In more than one place,
Microsoft suggests that "
Unnecessary services should be disabled".
Doing so is such a difficult task that MS has a
Security Configuration Wizard for server operating systems.
There are many W7 users that wish to extend the concept of security hardening via disabling services to non server operating systems... but this is extremely hard to do. You could actually end up lessening your security. The W7 images deployed where I work do indeed have some services disabled via GPO, but you would not believe the time and effort that goes into testing each business related app via Virtual Machines to arrive at the service configurations.
I'm mentioning the security angle because
exitPr0gram is in the thread
Not MS Services. The "unnecessary" ones can be viewed and deselected after hiding all MS Services on the msconfig Services tab, all except your AV and any sync. Most are on Startup tab but some are deemed Services
The MS documentation that I read concerning making Windows more secure left me with the impression that MS's Security Configuration Wizard disabled MS Services based on the server's role. Watching videos of users configuring MS's Security Configuration Wizard for Windows Server 2008 r2 reinforced that impression. Since I cannot test MS's Security Configuration Wizard first hand, I'll take your word for it that MS does not do that.
I might also be wrong about there being a correlation between Windows 2008 r2 core services and W7 core services. There might be no value in learning from MS's hardening of that server OS.
If a user has Java installed, but does not need/use Java, then they incur Java related security risks for no good reason. If a Windows 7 user does not use the Themes service, why should they leave the Themes service running?
Since the Windows Theme service is a known attack vector for W7 (
MS13-071), there does seem to be some security related value in disabling that service if it is not being used. While this particular attack could not be carried out via drive by installation (as far as MS knows), those who keep the Windows Theme service running are accepting the risk that such a different drive by install/attack will strike them. It is fine to run that small risk as long as the user is benefiting from running the Theme service.
A bug was found with Windows 7 Aero (MS10-043). Those that don't use themes probably were not at risk from that bug. Disabling the W7 Themes service probably had no security implications for this bug.
I've already stated that it is extremely difficult to determine which services are safe to disable for a given set of applications. It is certainly possible to lower the security of a computer by turning off the wrong service(s). And each set of operating system patches makes for more uncertainty about the interactions between services. I am aware that users disabling services makes our volunteer jobs harder. Am I wrong to think that a disabled service is less likely to be attacked by malicious objects?