No - win32 isn't bad. Windows wouldn't be Windows without it
Win32 is essentially a description of a level at which programs run (a type of program if you will) and and the Name of a Windows API (programming interface). Almost everything uses it. It's nothing to be scared of in it's own right.
WinAmp - well, there are things that WinAmp can do that require the internet. Howver, if you're just using it to p[lay music, there's no need, and so it's safe to block it.
NT Kernel and System - aka ntoskrnl.exe - This file is one at the very core of Windows. It's integral to the boot process for one thing. My opinion is that it has no business whatsoever connecting to the outside world.
Block it
LSA Shell (export version) - Lsass.exe - Deals with security on your PC such as logons etc. again, I don't see much need for it to to have net access for your average user.
Block it
Generic Host Process for Win32 services - Svchost.exe - Another core part of windows and absolutely central to the running of windows. It manages 32 bit DLL's amongst other things. It also contructs a list of services that need to be loaded from the Registry when windows boots. I have no idea what this needs internet access for, but in my experience it does, and quite frequently.
Allow it -
If anyone can tell me why this needs access, please let me know!.
Application Layer Gateway service - alg.exe - Required if you use a thirdparty (software) firewall or intenet connection sharing.
Allow it
NDIS User mode I/O driver - ndisuio.sys - Part of an NDIS protocol driver supporting wireless devices such as bluetooth etc.
Allow it or ask
windows explorer - explorer.exe - integral part of windows. It's the bit that shows you your desktop, and every window you use to browse your files from "my computer" onwards, amongst other things. It doesn't need internet access unless you use it to access the internet or for FTP.
Ask or Block it
client server Runtime Process - csrss.exe - Csrss stands for client/server run-time subsystem. It's the usermode section of win32. It's essential for the running of your system, responsible for creating or deleting process threads and certain parts of the Virtual DOS thing (still not entirely sure what to call it. lol). I see no reason for it to access the internet.
Block it.
WMI - wmiprvse.exe - I don't know what it does really. Something to do with the monitoring and reporting of events. To be honest, I don't know whether it has a reson to want an internet connection or not. However, I'd recommend blocking it. So,
ask or block it.
Before I set my name to the above recommendationas as gospel though, it would be great if someone else could come along and confirm or correct any of it. That said, the recommendations above shouldn't cause any harm - even if I have gotten something worng (don't
think I have) it can be easily undone - the worst that could happen is something particular can't work on the internet.
When SPF asks you about something in futere, you're doing the right thing. If in doubt, block it (without remembering the choice). When you get chance, look it up or ask someone, and then you're ready to tell it what do do properly next time it happens
Hope this helps.
