux (web/email junkie only). I wrote down the root password for both of them, though they have no clue what to do with that root password. Both of their systems are still chugging along without issue. I can logged into each system every so often thanks to dyndns.org and I apply patches. I tried to do dyndns.org on some of my families WinXP boxes, however, they were getting infected faster then I could patch/clean them. It really is much easier for me to go North once a year with a bootable Linux CD and burn backups of their personal files and then do a restore, than to try to admin all their systems remotely.
Well What? (Score:3, Funny)
Yes, but while I use both Linux and Windows, and am quite happy with both, I've never had Linux shut down on me unexpectedly either. Maybe I'm doing something wrong?
Re:Well What? (Score:3, Insightful)
I'm running an RHEL3 box that has been "up" for well over a year. Maybe you have a hardware issue?
Re:Well (Score:3, Insightful)
Depends on the context. If the original story is about Windows, it's appropriate, even if in response to one of my posts condemning that fucking POS. If the original story is about Linux, it may be less so. As long as it's presented as a sincere OPINION, it's one thing.
It also depends how many MORE untruths are uttered, such as "Linux can't be installed by anyone", "There is n
Re:No Services on Boot? (Score:3, Informative)
Such a wonderful attempt at "humor"/trolling/zealotry.
If it actually happened, it'd be funny, but it doesn't anymore (did it ever?) - not unless you have severe hardware problems or you're so clueless that you let your machine get overrun with viruses and spyware.
Re:No Services on Boot? (Score:3, Interesting)
1. It encourages people to reboot. (i.e., as intended)
2. It causes people to delay installing the patches because, well, they have to reboot in the first place, and they get sick of the nagging.
So the result is that most people do what I've done, which is "download updates for me but let me choose when to instal
Re:No Services on Boot? (Score:3, Informative)
What you say was certainly true in the Windows 98/ME days, but NT based systems are much more stable.
Shutting Down Windows... (Score:5, Informative)
For instance, in Windows 98, it's:
C:\WINDOWS\RUNDLL32.EXE user,exitwindows
Google (along with a bit of experimentation) can help for other versions of Windows.
Re:Feel "teh diference" (Score:5, Informative)
Re:Feel "teh diference" (Score:5, Insightful)
Now that aside Windows integration is considered a GOOD thing by most normal users. That's one of the frustrating thing about Linux/UNIX form their perspective. There's a million options, and they have no idea what they need or want. What's more, if they make the wrong choice something might not work, since it depends on something else.
That's why Windows, and OS-X ship with so much integrated. They are targeted at users that want to be told how it is. They don't want a choice of 10 window managers, they want to have one that just comes up by default.
Now if you like the BSD way of doing thigns, that's cool, but don't assume that it applies to everyone.
Building from source is another great example. Linux people tend to see this as the best feature of Linux, that you custom compile things, and you don't have to worry about binary compatiblity. Newbies tend to see this is one of the worst features. Compiling is highly intimidating, as they don't understand what's going on. What''s worse, if something happens, they can't fix it, they don't know how to edit make files, or update headers, etc.
The Windows method is more targeted at the masses, have an enriched OS that isn't just defined as it's kernel, but it's APIs, GUI, media layer, and basic apps. Linux is a minimal approach that defines only the kernel, leaving everything else up to the option of the user.
Both are valid, and don't assume yours is the superior way.
Re:I used to do this (Score:3, Interesting)
1. The system taking FOREVER To start up
2. Some increidbly bizarre quirks.
3. Turning services back on didn't resolve the problem.
I realized it just wasn't worth my time on Win2K. darn, and I honestly didn't need to be running fax services either.
Later on in life I found myself having to do it on WinXP when it was pretty much running at 100% CPU power, just about every minute of operation for no reason.
Re:Automating This Procedure, and debunking miths (Score:3, Informative)
2. Under Storage, select Logical Disk Management.
3. Right click the drive you want to mount under a folder, and click "Change Drive Letters and Paths".
4. Click on Add.
5. Select the option to mount in an empty NTFS folder, and put the folder in.
If you aren't using NTFS, this may not work. I don't have a FAT32 machine handy, though!
Re:Automating This Procedure, and debunking miths (Score:3, Informative)
The 'subst' command also works, as does the ResKit's 'linkd' and Sysinternals 'junction'. All of these, however, have limitations that aren't readily apparent, so none is a substitute for the 'Map Drive to Folder' approach (as though that isn't limited as well).
The feature is a welcome addition, though lame compared to what's possible in *nix. I won't hold my breath waiting for DOS remnants like drive letter
Re:Finally a way to get rid of Winlogon viruses (Score:3, Interesting)
Then do whatever registry or other process modifications that are necessary.
You can use Process Explorer to suspend processes.
Winlogon.exe is not subverted in any ways -- what are you talking about?
Re:There is another name for this: (Score:3, Informative)
One of the the comments posted to TFA specifically states that winlogon.exe is still running in safe mode – sure it is, how would you otherwise log in? – and killing it as explained in the article enables removing of viruses that attach themselves to winlogon.exe, without a need to boot from external media.
This means that grandparent is simply wrong, safe mode won't kill winlogon.
Re:Math skills. (Score:3, Informative)
Re:Tiny windows (Score:3, Interesting)
Brilliant! Allow home-grown tagging for an anchor,
use the URI as the anchor text, but still append
a stupid [foo.com]. Brilliant!