I just installed Windows 7 on my laptop again and i wanted to share some minor stuff that i always do after. I’m the kind of guy that doesn’t like useless (which don’t fit ones needs) stuff and usually finds a way to get rid of them. And this is not only computer related, but also in real life. For instance, why keep 15 lights on in an apartament if nobody is using them? Nevermind, let’s just see the list with all the things i disable after installing Windows 7.
Disable Internet Explorer
I know that the majority of PC users still use it (default browser with Windows) but, let’s be serious, there are better, faster and more secure alternatives out there. I can’t even see one reason to keep using IE.
Go to Control Panel and in the left-top side you can see “Turn Windows features on or off”. After clicking it you’ll see something like below. Untick “Internet explorer 8”. You will be asked if you are sure about this and you will also wait a bit on your next restart, so that the changes can take place.
I don’t use Windows Media Player nor Windows Movie Maker. Again, there are better alternatives out for media viewing and video editing. I tend not to choose Microsoft products in this area.
As with Internet Explorer 8, you can find the “Media features” checkbox in the same place.
Disable remote assistance
I don’t like anything remote desktop related enabled. Period. I never used this service, i do not know people that actually use this service and i also know people that take advantage of this service to compromise hundreds of PCs. I don’t want my PC to be in that category.
Right click on My Computer – in the upper-left corner you can see “Remote settings”. Click on that and you should see the window below. Make sure the “Allow Remote Assitance connections to computer” box is unchecked and the “don’t allow connections to this computer” is checked.
You wouldn’t want other people snooping through your files right? Or you would, but if you were using windows network sharing. I don’t so i make sure i don’t have any shared folders. In some Windows 7 installation the “Users” folder (typically found in C ) is shared.
To check if a folder is shared right click on it, click on “Proprietes” and open the “Sharing” tab. Here you can choose to share or not to share it.
Disable network discovery
As i mentioned earlier i don’t use windows network sharing, so why would i want other PCs on the network seeing me?
In order to disable network discovery go to Control panel -> Network and internet -> Network and Sharing Center -> Advanced sharing settings.
There’s also the “Public folder sharing” section as you can see above. Windows running PCs have a default “Public” folder that is used to be accesed over the network. Again, i do not use these features so i disable them.
Netbios is an obsolete and “noisy” protocol. By “noisy” i mean that it can “tell” (regular broadcasts) a lot about your PC . This information can and will be used by a potential attacker against you. And of course, we want to avoid that.
Go to Control Panel – Network and Internet – Network Connections. Right click on the adapter you are using (i was using my wired connection) and click on “Proprietes” . Here you can see a new window, where you click on “Internet Protocol Version 4” and then “Proprietes”. Another window will be opened, where you click on “Advanced”. Yet another window is opened, where you choose the “WINS” tab. Here you have the option of disabling netbios.
Disable SSDP discovery service
I nmaped my Windows PC once and i’ve discovered an unusual open port:
5357/tcp open http microsoft httpapi httpd 2.0 (ssdp/upnp)
I didn’t knew anything about this port or the SSDP discovery service. Not surprisingly, it’s recommended to be closed, for security reasons. Apparently disabling network discovery should had solved the issue, but it didn’t. To disable the service go to services.msc and look for SSDP Discovery and set the startup type to Disabled, like in the picture below. If you encounter any dificulties with online games or external devices, set it to Automatic.
After a quick reboot the port changed its state from open to filtered, which is how it’s recommended.