Unneccessary Vista Services

Geez, there are alot of services in Windows Vista that just help themselves to an automatic startup…

Tablet PC Input Service: It’s not a tablet PC. Why, then, do you assume I would want the services of a Tablet PC input device I don’t have? Seriously.

Diagnostic Policy Service and Diagnostic System Host: Both “enable problem detection, troubleshooting, and resolution for Windows components”. So why are there two? Since Windows never returns any useful solutions to detected problems, why would I want this modern-day Dr. Watson clone running on my machine?

Windows Firewall: I’ve had this problem since XP SP2. I have two hardware firewalls between me and the Internet, not counting any my ISPs add for me. Thusly, is it not reasonable to assume I don’t require one in software, consuming my resources?

Security Center: As best I can tell, Security Center serves as nothing more than a way to bother me when I’ve disabled the Windows Firewall. Out ya go.

ReadyBoost: Uses a USB2 flash drive as a cheap substitute for an L3 cache. Only if you don’t have a USB2 flash drive installed, it runs anyway, just in case.

Software Licensing: I think this one is new to Service Pack 1. “Enables the download, installation, and enforcement of digital licenses for Windows and Windows applications. If this service is disabled, the OS and licensed applications may run in a reduced function mode”. What I’m basically hearing from this description is that it detects if my copy of Vista is pirated and greets me every morning with a video about how I’m killing the software industry by ensuring some executive can’t buy a second solid gold humvee. Fuck you, Bill.

…Having said that, I will point out that this is a legitimate installation of Windows Vista Service Pack 1, as I am in the official Microsoft Beta program. Yet, if I disable this service, Windows may act as though it were illegal and shut off important parts of the OS. Bastards.

User Profile Service: Responsible for loading and unloading user profiles. Last time I checked, this was handled within WinLogon. Does it really need a second instance?

Windows Defender: Microsoft’s futile stab at an Anti-Spyware package. So much so, that they initially called it by the original pseudonym “Windows Anti-Spyware”. As a power user, it’s my responsibility to keep my system free of spyware; not yours. So keep your spyware off my system.

Windows Media Player Network Sharing Service: All media sharing on my network will be done by loading the media file directly through a UNC path. I have no use for a service that broadcasts my files across the airwaves for anyone to snatch.

Windows Mobile 2003-based Device Connectivity: My Windows Mobile device connects through ActiveSync, and thus does not require an additional layer of overhead in between.

Windows Update: I’ve specifically told Windows to disable Automatic Updates. Thus, Windows Update should be set to “Manual”, if allowed to run as a service at all. This should be, at the most, an executable that would be instantiated at upgrade-time.

Base Filtering Engine: Manages firewall and IP Security policies, and implements user mode filtering. My Firewall should be managed from within the Windows Firewall service, which is disabled. IP Security should be handled by the Workstation and Server services, which (as is my understanding) manage all session-layer IP activities anyway.

… “Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.” — Wow, what a load of malarky. In Windows XP, I had no such service running. My system security was never breached in half a decade of use, and I have yet to use a firewall application.

…Of course, this service is required for IPsec Policy Agent and IKE and AuthIP IPsec Keying Modules. Wait, those weren’t there in XP either. What do they do again?

IPsec Policy Agent: “Supports network-level peer authentication, data origin authentication, data integrity, data encryption, and replay protection. Enforces IPsec policies created through the IPsec Policies Snap-in or netsh ipsec. if you stop this service, you may experience network connectivity issues…”

…Peer authentication and data origin authentication are handled within the Server service. Data integrity is handled on the transport layer via TCP CRC error-checking. In fact, I’m pretty sure the NIC handles that part on its own. Data encryption is managed by the Cryptographic Services service. How are you defining replay, and why should I be protected against it? I have no aftermarket IPsec policies defined. I don’t think this sounds like a neccessary service at all.

IKE and AuthIP IPsec Keying Modules: “Hosts the Internet Key Exchange and Authenticated IP keying modules. Used for authentication and key exchange in IPsec. Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers… Stopping IKEEXT might result in an IPsec failure and might compromise the security of the system.”

…Okay, let’s get started on this one: Nowhere do I see a definition of an Internet Key, nor why I would want to exchange them with peer computers. None of the other computers on my network are running Vista; thus none have this service running. Who, then, would I exhchange Internet Keys with? Authentication is handled by the Server service, smss, csrss, and WinLogon. XP handled IPsec and security fine without this service, so why do I need it?

Portable Device Enumerator Service: Enforces group policy for removable mass-storage devices. Enables Media Player to transfer and sync content.” — The only mass storage devices I plug in are my phone and camera. Since I am using them as mass storage devices, does it not stand to reason all I want to do is transfer files to and from them? Windows should see them as a place to put data, and leave them alone.

Window Backup: “Provides Backup and Restore capabilities”. I handle backups very easily: I transfer a copy of my files to another location. When I want to restore, I simply copy them back. Simple, huh? I can understand you wanting to run something to do this for me; but it doesn’t need to be a service, and it doesn’t need to run all the time. In fact, this should only run when I launch the Backup and Restore Center.

uPnP Device Host: Lets nearby wardrivers know I have media files to steal. Great. Why don’t you broadcast my Windows Product Key while you’re at it?