1
00:00:00,600 --> 00:00:01,680
In addition to controlling

2
00:00:01,680 --> 00:00:04,410
the applications being installed on a workstation,

3
00:00:04,410 --> 00:00:07,890
administrators should ensure that only necessary services

4
00:00:07,890 --> 00:00:10,770
that are needed to run are allowed to run.

5
00:00:10,770 --> 00:00:12,780
Services are a type of application

6
00:00:12,780 --> 00:00:15,000
that runs in the background of the operating system

7
00:00:15,000 --> 00:00:18,300
and it performs various functions, like the print spooler.

8
00:00:18,300 --> 00:00:19,980
Any services that are unneeded

9
00:00:19,980 --> 00:00:22,410
should be disabled within the operating system.

10
00:00:22,410 --> 00:00:25,410
In this lesson, I'm going to show you how to disable services

11
00:00:25,410 --> 00:00:27,810
in Windows and in Mac OS X.

12
00:00:27,810 --> 00:00:30,210
So, first we're going to go into the Windows environment.

13
00:00:30,210 --> 00:00:33,150
We're going to hit on the Windows key in the corner,

14
00:00:33,150 --> 00:00:34,170
the Start menu,

15
00:00:34,170 --> 00:00:38,160
and we're going to type in services.msc and hit Enter.

16
00:00:38,160 --> 00:00:41,700
That's going to open up the services local connection.

17
00:00:41,700 --> 00:00:44,130
You can see the name of the services down the left column,

18
00:00:44,130 --> 00:00:45,870
a description of what they do,

19
00:00:45,870 --> 00:00:47,940
the status if they're running or not,

20
00:00:47,940 --> 00:00:48,990
what the startup type is,

21
00:00:48,990 --> 00:00:51,090
whether it's manual, automatic, or disabled,

22
00:00:51,090 --> 00:00:52,830
and how it's logged in.

23
00:00:52,830 --> 00:00:56,220
What I'm going to look for here is the Windows Update service,

24
00:00:56,220 --> 00:00:59,040
which is what provides our Windows patches.

25
00:00:59,040 --> 00:01:00,090
If I scroll the way down here,

26
00:01:00,090 --> 00:01:01,620
you'll see Windows Update,

27
00:01:01,620 --> 00:01:03,120
and if I double click on it,

28
00:01:03,120 --> 00:01:04,950
you'll see it is currently running.

29
00:01:04,950 --> 00:01:07,050
It is an automatic type of startup,

30
00:01:07,050 --> 00:01:09,780
and this is used to detect, download, and install updates

31
00:01:09,780 --> 00:01:11,490
for Windows and other programs.

32
00:01:11,490 --> 00:01:13,740
If you're in a large enterprise environment, though,

33
00:01:13,740 --> 00:01:15,180
we don't want to download our updates

34
00:01:15,180 --> 00:01:17,850
directly from Windows installed on the endpoints.

35
00:01:17,850 --> 00:01:19,350
Instead, we want to push it out

36
00:01:19,350 --> 00:01:21,180
through a patch management system.

37
00:01:21,180 --> 00:01:23,850
So, we're going to go ahead and turn off this service.

38
00:01:23,850 --> 00:01:26,250
To do that, we're going to hit Stop.

39
00:01:26,250 --> 00:01:27,180
Now when we stop,

40
00:01:27,180 --> 00:01:29,790
it's going to shut down that service, and it did.

41
00:01:29,790 --> 00:01:32,520
But it's still set to automatically start up.

42
00:01:32,520 --> 00:01:36,540
So if I reboot this computer, that is going to start up again.

43
00:01:36,540 --> 00:01:37,680
To prevent that,

44
00:01:37,680 --> 00:01:41,100
we can go to Automatic and turn it to Disabled.

45
00:01:41,100 --> 00:01:42,780
Go ahead and hit Apply.

46
00:01:42,780 --> 00:01:46,860
And now, we have a service that is stopped and is disabled,

47
00:01:46,860 --> 00:01:49,320
and no longer is currently running.

48
00:01:49,320 --> 00:01:52,140
This means that Windows Update will not work anymore

49
00:01:52,140 --> 00:01:55,440
in the background because I've killed that service.

50
00:01:55,440 --> 00:01:56,435
This is a useful thing,

51
00:01:56,435 --> 00:01:58,200
because if you have a piece of malware

52
00:01:58,200 --> 00:02:00,210
that installs itself as a service,

53
00:02:00,210 --> 00:02:03,240
you can go in, find it, stop it,

54
00:02:03,240 --> 00:02:06,120
and disable it to be able to remove it better.

55
00:02:06,120 --> 00:02:09,060
We can do the same thing inside the command prompt.

56
00:02:09,060 --> 00:02:11,670
To do that, just click on your Windows key

57
00:02:11,670 --> 00:02:15,060
and type command prompt or CMD.

58
00:02:15,060 --> 00:02:18,000
From here, you can use sc,

59
00:02:18,000 --> 00:02:20,310
which is to control it through the services,

60
00:02:20,310 --> 00:02:22,560
stop, and the name.

61
00:02:22,560 --> 00:02:24,570
For that program that we just stopped,

62
00:02:24,570 --> 00:02:28,800
it is the wuauserv,

63
00:02:28,800 --> 00:02:31,530
which is the name of the Windows Update program,

64
00:02:31,530 --> 00:02:34,290
as you can see right here.

65
00:02:34,290 --> 00:02:36,420
So if I go back, if I hit Enter,

66
00:02:36,420 --> 00:02:38,250
it would stop that service.

67
00:02:38,250 --> 00:02:40,800
It won't do that right now because it's already stopped,

68
00:02:40,800 --> 00:02:42,780
but that is the command that you would use,

69
00:02:42,780 --> 00:02:46,353
sc stop wuauserv.

70
00:02:47,465 --> 00:02:49,350
The other way you can stop this in Windows

71
00:02:49,350 --> 00:02:53,070
is using the net command, and it's net stop,

72
00:02:53,070 --> 00:02:55,560
and the name of the service that you want to stop.

73
00:02:55,560 --> 00:02:58,830
Again, net stop wuauserv,

74
00:02:58,830 --> 00:03:00,300
or whatever the piece of malware

75
00:03:00,300 --> 00:03:03,510
or other services that you want to turn off.

76
00:03:03,510 --> 00:03:04,560
Next, I'm going to show you

77
00:03:04,560 --> 00:03:07,260
how you can do it in a Macintosh system.

78
00:03:07,260 --> 00:03:08,730
To do that, you can go ahead

79
00:03:08,730 --> 00:03:11,010
and first we're going to create something to kill.

80
00:03:11,010 --> 00:03:12,870
So, I'm just going to create a text pad,

81
00:03:12,870 --> 00:03:17,870
and I'm going to call it kill this process when ready.

82
00:03:18,300 --> 00:03:19,560
And that just gives me something

83
00:03:19,560 --> 00:03:20,892
that I'm going to be able to kill.

84
00:03:20,892 --> 00:03:22,971
Now, to find it, I'm going to go ahead

85
00:03:22,971 --> 00:03:24,630
and use the Activity Monitor,

86
00:03:24,630 --> 00:03:27,690
which is under your Applications, then go to Utilities,

87
00:03:27,690 --> 00:03:29,400
and then Activity Monitor.

88
00:03:29,400 --> 00:03:31,562
From here, I'm going to sort by process name

89
00:03:31,562 --> 00:03:33,600
and find Text Edit.

90
00:03:33,600 --> 00:03:35,070
You can see all of these different services

91
00:03:35,070 --> 00:03:36,390
that are running in the background.

92
00:03:36,390 --> 00:03:37,560
Even though I only have three

93
00:03:37,560 --> 00:03:39,420
or four programs actually running,

94
00:03:39,420 --> 00:03:42,240
all of these background services are still running too.

95
00:03:42,240 --> 00:03:43,650
I can go ahead and find that.

96
00:03:43,650 --> 00:03:44,670
And if I wanted to get rid of it,

97
00:03:44,670 --> 00:03:46,620
I will just double click on it.

98
00:03:46,620 --> 00:03:48,810
You can see how much memory it's using,

99
00:03:48,810 --> 00:03:50,340
any statistics about it,

100
00:03:50,340 --> 00:03:52,920
what open files and ports are currently in use.

101
00:03:52,920 --> 00:03:54,600
In this case, it's some hidden files

102
00:03:54,600 --> 00:03:55,860
that it's saving for this,

103
00:03:55,860 --> 00:03:58,830
as well as some configurations and logging.

104
00:03:58,830 --> 00:04:00,476
And if I want to get rid of this,

105
00:04:00,476 --> 00:04:03,030
all I have to do is hit Quit.

106
00:04:03,030 --> 00:04:05,010
It's going to ask me if I want to quit it cleanly,

107
00:04:05,010 --> 00:04:06,870
like you normally would quit an application,

108
00:04:06,870 --> 00:04:09,780
or force quit it, which terminates it immediately.

109
00:04:09,780 --> 00:04:11,250
Doesn't save anything.

110
00:04:11,250 --> 00:04:12,510
This was a piece of malware.

111
00:04:12,510 --> 00:04:14,160
That's exactly what I would want to do.

112
00:04:14,160 --> 00:04:16,110
And I can go ahead and hit Force Quit.

113
00:04:16,110 --> 00:04:18,000
And you'll notice it went away.

114
00:04:18,000 --> 00:04:19,050
Next, I'm going to show you

115
00:04:19,050 --> 00:04:21,510
how you can do this on a Linux system.

116
00:04:21,510 --> 00:04:23,580
A Linux system and a Mac OS X system

117
00:04:23,580 --> 00:04:26,160
actually share a lot of the same commands.

118
00:04:26,160 --> 00:04:29,820
And in fact, this Linux command of kill and top

119
00:04:29,820 --> 00:04:32,670
is going to be used both in a Mac OS X,

120
00:04:32,670 --> 00:04:34,590
which is Unix based, and Linux.

121
00:04:34,590 --> 00:04:36,480
So I'm going to go ahead and open up that Text Edit again

122
00:04:36,480 --> 00:04:38,340
just so I have a process to kill.

123
00:04:38,340 --> 00:04:39,960
I'm then going to open up my command line,

124
00:04:39,960 --> 00:04:44,040
which in a Mac or a Linux terminal is called The Terminal.

125
00:04:44,040 --> 00:04:45,870
I'm going to bring this over to the left side.

126
00:04:45,870 --> 00:04:48,390
And if I want to see what processes are currently running,

127
00:04:48,390 --> 00:04:50,580
I can use the command top.

128
00:04:50,580 --> 00:04:52,920
Top will show me what processes are currently running.

129
00:04:52,920 --> 00:04:55,440
Processes are also known as services.

130
00:04:55,440 --> 00:04:59,160
Now we have 537 different processes running,

131
00:04:59,160 --> 00:05:00,330
and we can go through here,

132
00:05:00,330 --> 00:05:01,980
and find which one we want to kill.

133
00:05:01,980 --> 00:05:04,110
In this case, it's the Text Edit,

134
00:05:04,110 --> 00:05:07,833
and the process ID is 2513.

135
00:05:08,700 --> 00:05:11,250
So what I'm going to do is I'm going to quit out of that.

136
00:05:11,250 --> 00:05:12,180
And to kill it,

137
00:05:12,180 --> 00:05:16,578
you just type in kill and the process ID 2513,

138
00:05:16,578 --> 00:05:19,983
and watch on the right side as Text Edit goes away.

139
00:05:20,880 --> 00:05:22,140
There you go.

140
00:05:22,140 --> 00:05:23,340
It's that simple.

141
00:05:23,340 --> 00:05:24,840
Anytime you have a piece of malware

142
00:05:24,840 --> 00:05:28,590
or a service you want to kill on a Unix or a Linux system,

143
00:05:28,590 --> 00:05:31,860
just type in kill pid for process ID

144
00:05:31,860 --> 00:05:33,910
and the number that's associated with it.