Taking Back Control of Your Computer

November 22, 2014


Today there is a plethora of software that is useful and necessary for everyday use. With increased availability and power of computational resources, the abilities of software have also increased. This is great in terms of faster calculations, better graphics, and more storage. However concurrent with these developments, software has started taking on tasks usually left for the users. This includes checking for updates, providing alerts, and automatically interfacing with devices. The problem with this approach is that functionality does not come for free - and a lot of the functionality is not always necessary or helpful for the user. Even more importantly, having unidentifiable processes running in the background to perform various tasks mystifies the computer's operation and directly removes control from the user. This guide is intended to uncover the hiding places of background services, automatic updaters, device 'helpers' and the like, and to enable the user to control these aspects of their computer's operation. A noticeable increase in the computer's response should be observed after successful completion.

May 2017: Windows 10 Update

Windows 10 takes the idea of corporate control of personal computers to such an absurd degree that I cannot recommend anyone to install or use Windows 10. It is full of pop-ups and strategic placement of targeted ads, it reboots whenever it wants without giving any warning, and it automatically installs all updates. It is the antithesis of a computer controlled by the user, it turns your computer into a TV. Windows 10 is an unambiguous statement by Microsoft: we are in control, you do what we allow. What if, for some reason, you have a computer with Windows 10? There are even more places in which 'apps' can settle to start up automatically and without any user input, which I have not explored in depth. However there is a way to disable automatic updates and automatic reboot in Windows 10 (even home edition): open the 'Services' manager, then find the Windows Update service, right click then 'properties' then set startup type to 'disable', then right click and 'stop'. Now at least the computer won't reboot while you're downloading a better OS.

Unnecessary software

It seems that any big stores sell laptops with unnecessary software pre-installed, such as antivirus trials and all sorts of pop-up advertisements of their protection services. These and other programs, which I would call bloatware as it does nothing but makes the computer slow, can usually be removed straightforwardly through the control panel feature 'Add or Remove programs' in Windows XP and 'Programs and Features' in Windows 7 (I never did add programs through that interface). If even faster response is desired, windows features such as animations or transparency can be turned off using a link in the same control panel window.

Automatically Starting Processes

When software is installed on a computer, programs can create special files or entries commanding the computer to automatically start programs (without the user's control or awareness). This is what we want to remove. Here are some culprits: iTunes (includes a plethora of services and firewall exceptions), Adobe or Foxit PDF reader (automatic updater service), Google Chrome and others (automatic update service), printer drivers (generally include bloatware), NVIDIA and Intel drivers (automatic updater service and firewall exception), Skype and others (automatic update service and firewall exception), Realtek audio manager (questionably useful background process). This was all on my computer and I am sure that I install less software than most people. The problem is not necessarily in any actual speed effects on new machines, although the effects are present. The real problem for me is the loss of control over the system. I like to decide when and what programs run or update. The windows elevation prompt, which asks whether it is OK for a program to 'make changes to the computer' is a step in the right direction, but it gives no options other than yes or no. Many programs take advantage of this elevated privilege to install all sorts of unwanted 'hooks' into the system (like firewall exceptions, scheduled tasks, and automatic services). Generally if a program runs without a UAC prompt, it will not require cleanup of the sort described here.

First we need to assess the problem, and the easiest way to do that is to open task manager and see how many processes are running right after logging on. Before optimization I had over 60 processes running simply as a side effect of turning on the computer! Even with fast processors, this will bog down a system. After removing unnecessary processes (note this did not mean reducing functionality of the software, just that it is not always running in the background!) I was below 40 processes, and based on some other systems this is a good number to try to attain. Of course processes are necessary for the system to operate (establish network connections, interface with sound devices, etc) and 30 is about the minimum for a computer to be considered functional in today's environment (for Windows 7, one could get away with less on XP).

Second we need to consider how the automatic startup is possible to achieve. The following methods essentially cover all possibilities for a program to have an automatic start (in Windows 7/XP):

  1. msconfig
  2. Registry/desktop/start menu
  3. Services
  4. Task Scheduler


Entries under this approach operate whenever the computer boots up. They can make a big difference in how long the boot time is. Also, if they are disabled here they will not be available once the computer is booted up so one should be careful to not inadvertently remove functionality.

To access this in Windows 7, open the start menu and type in "msconfig" and enter. A window titled "system configuration" will open. The relevant tabs are Services and Startup. Start with the Startup tab, where you will likely see an entry for many programs that run whenever the computer is turned on. To get rid of them simply uncheck the box next to them and click apply. Disabling services in the Services tab may be helpful but first check the Services section below since that will allow you to determine what to disable.

Registry/desktop/start menu

Windows checks certain files and registry locations (about 20 of them) to determine which programs should be run at start-up. There is a useful program called aspy32.exe that checks all these locations and lets you delete entries you do not need. This program should be run as administrator, and after deleting unnecessary entries it is necessary to click 'Save'.


Software now seems to have the need for an independent update service, helper service, social media service, or whatever else. These services are constantly operating and can have administator level access to the computer. To get a look at these services, type in "services" in the start menu (it is under Administrative Tools in the Windows XP control panel). To disable a service, right click the name, go to properties, and select 'Disabled' as the startup type. A lot of services are important to the machine's functioning so be careful. At the same time, some services have a fancy-sounding description but can be safely turned off. If you have decided you have no need for a service at all (like Bluetooth on a computer without a radio), after disabling it here you can disable it in msconfig to improve bootup time.

Services I have on Automatic startup:

Services on Automatic (Delayed):

Services on Manual:

Task Scheduler

The last hiding place for many programs is the task scheduler. Task Scheduler is a windows native service that checks its list of tasks and starts them as necessary. Programs add themselves to this list without the user's input and are then executed under the task scheduler service. Programs started by this service may have administrator access. Similarly to above, type in "task scheduler" in the start menu to see the tasks. In the window that opens, scroll all the way down to the 'Active Tasks' pane. At the right of the tasks table, there is a 'Location' entry which is an indicator of what program created the entry. Ones starting with \Microsoft\Windows are generally useful tasks while others are from installed software. Double clicking a task in that table takes you to the task 'directory' where you can disable the task or delete it entirely. I use this tool to start any programs I want to have running in the background since it gives finer control than msconfig, but there is slightly more overhead because a taskeng.exe process is initiated for every few tasks.

Securing your computer

A firewall is important - windows firewall does a decent job. Unless your regular computer use involves downloading torrents and browsing free download websites or you lack common sense (like not opening exe files from email) an anti-virus program taking up processing time and memory is completely unnecessary (it's like a helpful guide following you around to make sure you don't trip and hit the ground while walking). With a proper firewall and discretion on which software is allowed on the machine, a virus or malware will not magically appear on the computer. More often than not, a virus is a result of clicking through message boxes without thinking about their content. I have seen viruses embedded in freely downloadable software so this is one exception where an anti-virus program is justified. But when my anti-virus program tried to remove my network checking utilities I got fed up and banished all traces of it from my hard drive. After four years of no infections or unknown processes, I do not hesitate to recommend that if you use the computer responsibly and have a good firewall there is no need to have anti-virus software bogging down all aspects of the computer's operation. And at that, the windows firewall that comes free with every windows OS is actually effective and quite functional despite the very poor interface. So ideally you can use the computer without any non-native security processes in the background.

It is important to maintain the firewall rules, since many installers take advantage of their increased privilege to add exceptions to the firewall for their program upon installation (they may also modify other rules, although I have not seen it happen yet). Thus after installing a program it is important to go back over all firewall rules to ensure they have not been modified from their intended function.

The only necessary rules to allow network connectivity (note there are about 100 other rules there, I have never needed to allow any of those for everyday computer use and they seem like great attack vectors):



(these effectively block auto-update services and prevent potential trojans from leaking data/assuming remote control)

Then for any programs that need connectivity (browser, mail program, games, skype, etc), add a rule to enable only that program. Unless the program should accept input from the outside world (like multiplayer games, torrents, chat) it does not need an inbound firewall exception. Browsers, mail readers, and updaters typically do not need an inbound exception since they initiate the connection.


  1. Remove all unwanted programs through the control panel
  2. Turn off unnecessary Windows features in control panel
  3. Disable unwanted services in Services window
  4. Disable unwanted start-up programs and services in msconfig window
  5. Check task scheduler for any unwanted activity and remove/disable
  6. Run program like aspy32.exe to check other registry/desktop locations that cause programs to auto-start
  7. Check all processes in task manager/process explorer to ensure they are all that is wanted, if not start over
  8. Enable firewall settings
  9. Do 3-8 after each install where a program asks for administrative privileges