Windows Services perform functions in the background. Usually, these services help automate a lot of tasks that make our computer lives easier, and are an essential part of the operating system experience. If you've used UNIX before, you might know these services as daemons. The Scheduling service, for example, allows us to schedule maintenance operations such as an automatic backup or defragmentation of a drive.

But as with most things that make our lives easier, there's a potential downside. Sometimes, malware is written to "piggyback" on these services, thus facilitating behaviors such as automatic software installation, duplication, changing of registry information, replacement of system files, etc. Windows Service Hardening works to prevent this behavior by reducing what Microsoft refers to as Vista's "attack surface."

Service Hardening works by assigning a Security Identifier (SID) to each Windows service, which in turn allows Vista to better control access to the service. In other words, no access to the service is allowed other than what's specified by the SID. Also, services can now be further protected by utilizing access control lists (ACLs), which are private to the service, and which prevent both users and other services from accessing the resource. It also removes any unnecessary service privileges.

Further, Windows Vista services also now run in a less privileged account such as LocalService or NetworkService, rather than the LocalSystem account, ...