Slashdot Mirror
Running Windows With No Services
mattOzan writes "So how many of the almost 4 dozen default-enabled services does Windows XP really need in order to preserve basic functioning, like web surfing and running applications?
Zero, as it turns out.
Mark Russinovich at Sysinternals demonstrates that if certain steps are followed, Windows XP will still run with only two active processes: System and Csrss.exe. No Smss.exe, Winlogon.exe, Services.exe, Lsass.exe...
And, contrary to the expectations of various lead engineers at Microsoft, even Internet Explorer will still work under such conditions."
Obviously the final result, a dubiously functional installation is not really groundbreaking for end-users, but there's much to be said for turning off the many services that ship enabled as default with Windows XP to gain both the performance and security benefits. Knowing whats running, what it's doing, and whether its really neccessary is a good step towards maintaining a system which has a low attack profile and is reasonably secure.
Business Voyeur
In The Olden Days, you could install a Linux disto without 10,000 daemons running... ah, those were the days... Linux was noticably faster than Windows out of the box! ;)
Agile Artisans
Really? Does it? Isn't this just an old joke with not much fact to back it up anymore?
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
That may be, but that means if you don't need ANY in order to run windows in this imperfect state, you probably only need a couple to run it in a perfectly passable state.
the majority of people reading this will not wonder even Internet Explorer will still work under such conditions but if Firefox will still work under such conditions
do.what.promptcmds
If you were to replace the word "windows" with "linux," the parent would be modded "flamebait" or "troll" as opposed to "funny." Assuming of course that the article was about linux.
-William Brendel
It just goes to show you how twisted and obscure Windows is. Even Microsoft's own people don't know how their operating system works. How can they expect to keep it reliable and virus free if they don't even understand what processes need to be running?
Especially since that would all but force them to provide a usable CLI. They have some interesting ideas in Monad, why don't they use them?
Please correct me if I got my facts wrong.
Well I doubt Russonivich has anything to worry about, he's one of the people that wrote the "Windows Internals" book from the Microsoft press.
Now that aside Windows integration is considered a GOOD thing by most normal users. That's one of the frustrating thing about Linux/UNIX form their perspective. There's a million options, and they have no idea what they need or want. What's more, if they make the wrong choice something might not work, since it depends on something else.
That's why Windows, and OS-X ship with so much integrated. They are targeted at users that want to be told how it is. They don't want a choice of 10 window managers, they want to have one that just comes up by default.
Now if you like the BSD way of doing thigns, that's cool, but don't assume that it applies to everyone.
Building from source is another great example. Linux people tend to see this as the best feature of Linux, that you custom compile things, and you don't have to worry about binary compatiblity. Newbies tend to see this is one of the worst features. Compiling is highly intimidating, as they don't understand what's going on. What''s worse, if something happens, they can't fix it, they don't know how to edit make files, or update headers, etc.
The Windows method is more targeted at the masses, have an enriched OS that isn't just defined as it's kernel, but it's APIs, GUI, media layer, and basic apps. Linux is a minimal approach that defines only the kernel, leaving everything else up to the option of the user.
Both are valid, and don't assume yours is the superior way.
AT least when I was using w2k. Of course there was a lot of trial and error to determine what was needed and what was not. Many times those services were the equivalent of the startup folder. I did notice performance boosts at times, but these boosts were offset by the occasional quirks that would require 10 minutes or more to track down the needed service. Ultimately I realized the lack of documentation or at best the sparse KB articles combined with the intermittent problems negated any semi-worthwhile gains. Except for that damned messenger service, which I realized was necessary to disable long before Microsoft ever got around to it.
Eventually I discovered Linux, ps -aux, and all the documentation I could ever want and was happy.
Unequivocal control, now that's what I'm talking about.
Well people joke about it for a reason, because Windows used to be a horribly unstable piece of crap. So now that it is stable people still joke about it, same with security. If for whatever reason tomorrow Windows was fairly secure from then on people would still crack jokes about it being insecure. Microsoft did it to themselves, they can't expect to release a crap product, then fix it years later and expect everyone to love it.
...get a Windows/Linux/BSD/OS X debate. I mean, really...
If an OS can crash because of software then it has a basic design flaw. If an OS can get a virus then it has a basic design flaw. The only thing that should cause an OS to crash is severely corrupted memory and or CPU. I have worked with software that can function as the system RAM is being actively corrupted. Few people want to pay for this level of software but you can design an OS that will still run if you randomly rip out ram chip but hey let's blame it on the l33t hackers and say it's the software's fault.
These days, you could ask "Is that you, Karl Rove?", as this administration gets just as pedantic about splitting semantic hairs as Clinton did, only over something far, far more serious than a blow-job.
My Windows machine at work is currently at 221 hours of uptime.
I was just about to reply to this to say how either you must be lying, or else your system must be horribly insecure because you don't reboot it for the monthly critical updates. Then I noticed you wrote 221 hours and not 221 days.
Usually uptime is measured in days!
I'll probably be modded down for this...
If an OS can crash because of software then it has a basic design flaw.
Not if that software is running as the administrator.
If an OS can get a virus then it has a basic design flaw.
I don't understand that one. How could an OS possibly protect against all viruses? It'd have to be impossible to modify executables.
What would be the point? By the time you developed all the commandline tools needed to make a CLI in Windows particularly useful (or installed Cygwin, or whatever it is called), you'd just have "unix." And not a very good one at that.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
As for a virus, it really depends on the user. If you were logged on as root on a Linux box and ran something bad, bad things would happen. Why should it be different with Windows? The major issue with Windows is that most people run it with Administrative accounts as poorly coded programs don't work under User access levels. Of course if Microsoft had a way to fix it most people probably would still run under administrative accounts. You can't stop user stupidity.
Probably. But maybe he's running a system with a microkernel, which doesn't need to be rebooted to patch a root exploit.
Hell, maybe he installed a minimal version of Linux a year ago, and is using kernel modules for all the advanced functionality. There probably aren't any root exploits in that (what root exploits are there in the kernel, and not the apps, anyway?)
"So we're supposed to blame MS for Spyware? Windows doesn't ship with system-crashing spyware, and it's not even like viruses are its primary way in. Most spyware is willingly installed by clueless users."
Yeah, and I also happened to purchase a Microsoft brand car. I'm sick of how people keep telling me "well, you bought a broken car, thats your own stupid fault."
I didn't buy a broken car. Microsofts Car came with the axel and the axel had ridges cut in to it which makes it brittle and easy to brake. I went over a speed bump going faster than 3mph and it broke the axel.
It's not Microsofts fault that going over the speed bump broke the Axel. Microsoft doesn't ship the car with a broken axel. Most Microsoft axels are broken when clueless users don't read the manual when it clearly states that they shouldn't pass a speed hump going more than 3mph.
Yes, some things sound ridiculous, like my scenario which is not unlike your comment above.
Which sounds quite nice for killing off spyware nasties/etc on the system...
Drivers crashing the OS is afaik unavoidable.
A program running with administrator privileges can install a driver.
Now granted, with most OSes, including unix ones, it's much easier than that. For instance, if you screw with the inodes of a running system, you can crash HP/UX (at least you could when I worked for HP). I wouldn't necessarily call that a design flaw, though. In fact, it could very well be considered a security feature. If something that fundamental is screwed up, either you've got buggy hardware, a buggy OS, or you're under attack. In any of those three cases I'd say it's safer from a security standpoint to panic than to try to repair yourself.
Some people of course have different needs. Some systems can't afford to reboot, they're that mission critical. But for most operating systems it's better to blue screen or to panic or whatever it's called. Reliability can be handled by having multiple systems running.
Run "su username" or "exec su username", and the problem is solved :).
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
... is just basically DOS?
Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
CTRL ALT DEL? The real pros these days use CTRL SHIFT ESC. It brings up the task manager directly instead of brining up the screen with the logoff, shutdown and lock options first.
This is on XP pro, I'm not sure of the behaviour on xp home.
I'm running an RHEL3 box that has been "up" for well over a year. Maybe you have a hardware issue?
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
It wouldn't suprise me at this point if they had a few black projects hidden away in Redmond trying to rewrite the whole thing.
"A language that doesn't affect the way you think about programming, is not worth knowing" - Alan Perlis
"It wouldn't suprise me at this point if they had a few black projects hidden away in Redmond trying to rewrite the whole thing."
Well, I'm always open if they can make it perform better than my Linux machine. I'd be happy to review the product upon its release. Just don't expect me to pay for it to give it the "review" as I'm quite happy with my free alternative.
"I don't like how programmers bloat their programs;"
I don't like how every fucking program, no matter how big or small, feels it needs to run itself on startup in the system tray and place icons in the start menu, quick launch bar, the programs menu and on the desktop.
For a web browser or something I can see _offering_ to put a shortcut in the quick launch bar. For something like a game it's just fucking stupid.
Example: Winzip
IIRC it puts a shortcut in the start bar, quick launch menu and on the desktop, and then creates a whole sub-menu under programs for misc. winzip stuff. It then installs 'WinZip Quick Pick' or something which runs on startup and sits in the systm tray. WHO THE FUCK NEEDS THIS?! Okay, so it decreases WinZip's loading time by 0.000905245 seconds... well, I'm sure I lost more time than I gain because of it sitting there soaking up all my proccessor cycles and RAM...
Then we get the piece of shit which is steam trying to load at startup so it can take up 100+MB of RAM all the time, not just when I'm playing games.
*sigh*
Okay. That's enough incoherent rambling for today. G'day.
ND
This statement is forty-five characters long.