Re: Implications of Uninstalling Server Service?
- From: "M. Burnett" <mb@xxxxxxxx>
- Date: Tue, 17 Oct 2006 18:15:11 +0000
Interesting Mark, and I believe I see how in effect you are attempting to reverse effects of netserv.inf install (but doing so only partially,
i.e dependent services parts)
Yes, it definitely is just partial. There is a lot more to the process when you
eliminate dependent services, and there are plenty that depend on the Server
service. I start with the INF but it takes more than that because some reg entries
and files are created afterwards. Not so much in this case but more so with
other services.
But I just have to ask.
What is it that you feel you have accomplished?
That's a great question and I have several answers. First, it is just interesting to
me to dig through windows and understand it better. But that's just for me.
The second reason is that I like the idea of having a clean system. I think it contributes
to security knowing exactly what is on my system and having got rid of so much clutter. When
I do an extreme hardening (which obviously is not the best choice for 95% of the systems out
there) I remove thousands of files and tens of thousands of registry entries.
The third reason is attack surface. Sure you could argue that if someone has access to enable
the Server service they can pretty much do what they want. But I don't care about that. My
strategy is to not address the attack methods because I believe we can't even begin to
anticipate the attacks we might face in the future. Yes, there is a lot of stuff
I have removed that has gained me nothing but there is a lot of stuff that has saved me time
after time in the past. I don't bother distinguishing between the two and I don't bother
with trying to determine what the attack might be. If I'm not using it, and I know I'll
never use it for that role, I remove it.
Of course, I don't just randomly rip stuff out. I carefully research and test it to make sure
it won't break anything I do want to do.
Finally, it is nice to not have so many files installed when it comes time for patch Tuesday.
If I review a patch's files and I don't have those files on my system, I don't have to install
the patch. That's less chance for instability and less need for reboots. For many people
that probably isn't that big of a deal, but I have clients who love knowing they don't
have to install a patch for something like DHCP because I have already ripped those files
out of windows. Same with outlook express, media player, VML, etc. It happens quite
a bit.
Now having said all that, I hope that ripping out the Server service doesn't appear on some
hardening checklist somewhere. I do not recommend doing it except for a few extreme cases
and only if you have the knowledge and time to properly test it. My point in posting it
was to say yes it can be done, I've done it, it works. On the other hand, I have many servers
with the service intact and running. They are probably just as secure, at least for now.
Mark Burnett
.
- Follow-Ups:
- Re: Implications of Uninstalling Server Service?
- From: Roger Abell [MVP]
- Re: Implications of Uninstalling Server Service?
- References:
- Re: Implications of Uninstalling Server Service?
- From: Roger Abell [MVP]
- Re: Implications of Uninstalling Server Service?
- Prev by Date: Re: FileSystemAuditing doesn't work good
- Next by Date: Re: Implications of Uninstalling Server Service?
- Previous by thread: Re: Implications of Uninstalling Server Service?
- Next by thread: Re: Implications of Uninstalling Server Service?
- Index(es):
Relevant Pages
|
