Slashdot Mirror

← Back to Stories (view on slashdot.org)

XP SP2 Can Slow Down Business Apps

Posted by timothy on from the tradeoffs-are-everywhere dept.

An anonymous reader submits "Mobile PC magazine installed XP SP2 on a bunch of notebooks and benchmarked them, finding that SP2 caused a 9-percent performance reduction in business productivity apps. While a couple of notebooks performed better, the majority took a 3- to 22-percent performance hit." For now, the story is just at the top of the Mobile PC website, but they promise more details in an upcoming issue.

76 of 359 comments (clear)

  1. Buffer checks by JanusFury · · Score: 5, Interesting

    This is probably due to them recompiling a large number of libraries and system components with the buffer checking and other security features they added into the recent versions of Visual C++. If you ask me, it's worth it, just to know that my Windows box has a few less wide open holes to be exploited.

    It definitely has proven its worth so far - I may be wrong, but I'm pretty sure the reason SP2 isn't vulnerable to that GDI+ JPEG exploit is that they recompiled GDI+ with buffer checks.

    --
    using namespace slashdot;
    troll::post();
    1. Re:Buffer checks by metlin · · Score: 5, Insightful

      ...but I'm pretty sure the reason SP2 isn't vulnerable to that GDI+ JPEG exploit is that they recompiled GDI+ with buffer checks.

      Correct me if I'm wrong, but shouldn't this have been done right in the beginning itself?

      If I were writing any commercial grade code, especially stuff that I know that people would take advantage of, I would sure as hell make sure that I had all my buffer checks in place.

      I've heard so much about the programming practices at Microsoft and what not - and yet, ironically, these things keep cropping up so damn bloody often while some operating systems coded by a bunch of loosely connected hackers are way more robust and stable.
      Hmm, makes one wonder.

      (Heh, funnily OpenBSD site says - Only one remote hole in the default install, in more than 8 years! - I guess it does say a lot).

      I do not understand, I would have thought that despite all the shit that MS gets for writing bad code, they would make sure that their code is largely buffer checked. Now, when you have to release stuff from outside to patch up for those, you would obviously be wasting a lot more cycles than if you had done so in the beginning, and well.

      Sheesh. They do not do a good job of making software and cause you inconvenience, then they release something to make up for it, and that causes you even more inconvenience.

      Hah.

    2. Re:Buffer checks by JanusFury · · Score: 5, Insightful

      99 buffer checks don't do you any good if one buffer is missing a check, and that one gets exploited.

      That's what their compiler modifications are intended to help with, and from my experience, they help. I do agree that it should have been done sooner, though.

      --
      using namespace slashdot;
      troll::post();
    3. Re:Buffer checks by metlin · · Score: 4, Interesting

      The reason I brought that up was because I was interview by Microsoft last summer at Seattle, and one of the groups that interviewed me was the systems group.

      (Funnily, systems wasn't even my area, but still they interviewed me, but that's another story...)

      They were of the opinion that since MS is a favourite target of hackers and the like, any MS programmer ought to go to extraordinary lengths to patch any and all buffer checks and foo bar. I was asked to write some piece of code for compiler design and memory management, and the guy kept harping on buffer checks.

      I would imagine that with ALL those checks, such things would not be common - but lo! and behold, there they are.

      Either they are not doing a good job of doing the whole buffer check thing that the guy harped to me about and it was all hogwash to impress upon you how "important" and "hard" coding in MS is, or there is something seriously wrong with the codebase that SO many exploits turn out everyday.

      I can only guess which one it is.

    4. Re:Buffer checks by NanoGator · · Score: 2, Insightful

      "Correct me if I'm wrong, but shouldn't this have been done right in the beginning itself?"

      Depends on which question you're asking.

      "I want Windows to run faster, should we be performing buffer checks?"

      "I want Windows to be more secure, should we be performing buffer checks?"

      This is not a rebuttal to your post, simply pointing out that it's not as black and white as that. Security is important, but usability is what made Microsoft a success.

      --
      "Derp de derp."
    5. Re:Buffer checks by aws4y · · Score: 2, Insightful

      Buffer checking is one way to solve the problem.
      Another, non intrusive way of doing it is to include kernel level memory protection. On top of that you could add Users, Groups and privileges and not allow every program to have the run of the system.
      Buffer Overruns are as old as C and UNIX has built mechanisism to cope with it that do not put the onus on the programmer, since the memory monitoring is done in the kernel, this is also safer in the long run because it means that a program must break memory protection at the kernel level in order to become "root". Too bad microsoft has yet to come up with a mechanism that UNIX people have been using for years.

      --
      Did Glenn Beck rape and kill a girl in 1990? gb1990.com
    6. Re:Buffer checks by IronChef · · Score: 4, Interesting

      I've heard so much about the programming practices at Microsoft and what not - and yet, ironically, these things keep cropping up so damn bloody often while some operating systems coded by a bunch of loosely connected hackers are way more robust and stable.
      Hmm, makes one wonder.

      the openbsd people are united by an ideology. Microsoft employees are largely, though not exclusively, united simply by the desire for a paycheck.

      I work in a Microsoft facility and let me tell ya, they aren't all smoking what Steve Ballmer is.

      Is it any wonder that quality suffers when compared to a project that is a labor of love?

      Or maybe my bad attitude is why I am a contractor and not full time there. :)

    7. Re:Buffer checks by Anonymous Coward · · Score: 2, Insightful

      there is something seriously wrong with the codebase that SO many exploits turn out everyday.

      There probably is, and it's same problem found with virtually all C/C++ code of a certain vintage, Microsoft or not.

      Do you think Dennis Ritchie ever gave a shit about checking buffers? How about the millions of coders that copied his style? How about the people that wrote most of UNIX? How about the people that wrote most of Linux distros? Go check the Linux security sites, and you'll get the picture that this was only Job #1 in the last few years.

      So, MS wants to hire better hacks than the last round. Big f'ing deal.

    8. Re:Buffer checks by metlin · · Score: 5, Insightful

      Uh hmm, your argument is flawed for the simple reason that just because Linux has buggy code, does not excuse Microsoft from writing good code.

      And comparing Dennis Ritchie's code with today's code is again flawed - hell, why, given my today's knowledge of Physics and Mathematics that I learn by my twelfth grade, I would have been the most intelligent man alive 400 years ago.

      You do not compare with what Dennis did or might have done, you make a reality check with how things are today - there is a fair section of crackers who want to exploit systems, and if you are in the business of writing commercial code, you'd better be darned good at making sure your code is good because customers are *paying* you for it.

      I have another issue with MS - they concentrate more on releasing things early than checking the code full before releasing. If this were an isolated issue, I would not have a problem - it is not. And MS has had so many years in the market, so many top-notch programmers AND the resources. If you want to compare, look at OpenBSD - that's an example of OpenSource code done right - with one remote exploit in 8 years.

      Linux is still in it's infancy, and for all that it's capable of it, it's quite unfair to compare it with the products of a 20 year old behemoth. If you ask me, Linux is doing a fantastic job of being a top notch enterprise systems in such a short time, when compared to Microsoft. And very few of the people behind it actually make any money of it. Does that not say a lot?

    9. Re:Buffer checks by TheLink · · Score: 3, Insightful

      Uh what are you talking about?

      Windows XP has users, groups and privileges, and not every program has the run of the system.

      And UNIX is just as vulnerable to buffer overflows as Windows XP. They both are programmed in languages that are prone to such problems.

      --
    10. Re:Buffer checks by AdamInParadise · · Score: 2, Interesting

      Hey, you! Wake up! This is the 21st century now, not 1988! Those kind of protections were build into the NT kernel since the very beggining (1993 or something), which means win 2k and xp have them.

      Regards,

      --
      Nobox: Only simple products.
    11. Re:Buffer checks by Anonymous Coward · · Score: 3, Insightful

      First off, you seem ignorant of the point that many people did know better than Ritchie, which is why OpenVMS and OS/400 have infinitely better security records than UNIX does.

      Second, you're right that (in retrospect) MS probably should have hired those guys instead of the C/UNIX crowd that the unis were producing. Fact is that they didn't though, and irrespective of their monopoly status they got all the same kinds of people and kinds of problems as everyone else.

      Finally, it's true they were slower to fix the problems/infrastructure/configuration as some other groups like OpenBSD (which has tons of bugs, just not in the "default install"), so that's a fair assessment. However, flaming them for trying to Do The Right Thing and hire qualified people seems bizarre. Maybe you didn't learn this in college, but millions and millions of lines or source took years to produce and will take years to fix, and it pays to do things right the first time.

    12. Re:Buffer checks by omicronish · · Score: 5, Interesting

      Either they are not doing a good job of doing the whole buffer check thing that the guy harped to me about and it was all hogwash to impress upon you how "important" and "hard" coding in MS is, or there is something seriously wrong with the codebase that SO many exploits turn out everyday.

      I was an intern at Microsoft this past summer, and I believe it's the shear quantity and perhaps complexity of software being written that's resulting in these bugs. They really do emphasize writing secure code now (I don't know how it was like before). I shared an office with two other interns, and during several code reviews another intern was involved with, there would be "did you check parameters here? potential buffer overflow? what if this is NULL?" And it wasn't even important code he was working on.

    13. Re:Buffer checks by Anonymous Coward · · Score: 2, Interesting

      Uh what are you talking about?

      Windows XP has users, groups and privileges, and not every program has the run of the system.

      Uh, what are you talking about?

      As a Windows NT programmer for 10 years I, and many others are fully aware that the Windows security model is more comprehensive and flexible than the POSIX model. This is due to the power of NTFS and the uniform interface of the NT object manager.

      However, while this is all dandy, the Windows environment is architected, and third party apps are delivered, that make this entire security system virtually useless. Furthermore, Windows has an aging capability based (policy) system that is now being bested by more modern and truly effective alternatives. It is very difficult to actually maintain Windows NT systems in server or desktop configurations that make use of sane file system and execution policy. To many services need extended system privileges. 99% of NTFS filesystems have uniform perms throughout.

      In short, the great security stuff in Windows is wasted on an overall lame implementation of the system.


      And UNIX is just as vulnerable to buffer overflows as Windows XP. They both are programmed in languages that are prone to such problems.

      It is possible to program in both these OSes with languages other than C. I mention this not only to be an asshole, but also because most security vulnerabilities are found in things other than the kernel.

    14. Re:Buffer checks by metlin · · Score: 4, Insightful

      I was not trying to flame MS for their past actions - however Microsoft started out with a fairly clean codebase for both Win2k and WinXP. Given that, it seems bad that such vulnerabilities keep coming up.

      I do agree that both Win2k and WinXP are a lot more stable than their predecessors. However, you would think that when you are doing something the second time, you would double-check to make sure that you do not make the same mistakes as you did the first time.

      I just feel that this is not happening - and any number of factors could be contributing to it (market, economics, manpower, complexity what not) - but that does not mean you do not take the pains to not do it well. I'm sure Microsoft's trying to take as much care as they can to ensure that this does not happen.

      However, despite that, these still seem to be happening. Which is what I find quite baffling - there seems to be a fundamental flaw somewhere in there, and that needs to be taken care of. Which is what I mentioned in my initial posting, too.

    15. Re:Buffer checks by cowbutt · · Score: 3, Informative
      Immunix for one. Alternatively, taking a slightly different path towards pro-active security measures, Red Hat has recently included exec-shield (as seen previously in Fedora Core 1 onwards) in RHEL3 update 3. FC2 includes SELinux, so that'll probably turn up in RHEL eventually, too.

      --

    16. Re:Buffer checks by metlin · · Score: 4, Insightful

      You are right in saying that MS comes from the same Cowboy C Coder Culture (CCCC, ha!), however MS has had a significant amount of time to grow out of it. If twenty five years later they are still doing the same mistakes they did back then (maybe fewer in number, but equally dangerous), there is something wrong.

      Fundamentally, yes, you are right in saying that complexity brings such mistakes. However, that's not an excuse to use it as a crutch to release buggy software.

    17. Re:Buffer checks by NanoGator · · Score: 2, Insightful

      >Seriously. Where in the hell did you get that fucked up idea?

      When Windows 95 came out the days of setting individual apps to use your hardware (like sound cards) were over. You didn't have to memorize a bunch of stupid dos commands. Installation of apps was as simple as putting in the CD and hitting 'ok' a couple of times. All this, and you could build your own machine to boot.

      And since when did filtering out automatic-MS-hate make my ideas 'fucked up'? You can't tell me that the surge of computer purchases starting around the mid-90's wasn't because of the launch of Windows 95.

      --
      "Derp de derp."
    18. Re:Buffer checks by Tim+C · · Score: 2, Informative

      How should he know how a NULL is handled?

      Well, if he wrote the code that needs to handle the null, then he need to know how it should be handled. If he's inexperienced/junior enough to not be able to decide himself, he should speak to someone who can make that decision for him.

      --
      It's official. Most of you are morons.
    19. Re:Buffer checks by Anonymous Coward · · Score: 2, Insightful

      "... like OpenBSD (which has tons of bugs, just not in the "default install") ..."

      Then these wouldn't be bugs in OpenBSD now would it? Considering that OpenBSD is a minimalist "default install" distribution with little to no frills, this would be a problem with the third party add-ons ("ports"), which are maintained outside the core code base by persons not directly affiliated, and explicitly not OpenBSD itself.

      OpenBSD does have bugs in the default install however. It hubris to assume that any software/OS doesn't. But they patch them as soon as they find them as well as implementing means to minimize or eliminate the harmful side effects of them until such time.

      OpenBSD adopted a proactive philosophy to thier bugs on its inception. It split from NetBSD over this very issue. They patch things immediatly because they are broke instead of patching because it's being or may be exploited.

      Microsoft went out of it way to accomidate the bugs in third party softwares when it designed Windows, which was simply insane. (Contrast OpenBSD's "if it breaks, it deserved to be broken" attitude.) It has maintained a philosophy of "ease of use" over security at every step of Windows development since, which was not a wise tradeoff. To "Do The Right Thing" now is still following thier pattern of reactionism, only now it's the company's image they are trying to patch.

      Even to Joe User, Windows is synonymous with instability (which is normally Joe User's fault) and viruses (also normally Joe User's fault), but he doesn't know enough about computers (or care) to use anything else. But because of his ignorance and sloth, when he goes to upgrade, he will still get another Windows box. If windows is now "secure", he wont even bat an eye at that OS option.

      MS is doing damage control in the IT sector. Joe User may provide bread and butter to MS, but IT will consitently hemorage money. But IT wants/needs security and MS simply doesn't provide it. As ease of use improves for GNU/Linux, MS will loose the only edge it ever may have had.

      Now, with the frequncy of severe exploits surfacing and CERT warnings getting (inter?)national attention, they are at a point where they must do something substantial. So harping the "Secure by Default" (OpenBSD's moto, I must point out) mantra isn't so much a "Do The Right Thing" descision as it is as desperate PR stunt.

    20. Re:Buffer checks by sg_oneill · · Score: 2, Interesting

      actually the better record has to do with the fact fk all people use OS/400 / OpenVMS.

      Yeah unix had some silly bugs, but that partly cos it was written by a really small team in spare time and became uber-popular despite it never really being intended to , and in an age where hackers where guys who logged in and FIXED your shit.

      --
      Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
    21. Re:Buffer checks by Frankie70 · · Score: 2, Funny

      How should he know how a NULL is handled? Isn't there an operating system that's supposed to do that stuff?

      Where's that damn garbage collector???

      Have you ever coded C or C++ in your life?



      But I have nightmares where I write Win32 apps in FoxPro.

      I can believe that.

    22. Re:Buffer checks by dirk · · Score: 2, Informative

      While you are right it is not fair to compare coding from 20 years ago with that of today, it is also unfair to compare OpenBSD with MS. They are aiming at 2 completely seperate goals, so of course they will be different. OpenBSD has the goal of being as secure as possible. They are extremely good at this. They also do not support many of the newest and greatest things and their usability is pretty bad. MS has the opposite goal. They want to have an incredibly usable OS which supports all the latest and greatest hardware and innovations.

      Security and usability are on 2 ends of the same spectrum. If you want usability, you have to give up security and vice versa. MS for years has tried to get as close to usability as they could and they gave up security to do it. They are now trying to strike a balance between the 2. They will never be secure as BSD, because they can't give up all usability like BSD can, because their user base is Joe Average.

      --

      "Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
    23. Re:Buffer checks by LO0G · · Score: 2, Insightful

      Because Linux is somehow magically protected from buffer overruns?

    24. Re:Buffer checks by jazman_777 · · Score: 2, Informative
      given my today's knowledge of Physics and Mathematics that I learn by my twelfth grade, I would have been the most intelligent man alive 400 years ago.

      Learning what other people have figured out is not intelligence, it's education. You'd be more educated, but I hardly think more intelligent.

      --
      Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
    25. Re:Buffer checks by glitch23 · · Score: 4, Funny

      "did you check parameters here? potential buffer overflow? what if this is NULL?" And it wasn't even important code he was working on.

      Clippy can still be dangerous if he goes unchecked.

      --
      this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
  2. It was to be expected... by lesterchakyn · · Score: 5, Insightful

    You can't install a really big bunch of fixes and expect Windows to run faster!

    It has been always this way

    1. Re:It was to be expected... by teamhasnoi · · Score: 2, Insightful
      not since 10.3 ($29) - I'm on 10.3.5. Faster every time.

      Of course MS is making users pay each upgrade - with their exploit ridden code, poor programming decisions, and heavy handed activation tactics, inconsistent UI, predatory business practices, FUD-filled marketing and the push to DRM lock in - every user of Windows pays. Through the nose.

      I will happily move up to 10.4 when it comes out, and pay for it too. I like supporting a company that fixes exploits before they've been in the wild for months, that introduces features that MS can't touch for years, and provides an OS that doesn't work against me.

    2. Re:It was to be expected... by Tim+C · · Score: 2, Interesting

      Oh, bull.

      with their exploit ridden code

      I've been running various versions of Windows for 7 years now, and have not been exploited once. Sure, there are exploits in there, but they only catch the incautious and foolish. Avoiding them is *easy*, with a little computer literacy.

      poor programming decisions

      I can't comment on that, and nor can you, unless you've been privvy to some of those decisions. I'll agree that some of the *design* decisions are curious to say the least, but that may well have been marketing-driven.

      and heavy handed activation tactics

      Install XP Pro. Activate - two, maybe three clicks. A year later, after futzing around with my hardware, I need to reactivate. Two, maybe three clicks later, it's reactivated. Total impact to me: 30 seconds? "Heavy handed"? Only if you're constantly swapping hardware around, or trying to use a pirated copy.

      inconsistent UI

      The *Windows* UI is consistent. *Office*, on the other hand...

      predatory business practices

      I'll give you that one, but temper it by pointing out that most (large) companies are as predatory as they think they can get away with being. At least MS isn't purposely draining pension funds, or flouting environmental laws, etc.

      FUD-filled marketing

      I'll give you that one too, but again, there's an awful lot of anti-MS FUD being pushed by sites such as this one. Two wrongs do not make a right.

      the push to DRM lock in

      I see that as accepting the inevitable. The *IAs are pushing hard for legally-mandated technological restrictions, and rather than wasting time and money on a fight MS might well lose, they're just doing what so many /.ers wish teh *IAs would do - working to embrace a technology-driven change. I dare say that lots of large meetings full of MS big-wigs have taken place, in which they've decided that it's best *for MS* to create the technology, rather than try to fight it. Sure, it'd be nice if they'd fight for our rights, but that's not what corporations are for, unfortunately.

      every user of Windows pays. Through the nose.

      Well, that's your opinion, but I can't say I see things the same way. All I see is a stable, largely hassle-free OS that gets out of my way and lets me get on with using my PC. Even after 5 years of using Linux, including 2 of using it as my primary OS at work, I couldn't say the same about that. OS X may well be the Second Coming of the perfect OS, but it doesn't run on my hardware.

      --
      It's official. Most of you are morons.
  3. This has to do with... by Anonymous Coward · · Score: 2, Interesting

    This has to do with a buggy CPU "driver" in SP2, rolling back that driver to the pre-SP1 version should correct the slowdown.

  4. That Explains A Lot by kannibal_klown · · Score: 3, Insightful

    I just installed SP2 on my personal laptop that I use for work. I reformatted it yesterday, and I had a CD with SP2 on it. I figured I would rather just install it off the CD that worry about downloading all of those frigging security updates and what-not.

    Anyway, I could have sworn the laptop ran faster before I put SP2 on there. I never bothered to benchmark it, but it seems slugish now. And it's not a weak machine (as far as laptops go). 2.4GHz with 1GB Ram.

    I'm not about to undo everything I've done. I've installed way too much, and don't want to worry about breaking those apps by removing the patch.

    Oh well. I'll just live with it. It's not my main machine anyway, just something to do some DB work with.

    1. Re:That Explains A Lot by LnxAddct · · Score: 2, Insightful

      Laptops and SP2 don't mix. The CPU frequency throttling driver is for some reason pushed back to a version prior to SP1 and works horribly. Your computer may be running at 600-700mhz despite what its telling you. It may not feel 4 times slower though because I doubt you often ever need to go above 800mhz in usage despite what the marketing departments will tell you (this may be different in your case if you develop or run a DB engine on it, but I'm referencing the typical home user). But in short, yes it just doesn't feel slow, it is slow. (in case anyone is wondering why an OS would change the CPU speed, its to help extend battery life, i.e. if the laptop is on battery, the processor is typically running at half speed as opposed to full speed when plugged in)
      Regards,
      Steve

  5. Another benchmark test by Adam9 · · Score: 4, Informative

    Here is another article where they ran different benchmarks on SP2 and SP1. The office productivity test was the one with the biggest difference. The article puts the blame on the new firewall.

    They should compare a PC with SP2 and one with SP1 with a third party firewall.

  6. Why- by thewldisntenuff · · Score: 4, Interesting

    was this even posted at all?

    This wasn't even a readable story - just a small synopsis of a story that will be featured in Mobile PC mag next month. There could have been plenty more info, but instead we got two paragraphs.....

    OTOH, is an average 9% drop in performance even an issue? I mean, 9% in office apps is nothing....Who needs high performance when typing, making spreadsheets, or even a PowerPoint presentation?

    This (once again) illustrates the MS push towards security over performance/compatibility

    -thewldisntenuff

    --
    My MythTV HowTo
    1. Re:Why- by eqkivaro · · Score: 3, Insightful

      I agree. Who gives a shit? When was the last time someone actually upgraded their computer because Word was too slow? Please!

      Unless you're playing new games there's no reason to be running anything newer than a Pentium II.

    2. Re:Why- by metlin · · Score: 2, Interesting

      Although I agree with most of you said, I have a bone to pick with this statement -

      OTOH, is an average 9% drop in performance even an issue? I mean, 9% in office apps is nothing....Who needs high performance when typing, making spreadsheets, or even a PowerPoint presentation?

      Hmmm, I guess you've never been in a corporate business office, where excel sheets running into hundreds of pages are opened. Or business plans and product specs that run into hundreds of pages are opened.

      Why go that far, you've apparently not tried writing a paper in MS Word - I've been trying to get a couple of papers done for a conference deadline coming up on Monday - and my system is so terribly slow that it's unbelievable.

      Sure, you can compromise on speed - but why? Why should I, when I don't need to? Had MS done this right from the beginning, the performance hit could have atleast reduced (to say 5%). That is still a significant gain when compared to 10%, which in my opinion is QUITE slow. If you had a latency of 10% in all your networks, you would know what am talking about.

    3. Re:Why- by mrowlands · · Score: 2, Interesting

      because "insert your favourite game here" runs 9% slower now

  7. Coral Cache Link by Anonymous Coward · · Score: 3, Informative

    Cached link in case it gets Slashdotted.

  8. Positives and negatives by Bill_Royle · · Score: 4, Insightful

    I've seen some drag on my system since putting SP2 on, but it's really a double-edged sword.

    However, in my experience it's harder now for sites to push ActiveX controls and executables to your PC now, unless you do a bit of tweaking or visit a deliberately malicious site.

    Considering the system drag that occurs when the average user installs spyware inadvertently, I'd say the SP2 drag ought to be cancelled out for the time being, as it's a bit harder for spyware to propogate under it.

  9. Re:Of course. by savagedome · · Score: 4, Interesting

    my internet lagged so bad I had to reinstall Windows Xp. Worked better after that.

    Bollocks. Reinstall XP? Did you atleast try removing SP2 to begin with? You could atleast set a system restore point before you do any major upgrade that contains patches and/or including third party drivers.

    I am no Windows fan but just trying to make it sensational that you had to reinstall XP from scratch doesn't really do anything. I have installed SP2 pretty much after it was released and have had no problems. (Well, of course some people are going to see glitches considering the size of that damn thing).

    And maybe, just maybe, did you think of the possibility that your *P2P* app might be the bugger. Just a thought.

    --


    Free XBox, PS2
  10. Putty and SP2 (It's a business app, really! ;) ) by realdpk · · Score: 2, Interesting

    Has anyone noticed an increase in how long it takes Putty to start up post-SP2? I thought it was the firewall at first, but I disabled that. It still takes about 5 seconds to launch, where before it was instant.

  11. You might be hitting the socket limit.. by bmajik · · Score: 5, Insightful

    One of the changes in SP2 was a rate limiting / queing behavior for the number of current sockets in the SYN/opening state.

    In other words, suppose you have an app which tries to open 30 tcp sockets simultaneously. Some of them will get delayed by the OS.

    This is to try and thwart the speed of worms or DDoS programs - which very often try and create a zillion tcp connections that never end up connecting.

    Unfortuneately, it has the side effect of hurting some p2p apps (like bittorrent) and some web browsing configurations...especially if you've changed the registry value that sets the # of simultaneous socket connections IE will make to the same site. The default is like 3 or 4, but if you upped it to say, 20, and then hit a site that had 30 images all on the same server... it is likely that some of your http requests will get queued until other connect() attempts complete the handshake.

    Does it suck that this is affecting some browser and other scenarios ? Yes. The topic is under discussion internally at microsoft.

    The _intent_ was to try and slow down the spread of worms/ddos attacks in the event a machine got compromised....a good goal to have i think anyone would agree..

    The implementation, however, does have disadvantages

    If you decide to try SP2 again, anytime the connecting socket limit is reached, an very specific/obvious event will be logged in the eventlog. If you are experiencing slower network interactive speeds, try looking in the logs to see if you're hitting it.

    One mitigation, by the way, is to have a proxy (i.e. squid) on another machine.. that way your handshakes from IE resolve _Very_ fast and your sockets rapidly go from handshake to connected...thus reducing the likelihood of you hitting the queing behavior.

    --
    My opinions are my own, and do not necessarily represent those of my employer.
    1. Re:You might be hitting the socket limit.. by Tim+C · · Score: 2, Informative

      ok don't let the computer make more than 5 simultaneous connections

      That's not what it's doing at all, you can still have as many simultaneous connections as you want. What you can't have is more than 20 connections waiting to completely open; any more than 20 get queued until some of those 20 have completed (or failed).

      Sure, sucks if you run apps that regularly open up a whole bunch of connections to hosts that may or may not be answering right now, but having checked my logs it's only happened to me a handful of times since I installed SP 2, despite running p2p apps while web browsing or playing online games, so it's really not that big a deal for "normal" users.

      --
      It's official. Most of you are morons.
  12. Not a code change.. a compiler flag change.. by bmajik · · Score: 5, Informative

    specifically, the /GS flag to the VC++ compiler.

    The compiler was modified to support automatic stack overflow checking (i.e. canaries). Server 2003 was compiled with this (and as a result, MANY things that are shared-code problems resulting in exploits on other NT based OSes are either ineffective or DoS attacks on Server 2003).

    The idea is that /GS compiled binaries will cause the OS to terminate the app rather then letting code execute. The source code generally doesn't need changes.

    So, its a defense in depth tactic. Ideally, there'd be no BO's in code. But there are. Terminating the program with an explanation as to why is better than letting people run code on your box. :)

    --
    My opinions are my own, and do not necessarily represent those of my employer.
    1. Re:Not a code change.. a compiler flag change.. by cortana · · Score: 2, Insightful
      Given the state of software on the platform, it comes as no surprise that Windows programmers make use of functions like sprintf. *ducks, runs*

      But seriously, people, use snprintf. The same for all the other unsafe string handling functions in the C library--use the 'n' variant of the function that accepts a maximum buffer length.

      You wouldn't use gets to input a string, would you? I hope...

    2. Re:Not a code change.. a compiler flag change.. by darkain · · Score: 2, Informative

      actually, snprintf was marked as unsecure as well in the new CRT. sprintf_s is the replacement for both sprintf and snprintf.

  13. Welcome to Windows upgrades by coupland · · Score: 4, Interesting

    If you thought SP2 would be a speed upgrade then you also buy the previous lines that Win98, ME, NT4, W2K, XP would make Windows faster than previous versions. Of course these fallacies are based on the assumption that you would install the upgrade on a *newer* PC than their sample set. No Windows update has ever been faster than its predecessors.

    Period.

  14. Poll question! by corsair2112 · · Score: 4, Funny

    If I post an "article" on my 5 megs of webspace provided to me by my ISP denouncing Windows XP saying that installing SP2 will steal my first born and rape my cats, then "create" some benchmarks to prove my point, then submit the article to slashdot, will it make it on the frontpage?

    I'll even conclude in the article that running linux will solve world hunger and even do my laundry.

    1. Re:Poll question! by Stevyn · · Score: 3, Funny

      Yes it will. And the third post will point out it's a dupe.

      Nothing to see here; move along.

    2. Re:Poll question! by vrt3 · · Score: 2, Informative

      Only if you are Roland Piquepaille or whatever his name is.

      --
      This sig under construction. Please check back later.
  15. Reality check by Card · · Score: 3, Interesting

    Correct me if I'm wrong, but given today's hardware, is 10-20% slowdown even noticeable to the average user running, say, Word? IIRC, the threshold for user to notice anything meaningful is around 30% in day-to-day operations.

    Games are a different beast, but does the user even care if loading a spreadsheet takes an extra second or two?

  16. 2 things by slobber · · Score: 3, Insightful

    9% on average on "Business Apps" is to vague too draw any conclusions. Was the slowdown in disk, network, memory, network performance? All of the above?

    The slowdown could mean that MS cut some corners and traded speed for security in XPs' pre SP2 version. While fixing security problems they had to perform some extra checks and that dragged performance down. Or, they could've discovered some serious architectural issues with fixing new holes, so they had to do it in a slow and inefficient way due to the fact that their architecture wasn't designed with those checks in mind.

    On a side note, I experienced a significant slowdown when running Norton AV that supposedly does a bunch of extra security checks. File and network performance became unbearable at times. It got so bad that I had to ditch NAV so now I am reverting my Windows system every day (I run it under VMWare, Linux is a host system). I found this setup + Zone Alarm to be a better answer to endless Windows security issues.

    --
    "You mortals are so obtuse." -Q
  17. I think the problem stems from the testing itself by Gary+Destruction · · Score: 2, Insightful

    Maybe Microsoft needs to determine what the most common software installed on Windows PCs is and even work with software manufactures directly to ensure the greatest compatibility.

  18. Hello morons, turn off DEP by Anonymous Coward · · Score: 3, Informative

    http://support.microsoft.com/default.aspx?kbid=875 352&product=windowsxpsp2

    Note the /NoExecute=AlwaysOff option in the article.

    Well known cause for much of the slow down some people find with SP2. Of course, this opens you up to morphic/purposefully overwritten code exploits, but such is life.

    1. Re:Hello morons, turn off DEP by Qrlx · · Score: 2, Informative

      Hmm.... from the KB article

      Currently, the only x86 processors that support No-Execute functionality are the AMD 32/64-bit Opteron and Athlon-64.

      Since this doesn't affect Intel, this can't account for all the slow-downs people are expieriencing.

      (Not that I bothered to read the article in Mobile PC.)

    2. Re:Hello morons, turn off DEP by robhancock · · Score: 3, Informative

      No-execute protection still does something on CPUs not supporting hardware NX, it's just not quite as effective.

  19. Maybe not faster, but more of the same apps! by EtherAlchemist · · Score: 4, Funny


    I found one instance where a fix actually allows you to pirate OTHER software (or at the very least violate otherwise restrictive "one machine at a time" clauses in the EULA).

    I installed SP2 and didn't notice any problems at all. Then, I fired up Fireworks which has a little util that sees if other copies using the same license are running on the network (who, me?) and was prompted by Windows telling me that the service had been blocked and did I want to Continue Blocking, Unblock or should it Ask Me Later.

    Well, so far, choosing Ask Me Later has enabled (for testing, of course) running multiple copies of single license software when we would not have been able to previously.

    Neat! Thanx Bill!

    --
    R(k)
  20. so its come to this. by JVert · · Score: 5, Funny

    This should actually be posted in the politics corner. I gotta admit ./ is doing a lot better job at playing politics then certain US canidates. Seriously, a service pack to perform maintence and add some very usefull features. What is the general response? "SP2 broke my edonkey and made my girlfriend (online) break up with me." OH OH! now its slower with certain progams because they switched some compile flags that they should have enabled years ago!

  21. Isn't that how it always is by Anonymous Coward · · Score: 5, Funny

    You can either get your ass kicked by gamers for having a slow machine, or by hackers for having an insecure one.

  22. hmm only 9% performance hit? by pavera · · Score: 2, Interesting

    I've attempted to install SP2 on three machines now and I'm not trying any more. After the 1st install, the system blue screened, and could not be recovered, had to reinstall from scratch.

    The second attempted install got about 2/3rds of the way done and then crashed resulting in an unstable system. The partial install could not be completely removed, and the machine would crash often, another reinstall from scratch.

    the third attempted install died in the early stages repeatedly (about 15 seconds after starting the install) and never got past that point.

    These were three completely different systems with different software installed, but all ended up with the same result, no SP2 without a complete clean installation of XP first. I'm so disgusted with MSs QA right now, I never plan to install SP2 again, because my time is too valuable to spend entire days rebuilding systems just because they can't write updates to their software.

    Hell in Gentoo and Debian I update the entire system with a single command and download hundreds of software packages equalling hundreds of MBs and it all goes smooth as silk, can't MS figure out how to copy files from an update package into the system without blowing it all to hell?

  23. WINDOWS by YrWrstNtmr · · Score: 4, Funny

    ...actually HAS business apps.

  24. News Flash! by Phat_Tony · · Score: 4, Funny
    XP SP II Can Slow Down Business Aps!

    Similar problems have been found with XP SP I, the original XP, along with Windows 2000, 98, ME, CE, 95, and 3.1.

    --
    Can anyone tell me how to set my sig on Slashdot?
  25. It really sounds like this is the DEP feature. by samrolken · · Score: 2, Insightful

    It really sounds like this is the Data Execution Protection feature. It's emulation of the NX feature of processors in software, and somewhere on Microsoft's website, I've read that it can slow some applications. There are also instructions for turning this off for the whole system, or just a few apps that seem particularly affected by it.

    --
    samrolken
  26. Sheesh, slowdown! That's nothing... by YE · · Score: 4, Funny

    ...some business apps like Gator even refuse to run!

  27. For the sake of Fairness: by Cyberllama · · Score: 3, Insightful

    Unsecure software runs faster. All that extra checking things to make sure they're valid and so forth requires processing power. I mean, a login script that just accepts any password entered would require less processing than one that actually checks the data against some other data.

  28. Defragment C:! by prandal · · Score: 3, Interesting

    After installing SP2, defragment your hard drive - so many core files are replaced that the system's performance will be even more sub-optimal than usual until you do this.

  29. XP SP2 can give you a serious headache by Linker3000 · · Score: 3, Interesting

    Since installing SP2 on a laptop, the printouts from Treeview Pro (a directory listing program) have had every printed character flipped on its vertical axis - all the letters are in the right place but the wrong way round so - for example, all 'b's look like 'd' - it's readable but makes your brain hurt!!

    Does anyone have a weirder SP2 effect?

    --
    AT&ROFLMAO
    1. Re:XP SP2 can give you a serious headache by ctid · · Score: 2, Funny

      I've said it before and I'll say it again: Windows is just not ready for the desktop. Maybe in a few years, but at the moment, it's not quite there yet. It's perfectly OK for a serv.... well, not OK exactly, but more or less adequate... well, not adequate either of course, what with all those security problems, but ...

      Hang on, remind me again why people use Windows?

      --
      Reality is defined by the maddest person in the room
  30. Re:typical microsoft... by Sirch · · Score: 2, Funny

    You really don't get the Profit!!! joke, do you...

    --
    We Build Beautiful Websites
  31. Re:Of course. by Conor+Turton · · Score: 2, Funny
    Right after installing SP2 for the first time, my internet lagged so bad I had to reinstall Windows Xp. Worked better after that.

    Thankyou for displaying your unbelievable lack of technical competency. The rest of us would've uninstalled SP2.

    --
    Conor "You're not married,you haven't got a girlfriend and you've never seen Star Trek? Good Lord!" - Patrick Stewart
  32. Buggy uxtheme.dll causes a GDI handle leak! by fakeplastic · · Score: 2, Interesting

    XP2 also ships with a buggy xptheme.dll that causes any MFC application that creates windows with a caption (such as MDI child windows for example) to leak 6 GDI handles (HRGNs) every time a window is created. This bug is causing me some serious problems with one of my MFC apps that uses lots of CWnd-derived windows.

    To make matters worse, MS actually fixed this bug with SP1, but have gone and broken it again with SP2! After all that testing they did? Unbelievable.

    And, of course, I have no idea how I can officially report this bug to MS, let alone get them to fix it. There is a KB article for the original XP problem at http://support.microsoft.com/?kbid=319740.

    There is a workaround - use Classic mode instead of Theme mode - fine for me, but try telling my users they cannot run in Fisher Price mode!

    What a royal PITA. My users are screaming for a fix (as my app runs all day long, and as many users use Standby mode, it can stay loaded until the next reboot, leaking bloody handles at a frightening rate!).

    Anyone here have any experience reporting problems like this and getting them actioned? I don't know where to start (I have posted the problem to the MFC group).

  33. Buy a Mac. by khasim · · Score: 2, Insightful

    "When Windows 95 came out the days of setting individual apps to use your hardware (like sound cards) were over."

    Maybe for you. But Apple had already solved that problem.

    "You can't tell me that the surge of computer purchases starting around the mid-90's wasn't because of the launch of Windows 95."

    You seem to be confusing the marketing push that Microsoft did with some form of technical excellence. The people bought the new PC's because they thought they needed them. That's marketing.

    People lined up in the rain at midnight to buy Win95. That's marketing.

    Win95 was not any technical advance over the existing (see Apple) technology.

    "And since when did filtering out automatic-MS-hate make my ideas 'fucked up'?"

    It doesn't. But that's not what you're doing. You seem to be claiming all the computer advances to be a result of Microsoft's efforts. They aren't. Microsoft merely took what was already available, put it into their own product and then hyped that product enough that every idiot out there thought Microsoft had invented something new and wonderful and that they had to have it.

  34. /.: News for Microsoft Haters. FUD that matters by diegocgteleline.es · · Score: 2, Insightful

    This is a know issue. SP2 in fact runs *faster* in some workloads because of some fixes:
    http://support.microsoft.com/?kbid=815227
    http://support.microsoft.com/?kbid=328264
    http://support.microsoft.com/?kbid=332023
    http://support.microsoft.com/?kbid=838884
    http://support.microsoft.com/?kbid=811169
    http://support.microsoft.com/?kbid=815411
    http://support.microsoft.com/?kbid=834937

    Fixes like this can be found in any SO changelog, including linux and/or BSDs. Think that Windows XP SP1 has been out for a long time, that windows 2003 (which shares their code base) has been developed and in the development process they must have found some nice & safe improvements.

    "News for Microsoft Haters. FUD that matters". I'm a linux user, but seriously, is there chance that editors stop putting fud in the front page?

    Here you've some lessons: How about instead of "XP SP2 Can Slow Down Business Apps" you name it "MobilePC detected a SP2 slowdown for bussines apps in their notebooks" or "SP2 bug slowdowns some notebooks" (which is the real issue) or some objetive shit instead of your FUD & subjective crap which tries to imply that there's something wrong with the whole SP2? Sure, Windows sucks, but I love to read news about how much it sucks, not just FUD. Just a wish, I don't collaborate with slashdot so I cant tell people what the content is, but I think your readers will appreciate a raise in the quality of windows posts. Thanks.

  35. Defrag? by freakmaster · · Score: 2, Interesting

    just wondering. these service packs replace more or less every file in the operating system. the files/registry might have been fragmented somewhat, or perhaps the newer files weren't all grouped together nicely for quick access. Laptop disks are usually slower than desktops, i believe they only started shipping 7200 RPM disks in the high end laptops recently (and we all know how much difference 7200 rpm drives made when we started getting them in desktops 4-5 years ago). just a theory, but I would have fully defragged sp1 (including registry hives, pagefile etc...), benched, installed sp2, defragged again and benched. probably wouldn't account for all the slowness, i'm sure bufferchecking and sending personal information to mothership take up plenty of resources as well.

  36. snprintf is not ANSI C89 by tepples · · Score: 2, Interesting

    You wouldn't use gets to input a string, would you? I hope

    There's a difference between fgets, a safe alternative to gets that is in ANSI C89, and snprintf, a safe alternative to sprintf that is in ISO C99 but is not in ANSI C89. Not all useful platforms have a conforming C99 compiler. So how can one do the equivalent of snprintf portably?

  37. Updated recipe by gkwok · · Score: 2, Funny
    In this case, the Profit step should be inserted between steps 1 and 2.

    And then between steps 2 and 3, 3 and 4, and 4 and 5.