Q

FTP on Windows NT

Does it mean that FTP is installed on your Windows NT server if the FTP.exe file is present in the winnt\system32 folder? The same applies to the other programs like rasadmin.exe, rasphone.exe, Telnet and TFTP. Does its mere presence mean that an intruder can use some of these programs in his/her attempts to compromise the box?

You said NT not 2000, so that will be my first assumption. But this doesn't matter in respect to the OS. Most definitions can be found on the Internet.

Because an .exe file exists on a hard drive or folder does not mean the service is running. If that were so we would be in much deeper Windows/Microsoft despair than we are now. I have seen companies where they do remove these .exe files that you have mentioned and for good reason. These services are not running, but if a worm or malicious code were to get on those machines it could execute or run those applications; then and only then would the services be running.

Another thought on FTP is that when you install IIS or PWS (2000 Pro) it does start some of these services as default, thus you must be aware of what is running. The easiest way to establish the services that is running is view the task manager. Press Ctrl-Alt-Delete and choose task manager. I have heard of malicious code programs (worms, viruses, Trojans, etc) that will not appear in this window, but this is not a real concern if you are running a valid and current antivirus application.

When you do find services that you don't recognize, do not terminate this service until you can establish what the service is used for in the OS or other applications. A great example of this is antivirus and software firewalls. If you terminate certain services then those application will not work.

If you need help with fine tuning services, visit these resources: http://www.techspot.com/tweaks/win2k_services/index.shtml

Or if you need help with default Windows 2000 services, check out these resources on Microsoft: http://www.microsoft.com/windows2000/techinfo/howitworks/management/w2kservices.asp

As for otherwise unknown services I would recommend using a search engine such as Google by simply typing the file .exe into the search and usually you will find something that helps.


For more info on this topic, please visit these SearchSecurity.com resources:
  • Best Web Links: Securing Microsoft
  • Visit the March 2004 issue of Information Security magazine, for more in-depth analysis and commentary.
  • This was first published in March 2004

    Dig deeper on Network Protocols and Security

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close