Advice on Services (XP SP2)

Just finally got around to doing a detailed check of all my Services under SP2. I see that Blackviper hasn't revised his charts yet. Until that time, any of you Masters of the Universe have advice on these?

Application Layer Gateway: I have it set to Manual, but it loads at every boot and shows in TaskMan as ALG.exe. Can I disable it?

DCOM Server Process Launcher: I thought we shut down DCOM a long time ago with Doug Knox's DCOMBobulator. That utility shows my DCOM safe. Why do I need this service? It's set to Auto by default in SP2. Disable?

I'm not using the Windows Firewall or the Anti-Virus warnings or Automatic Updates, so I shut all that off in the Security Center. I now have the Security Center Service set to Disabled. Whatcha think?

 

Yup i have it disabled as i dont use ICS or XP Firewall.

DCOM can be safely disabled, its a terrible security breach, and i doubt anyone has ever seen a DCOM app out side of certain domain servers.

 

And whatcha think about ALG.exe? You only covered 2/3.

(But thanks for those!)

 

I'm looking up alg.exe re-enabling itself in the ms kb(not the public one) right now.

 

Well, thats definataly not default SP2 behavior.

I can disable alg.exe here ok.

I didn't find squat in our kb.

 

So are you saying that I can DISABLE the Application Layer Gateway service?

I forgot to mention that I left the Automatic Updates service on Auto, but set the Automatic Updates control (in the System Properties panels or in Control Panel) to OFF. If the Windows Update site complains and won't let me have updates with the service ON and the control OFF, I think they're leaving the button right on the scanning site so that you can turn the Auto Updates control back ON while you get the patches, then turn it back OFF when you finish with Windows Update.

And DCOM Server and Security Center? You have both of those disabled?

 

Yes, so long as you aren't using dial up--and possibly pppoe dsl

 

You can disable Appl Layer Gateway whether you use dial up or DSL. I have it disabled on my DSL PC and Dial-up Laptop, you only need it for the windows firewall, or if your sharing a connection.

 

I stand corrected.

 

Security Center, isn't critical as it only provides monitoring and notification about security issues (Firewall/AntiVirus/WindowsUpdate). Setting it to Disabled shouldn't cause any problems.

DCOM Server Process Launcher, is somewhat critical as it is required to perform a defrag and to access msinfo32. Keep it set to Automatic.

 

Thats not correct. I have DCOM disabled, and i can defrag just fine. In not sure what you mean by msinfo32 however.

The best way is to disable it, log on and see how it goes, it the worst comes to the worst and something fails, you just start it and set it back to automatic. I have been running with DCOM off for the best part of a year and have had no problems.

 

Snakefoot is completely correct.

I didn't answer before, because I didn't know any better.

Defrag does absolutely NOTHING with the service disabled. Buttons depress, nothing activates.

msinfo32 gives an error as well:

 

Hmm ok im wrong. I never used MSinfo32 before.

I use Diskeeper7 to defrag which probably doesnt use DCOM.

 

Great exchange, guys! OK, so bottom line for me:
ALG: Disabled
DCOM: Automatic (but the DCOMBobulator tests show the DCOM external security problem stifled, and the Stealth-level protection in place. Yea!)
Sec Center: Disabled
and finally, because I don't use and won't use Automatic Updates, and have turned OFF Auto Updates in the control panel -- and will turn on what ever I need to WHEN I need to, to get updates at Windows Update --
the Automatic Updates service: Disabled
If you just set the control panel to OFF, but leave the Auto Updates service enabled, it launches wuauclt.exe at every boot, and that uses a lot of resources while it runs during and after the boot.

Any comments on any of that now?

 

Roger all of the above, but with this question: DCOM on automatic with stealth; how about its status in firewall? Should it be set, in program control, (in say, Zone Alarm) to "block" across the board or "ask" or (as in some of my proggies) a combination of both -- as in: "block" server, but "ask" about connection to web and so forth.

 

Ever since I used the DCOMBobulator program, there has been no recurrence of anything with DCOM in it in my ZoneAlarm programs list. I've done several clean installs of the new versions of ZA, so that all of my program settings had to be re-done, but no DCOM entires have re-appeared, so I'm taking the advice of others and leaving DCOM Server Launcher set to Auto JUST so that I can continue to use the Defragger and my Sys Info utility, not so that it will do anything with the Internet.

I think that if you get the DCOMBobulator and run the two processes it offers (both very rudimentary, but effective), you'll like the result. You have to let the utility reach out once to test whether it can get BACK IN, but after that, you can remove the utility from your firewall list, since you won't be running it again for a long time -- perhaps never.
(If anything ever tries to get out, and it's not in the list, it's automatically treated as though it has four blue question marks.)

DCOMBob: http://www.majorgeeks.com/download3987.html

 

BlackViper has the list updated now. I just went through tweaking mine and no problems. http://www.blackviper.com/WinXP/servicecfg.htm