1
00:00:00,580 --> 00:00:02,580
<v ->In addition to controlling the applications</v>

2
00:00:02,580 --> 00:00:04,410
being installed on a workstation,

3
00:00:04,410 --> 00:00:07,880
administrators should ensure that only necessary services

4
00:00:07,880 --> 00:00:10,760
that are needed to run are allowed to run.

5
00:00:10,760 --> 00:00:12,780
Services are a type of application

6
00:00:12,780 --> 00:00:14,910
that runs in the background of the operating system,

7
00:00:14,910 --> 00:00:18,300
and it performs various functions like the print spooler.

8
00:00:18,300 --> 00:00:19,990
Any services that are unneeded

9
00:00:19,990 --> 00:00:22,420
should be disabled within the operating system.

10
00:00:22,420 --> 00:00:24,190
In this lesson, I'm going to show you how

11
00:00:24,190 --> 00:00:27,993
to disable services in Windows and in Mac OS X.

12
00:00:28,867 --> 00:00:31,210
First, we're going to go into the Windows environment.

13
00:00:31,210 --> 00:00:33,490
We're going to hit on the Windows key

14
00:00:33,490 --> 00:00:35,170
in the corner, the start menu,

15
00:00:35,170 --> 00:00:39,140
and we're going to type in services.msc and hit enter.

16
00:00:39,140 --> 00:00:42,700
That's going to open up the services local connection.

17
00:00:42,700 --> 00:00:45,140
You can see the name of the services down the left column,

18
00:00:45,140 --> 00:00:46,840
a description of what they do,

19
00:00:46,840 --> 00:00:48,940
the status if they're running or not,

20
00:00:48,940 --> 00:00:49,990
what the startup type is,

21
00:00:49,990 --> 00:00:52,090
whether it's manual, automatic, or disabled,

22
00:00:52,090 --> 00:00:53,820
and how it's logged in.

23
00:00:53,820 --> 00:00:57,250
What I'm going to look for here is the Windows Update service,

24
00:00:57,250 --> 00:01:00,030
which is what provides our Windows patches.

25
00:01:00,030 --> 00:01:02,630
If I scroll all the way down here, you'll see Windows Update.

26
00:01:02,630 --> 00:01:04,130
And if I double-click on it,

27
00:01:04,130 --> 00:01:05,930
you'll see it as currently running,

28
00:01:05,930 --> 00:01:08,020
it is an automatic type of startup,

29
00:01:08,020 --> 00:01:09,840
and this is used to detect, download,

30
00:01:09,840 --> 00:01:12,500
and install updates for Windows and other programs.

31
00:01:12,500 --> 00:01:14,750
If you're in a large enterprise environment, though,

32
00:01:14,750 --> 00:01:16,190
we don't want to download our updates

33
00:01:16,190 --> 00:01:18,860
directly from Windows and install it on the end points.

34
00:01:18,860 --> 00:01:20,360
Instead, we want to push it out

35
00:01:20,360 --> 00:01:22,170
through a patch management system.

36
00:01:22,170 --> 00:01:24,860
So we're going to go ahead and turn off this service.

37
00:01:24,860 --> 00:01:27,250
To do that, we're going to hit stop.

38
00:01:27,250 --> 00:01:29,670
Now, when we stop, it's going to shut down that service,

39
00:01:29,670 --> 00:01:33,520
and it did, but it's still set to automatically start up.

40
00:01:33,520 --> 00:01:37,560
So, if I reboot this computer, that is going to start up again.

41
00:01:37,560 --> 00:01:39,980
To prevent that, we can go to automatic

42
00:01:39,980 --> 00:01:42,090
and turn it to disabled.

43
00:01:42,090 --> 00:01:43,790
Go ahead and hit apply.

44
00:01:43,790 --> 00:01:47,680
And now we have a service that is stopped and is disabled

45
00:01:47,680 --> 00:01:50,330
and no longer is currently running.

46
00:01:50,330 --> 00:01:53,150
This means that Windows Update will not work anymore

47
00:01:53,150 --> 00:01:56,440
in the background because I've killed that service.

48
00:01:56,440 --> 00:01:57,800
This is a useful thing,

49
00:01:57,800 --> 00:01:59,230
because if you have a piece of malware

50
00:01:59,230 --> 00:02:01,210
that installs itself as a service,

51
00:02:01,210 --> 00:02:04,250
you can go in, find it, stop it,

52
00:02:04,250 --> 00:02:07,110
and disable it to be able to remove it better.

53
00:02:07,110 --> 00:02:10,070
We can do this same thing inside the command prompt.

54
00:02:10,070 --> 00:02:12,690
To do that, just click on your Windows key

55
00:02:12,690 --> 00:02:16,060
and type command prompt, or CMD.

56
00:02:16,060 --> 00:02:19,010
From here, you can use sc,

57
00:02:19,010 --> 00:02:21,290
which is to control it through the services,

58
00:02:21,290 --> 00:02:23,550
stop, and the name.

59
00:02:23,550 --> 00:02:25,560
For that program that we just stopped,

60
00:02:25,560 --> 00:02:27,483
it is the wuauserv,

61
00:02:29,810 --> 00:02:32,530
which is the name of the Windows Update program,

62
00:02:32,530 --> 00:02:35,280
as you can see right here.

63
00:02:35,280 --> 00:02:39,240
So, if I go back, if I hit enter, it would stop that service.

64
00:02:39,240 --> 00:02:41,830
It won't do that right now because it's already stopped,

65
00:02:41,830 --> 00:02:43,760
but that is the command that you would use.

66
00:02:43,760 --> 00:02:48,330
Sc stop wuauserv.

67
00:02:48,330 --> 00:02:50,380
The other way you can stop this in Windows

68
00:02:50,380 --> 00:02:52,320
is using the net command.

69
00:02:52,320 --> 00:02:54,670
And it's net stop and the name

70
00:02:54,670 --> 00:02:56,540
of the service that you want to stop.

71
00:02:56,540 --> 00:02:58,343
Again, net stop wuauserv,

72
00:02:59,830 --> 00:03:01,330
or whatever the piece of malware

73
00:03:01,330 --> 00:03:04,530
or other service is that you want to turn off.

74
00:03:04,530 --> 00:03:05,710
Next, I'm going to show you how

75
00:03:05,710 --> 00:03:08,270
you can do it in a Macintosh system.

76
00:03:08,270 --> 00:03:10,340
To do that, you can go ahead and first

77
00:03:10,340 --> 00:03:12,010
we're going to create something to kill.

78
00:03:12,010 --> 00:03:13,880
So, I'm just going to create a Textpad,

79
00:03:13,880 --> 00:03:18,880
and I'm going to call it kill this process when ready,

80
00:03:19,320 --> 00:03:20,570
and that just gives me something

81
00:03:20,570 --> 00:03:22,210
that I'm going to be able to kill.

82
00:03:22,210 --> 00:03:24,280
Now, to find it, I'm going to go ahead

83
00:03:24,280 --> 00:03:25,640
and use the Activity Monitor,

84
00:03:25,640 --> 00:03:27,410
which is under your applications,

85
00:03:27,410 --> 00:03:30,420
then go to utilities, and then Activity Monitor.

86
00:03:30,420 --> 00:03:34,600
From here, I'm going to sort by process name and find TextEdit.

87
00:03:34,600 --> 00:03:36,080
You can see all of these different services

88
00:03:36,080 --> 00:03:37,410
that are running in the background.

89
00:03:37,410 --> 00:03:38,570
Even though I only have three

90
00:03:38,570 --> 00:03:40,410
or four programs actually running,

91
00:03:40,410 --> 00:03:43,260
all of these background services are still running, too.

92
00:03:43,260 --> 00:03:44,650
I can go ahead and find that,

93
00:03:44,650 --> 00:03:45,690
and if I wanted to get rid of it,

94
00:03:45,690 --> 00:03:47,640
I will just double-click on it.

95
00:03:47,640 --> 00:03:49,810
You can see how much memory it's using,

96
00:03:49,810 --> 00:03:51,330
any statistics about it,

97
00:03:51,330 --> 00:03:53,930
what open files and ports are currently in use,

98
00:03:53,930 --> 00:03:55,610
in this case, it's some hidden file

99
00:03:55,610 --> 00:03:56,840
that it's saving for this,

100
00:03:56,840 --> 00:03:59,850
as well as some configurations and logging.

101
00:03:59,850 --> 00:04:01,790
And if I want to get rid of this,

102
00:04:01,790 --> 00:04:04,020
all I have to do is hit quit.

103
00:04:04,020 --> 00:04:06,040
It's going to ask me if I want to quit it cleanly,

104
00:04:06,040 --> 00:04:07,880
like you normally would quit an application,

105
00:04:07,880 --> 00:04:10,740
or force quit it, which terminates it immediately.

106
00:04:10,740 --> 00:04:12,230
It doesn't save anything.

107
00:04:12,230 --> 00:04:13,520
If this was a piece of malware,

108
00:04:13,520 --> 00:04:15,140
that's exactly what I would want to do.

109
00:04:15,140 --> 00:04:17,120
And I can go ahead and hit force quit,

110
00:04:17,120 --> 00:04:19,000
and you'll notice it went away.

111
00:04:19,000 --> 00:04:20,160
Next, I'm going to show you how

112
00:04:20,160 --> 00:04:22,510
you can do this on a Linux system.

113
00:04:22,510 --> 00:04:24,590
A Linux system and a Mac OS X system

114
00:04:24,590 --> 00:04:27,170
actually share a lot of the same commands.

115
00:04:27,170 --> 00:04:30,820
And in fact, this Linux command of kill and top

116
00:04:30,820 --> 00:04:33,660
is going to be used both in a Mac OS X,

117
00:04:33,660 --> 00:04:35,560
which is Unix-based, and Linux.

118
00:04:35,560 --> 00:04:37,480
So, I'm going to go ahead and open up that TextEdit again,

119
00:04:37,480 --> 00:04:39,360
just so I have a process to kill.

120
00:04:39,360 --> 00:04:40,980
I'm then going to open up my command line,

121
00:04:40,980 --> 00:04:45,050
which in a Mac or Linux terminal is called the terminal.

122
00:04:45,050 --> 00:04:46,850
I'm going to bring this over to the left side.

123
00:04:46,850 --> 00:04:49,400
And if I want to see what processes are currently running,

124
00:04:49,400 --> 00:04:51,570
I can use the command top.

125
00:04:51,570 --> 00:04:53,930
Top will show me what processes are currently running.

126
00:04:53,930 --> 00:04:56,440
Processes are also known as services.

127
00:04:56,440 --> 00:05:00,000
Now, we have 537 different processes running,

128
00:05:00,000 --> 00:05:01,330
and we can go through here

129
00:05:01,330 --> 00:05:02,990
and find which one we want to kill.

130
00:05:02,990 --> 00:05:07,080
In this case, it's the TextEdit, and the process ID is 2513.

131
00:05:09,680 --> 00:05:12,270
So, what I'm going to do is I'm going to quit out of that.

132
00:05:12,270 --> 00:05:16,360
And to kill it, you just type in kill and the process ID,

133
00:05:16,360 --> 00:05:21,023
2513, and watch on the right side as TextEdit goes away.

134
00:05:21,900 --> 00:05:24,350
There you go, it's that simple.

135
00:05:24,350 --> 00:05:25,840
Any time you have a piece of malware

136
00:05:25,840 --> 00:05:29,600
or a service you want to kill on a Unix or a Linux system,

137
00:05:29,600 --> 00:05:32,850
just type in kill PID, for process ID,

138
00:05:32,850 --> 00:05:34,900
and the number that's associated with it.