Slashdot Mirror
XP SP2 Can Slow Down Business Apps
An anonymous reader submits "Mobile PC magazine installed XP SP2 on a bunch of notebooks and benchmarked them, finding that SP2 caused a 9-percent performance reduction in business productivity apps. While a couple of notebooks performed better, the majority took a 3- to 22-percent performance hit." For now, the story is just at the top of the Mobile PC website, but they promise more details in an upcoming issue.
You can't install a really big bunch of fixes and expect Windows to run faster!
It has been always this way
Disk fragmentation?
I just installed SP2 on my personal laptop that I use for work. I reformatted it yesterday, and I had a CD with SP2 on it. I figured I would rather just install it off the CD that worry about downloading all of those frigging security updates and what-not.
Anyway, I could have sworn the laptop ran faster before I put SP2 on there. I never bothered to benchmark it, but it seems slugish now. And it's not a weak machine (as far as laptops go). 2.4GHz with 1GB Ram.
I'm not about to undo everything I've done. I've installed way too much, and don't want to worry about breaking those apps by removing the patch.
Oh well. I'll just live with it. It's not my main machine anyway, just something to do some DB work with.
I've seen some drag on my system since putting SP2 on, but it's really a double-edged sword.
However, in my experience it's harder now for sites to push ActiveX controls and executables to your PC now, unless you do a bit of tweaking or visit a deliberately malicious site.
Considering the system drag that occurs when the average user installs spyware inadvertently, I'd say the SP2 drag ought to be cancelled out for the time being, as it's a bit harder for spyware to propogate under it.
Correct me if I'm wrong, but shouldn't this have been done right in the beginning itself?
If I were writing any commercial grade code, especially stuff that I know that people would take advantage of, I would sure as hell make sure that I had all my buffer checks in place.
I've heard so much about the programming practices at Microsoft and what not - and yet, ironically, these things keep cropping up so damn bloody often while some operating systems coded by a bunch of loosely connected hackers are way more robust and stable.
Hmm, makes one wonder.
(Heh, funnily OpenBSD site says - Only one remote hole in the default install, in more than 8 years! - I guess it does say a lot).
I do not understand, I would have thought that despite all the shit that MS gets for writing bad code, they would make sure that their code is largely buffer checked. Now, when you have to release stuff from outside to patch up for those, you would obviously be wasting a lot more cycles than if you had done so in the beginning, and well.
Sheesh. They do not do a good job of making software and cause you inconvenience, then they release something to make up for it, and that causes you even more inconvenience.
Hah.
One of the changes in SP2 was a rate limiting / queing behavior for the number of current sockets in the SYN/opening state.
In other words, suppose you have an app which tries to open 30 tcp sockets simultaneously. Some of them will get delayed by the OS.
This is to try and thwart the speed of worms or DDoS programs - which very often try and create a zillion tcp connections that never end up connecting.
Unfortuneately, it has the side effect of hurting some p2p apps (like bittorrent) and some web browsing configurations...especially if you've changed the registry value that sets the # of simultaneous socket connections IE will make to the same site. The default is like 3 or 4, but if you upped it to say, 20, and then hit a site that had 30 images all on the same server... it is likely that some of your http requests will get queued until other connect() attempts complete the handshake.
Does it suck that this is affecting some browser and other scenarios ? Yes. The topic is under discussion internally at microsoft.
The _intent_ was to try and slow down the spread of worms/ddos attacks in the event a machine got compromised....a good goal to have i think anyone would agree..
The implementation, however, does have disadvantages
If you decide to try SP2 again, anytime the connecting socket limit is reached, an very specific/obvious event will be logged in the eventlog. If you are experiencing slower network interactive speeds, try looking in the logs to see if you're hitting it.
One mitigation, by the way, is to have a proxy (i.e. squid) on another machine.. that way your handshakes from IE resolve _Very_ fast and your sockets rapidly go from handshake to connected...thus reducing the likelihood of you hitting the queing behavior.
My opinions are my own, and do not necessarily represent those of my employer.
99 buffer checks don't do you any good if one buffer is missing a check, and that one gets exploited.
That's what their compiler modifications are intended to help with, and from my experience, they help. I do agree that it should have been done sooner, though.
using namespace slashdot;
troll::post();
"Correct me if I'm wrong, but shouldn't this have been done right in the beginning itself?"
Depends on which question you're asking.
"I want Windows to run faster, should we be performing buffer checks?"
"I want Windows to be more secure, should we be performing buffer checks?"
This is not a rebuttal to your post, simply pointing out that it's not as black and white as that. Security is important, but usability is what made Microsoft a success.
"Derp de derp."
I agree. Who gives a shit? When was the last time someone actually upgraded their computer because Word was too slow? Please!
Unless you're playing new games there's no reason to be running anything newer than a Pentium II.
Buffer checking is one way to solve the problem.
Another, non intrusive way of doing it is to include kernel level memory protection. On top of that you could add Users, Groups and privileges and not allow every program to have the run of the system.
Buffer Overruns are as old as C and UNIX has built mechanisism to cope with it that do not put the onus on the programmer, since the memory monitoring is done in the kernel, this is also safer in the long run because it means that a program must break memory protection at the kernel level in order to become "root". Too bad microsoft has yet to come up with a mechanism that UNIX people have been using for years.
Did Glenn Beck rape and kill a girl in 1990? gb1990.com
9% on average on "Business Apps" is to vague too draw any conclusions. Was the slowdown in disk, network, memory, network performance? All of the above?
The slowdown could mean that MS cut some corners and traded speed for security in XPs' pre SP2 version. While fixing security problems they had to perform some extra checks and that dragged performance down. Or, they could've discovered some serious architectural issues with fixing new holes, so they had to do it in a slow and inefficient way due to the fact that their architecture wasn't designed with those checks in mind.
On a side note, I experienced a significant slowdown when running Norton AV that supposedly does a bunch of extra security checks. File and network performance became unbearable at times. It got so bad that I had to ditch NAV so now I am reverting my Windows system every day (I run it under VMWare, Linux is a host system). I found this setup + Zone Alarm to be a better answer to endless Windows security issues.
"You mortals are so obtuse." -Q
there is something seriously wrong with the codebase that SO many exploits turn out everyday.
There probably is, and it's same problem found with virtually all C/C++ code of a certain vintage, Microsoft or not.
Do you think Dennis Ritchie ever gave a shit about checking buffers? How about the millions of coders that copied his style? How about the people that wrote most of UNIX? How about the people that wrote most of Linux distros? Go check the Linux security sites, and you'll get the picture that this was only Job #1 in the last few years.
So, MS wants to hire better hacks than the last round. Big f'ing deal.
Maybe Microsoft needs to determine what the most common software installed on Windows PCs is and even work with software manufactures directly to ensure the greatest compatibility.
Uh hmm, your argument is flawed for the simple reason that just because Linux has buggy code, does not excuse Microsoft from writing good code.
And comparing Dennis Ritchie's code with today's code is again flawed - hell, why, given my today's knowledge of Physics and Mathematics that I learn by my twelfth grade, I would have been the most intelligent man alive 400 years ago.
You do not compare with what Dennis did or might have done, you make a reality check with how things are today - there is a fair section of crackers who want to exploit systems, and if you are in the business of writing commercial code, you'd better be darned good at making sure your code is good because customers are *paying* you for it.
I have another issue with MS - they concentrate more on releasing things early than checking the code full before releasing. If this were an isolated issue, I would not have a problem - it is not. And MS has had so many years in the market, so many top-notch programmers AND the resources. If you want to compare, look at OpenBSD - that's an example of OpenSource code done right - with one remote exploit in 8 years.
Linux is still in it's infancy, and for all that it's capable of it, it's quite unfair to compare it with the products of a 20 year old behemoth. If you ask me, Linux is doing a fantastic job of being a top notch enterprise systems in such a short time, when compared to Microsoft. And very few of the people behind it actually make any money of it. Does that not say a lot?
Uh what are you talking about?
Windows XP has users, groups and privileges, and not every program has the run of the system.
And UNIX is just as vulnerable to buffer overflows as Windows XP. They both are programmed in languages that are prone to such problems.
First off, you seem ignorant of the point that many people did know better than Ritchie, which is why OpenVMS and OS/400 have infinitely better security records than UNIX does.
Second, you're right that (in retrospect) MS probably should have hired those guys instead of the C/UNIX crowd that the unis were producing. Fact is that they didn't though, and irrespective of their monopoly status they got all the same kinds of people and kinds of problems as everyone else.
Finally, it's true they were slower to fix the problems/infrastructure/configuration as some other groups like OpenBSD (which has tons of bugs, just not in the "default install"), so that's a fair assessment. However, flaming them for trying to Do The Right Thing and hire qualified people seems bizarre. Maybe you didn't learn this in college, but millions and millions of lines or source took years to produce and will take years to fix, and it pays to do things right the first time.
It really sounds like this is the Data Execution Protection feature. It's emulation of the NX feature of processors in software, and somewhere on Microsoft's website, I've read that it can slow some applications. There are also instructions for turning this off for the whole system, or just a few apps that seem particularly affected by it.
samrolken
I was not trying to flame MS for their past actions - however Microsoft started out with a fairly clean codebase for both Win2k and WinXP. Given that, it seems bad that such vulnerabilities keep coming up.
I do agree that both Win2k and WinXP are a lot more stable than their predecessors. However, you would think that when you are doing something the second time, you would double-check to make sure that you do not make the same mistakes as you did the first time.
I just feel that this is not happening - and any number of factors could be contributing to it (market, economics, manpower, complexity what not) - but that does not mean you do not take the pains to not do it well. I'm sure Microsoft's trying to take as much care as they can to ensure that this does not happen.
However, despite that, these still seem to be happening. Which is what I find quite baffling - there seems to be a fundamental flaw somewhere in there, and that needs to be taken care of. Which is what I mentioned in my initial posting, too.
metlin, think about it from a political angle:
Systems Group believes and knows buffer checks are important. Systems Group keeps losing the argument at the management meeting level. ie, Marketing: "Damn the buffers! We want more speed ahead!" Result, Systems Group takes their turn at new recruits trying to find more team players for their side, irregardless of the department the recruit is headed for.
Welcome to Microsoft (or any large outfit). There's a lot of politics.
IANAPHB, but it's real important to be able to think like one.
You are right in saying that MS comes from the same Cowboy C Coder Culture (CCCC, ha!), however MS has had a significant amount of time to grow out of it. If twenty five years later they are still doing the same mistakes they did back then (maybe fewer in number, but equally dangerous), there is something wrong.
Fundamentally, yes, you are right in saying that complexity brings such mistakes. However, that's not an excuse to use it as a crutch to release buggy software.
Unsecure software runs faster. All that extra checking things to make sure they're valid and so forth requires processing power. I mean, a login script that just accepts any password entered would require less processing than one that actually checks the data against some other data.
>Seriously. Where in the hell did you get that fucked up idea?
When Windows 95 came out the days of setting individual apps to use your hardware (like sound cards) were over. You didn't have to memorize a bunch of stupid dos commands. Installation of apps was as simple as putting in the CD and hitting 'ok' a couple of times. All this, and you could build your own machine to boot.
And since when did filtering out automatic-MS-hate make my ideas 'fucked up'? You can't tell me that the surge of computer purchases starting around the mid-90's wasn't because of the launch of Windows 95.
"Derp de derp."
"... like OpenBSD (which has tons of bugs, just not in the "default install") ..."
Then these wouldn't be bugs in OpenBSD now would it? Considering that OpenBSD is a minimalist "default install" distribution with little to no frills, this would be a problem with the third party add-ons ("ports"), which are maintained outside the core code base by persons not directly affiliated, and explicitly not OpenBSD itself.
OpenBSD does have bugs in the default install however. It hubris to assume that any software/OS doesn't. But they patch them as soon as they find them as well as implementing means to minimize or eliminate the harmful side effects of them until such time.
OpenBSD adopted a proactive philosophy to thier bugs on its inception. It split from NetBSD over this very issue. They patch things immediatly because they are broke instead of patching because it's being or may be exploited.
Microsoft went out of it way to accomidate the bugs in third party softwares when it designed Windows, which was simply insane. (Contrast OpenBSD's "if it breaks, it deserved to be broken" attitude.) It has maintained a philosophy of "ease of use" over security at every step of Windows development since, which was not a wise tradeoff. To "Do The Right Thing" now is still following thier pattern of reactionism, only now it's the company's image they are trying to patch.
Even to Joe User, Windows is synonymous with instability (which is normally Joe User's fault) and viruses (also normally Joe User's fault), but he doesn't know enough about computers (or care) to use anything else. But because of his ignorance and sloth, when he goes to upgrade, he will still get another Windows box. If windows is now "secure", he wont even bat an eye at that OS option.
MS is doing damage control in the IT sector. Joe User may provide bread and butter to MS, but IT will consitently hemorage money. But IT wants/needs security and MS simply doesn't provide it. As ease of use improves for GNU/Linux, MS will loose the only edge it ever may have had.
Now, with the frequncy of severe exploits surfacing and CERT warnings getting (inter?)national attention, they are at a point where they must do something substantial. So harping the "Secure by Default" (OpenBSD's moto, I must point out) mantra isn't so much a "Do The Right Thing" descision as it is as desperate PR stunt.
But seriously, people, use snprintf. The same for all the other unsafe string handling functions in the C library--use the 'n' variant of the function that accepts a maximum buffer length.
You wouldn't use gets to input a string, would you? I hope...
"When Windows 95 came out the days of setting individual apps to use your hardware (like sound cards) were over."
Maybe for you. But Apple had already solved that problem.
"You can't tell me that the surge of computer purchases starting around the mid-90's wasn't because of the launch of Windows 95."
You seem to be confusing the marketing push that Microsoft did with some form of technical excellence. The people bought the new PC's because they thought they needed them. That's marketing.
People lined up in the rain at midnight to buy Win95. That's marketing.
Win95 was not any technical advance over the existing (see Apple) technology.
"And since when did filtering out automatic-MS-hate make my ideas 'fucked up'?"
It doesn't. But that's not what you're doing. You seem to be claiming all the computer advances to be a result of Microsoft's efforts. They aren't. Microsoft merely took what was already available, put it into their own product and then hyped that product enough that every idiot out there thought Microsoft had invented something new and wonderful and that they had to have it.
This is a know issue. SP2 in fact runs *faster* in some workloads because of some fixes:
http://support.microsoft.com/?kbid=815227
http://support.microsoft.com/?kbid=328264
http://support.microsoft.com/?kbid=332023
http://support.microsoft.com/?kbid=838884
http://support.microsoft.com/?kbid=811169
http://support.microsoft.com/?kbid=815411
http://support.microsoft.com/?kbid=834937
Fixes like this can be found in any SO changelog, including linux and/or BSDs. Think that Windows XP SP1 has been out for a long time, that windows 2003 (which shares their code base) has been developed and in the development process they must have found some nice & safe improvements.
"News for Microsoft Haters. FUD that matters". I'm a linux user, but seriously, is there chance that editors stop putting fud in the front page?
Here you've some lessons: How about instead of "XP SP2 Can Slow Down Business Apps" you name it "MobilePC detected a SP2 slowdown for bussines apps in their notebooks" or "SP2 bug slowdowns some notebooks" (which is the real issue) or some objetive shit instead of your FUD & subjective crap which tries to imply that there's something wrong with the whole SP2? Sure, Windows sucks, but I love to read news about how much it sucks, not just FUD. Just a wish, I don't collaborate with slashdot so I cant tell people what the content is, but I think your readers will appreciate a raise in the quality of windows posts. Thanks.
Because Linux is somehow magically protected from buffer overruns?