XP SP2 Can Slow Down Business Apps

An anonymous reader submits "Mobile PC magazine installed XP SP2 on a bunch of notebooks and benchmarked them, finding that SP2 caused a 9-percent performance reduction in business productivity apps. While a couple of notebooks performed better, the majority took a 3- to 22-percent performance hit." For now, the story is just at the top of the Mobile PC website, but they promise more details in an upcoming issue.

Buffer checks

[JanusFury]

This is probably due to them recompiling a large number of libraries and system components with the buffer checking and other security features they added into the recent versions of Visual C++. If you ask me, it's worth it, just to know that my Windows box has a few less wide open holes to be exploited.

It definitely has proven its worth so far - I may be wrong, but I'm pretty sure the reason SP2 isn't vulnerable to that GDI+ JPEG exploit is that they recompiled GDI+ with buffer checks.

Re:Buffer checks

[metlin]

...but I'm pretty sure the reason SP2 isn't vulnerable to that GDI+ JPEG exploit is that they recompiled GDI+ with buffer checks.

Correct me if I'm wrong, but shouldn't this have been done right in the beginning itself?

If I were writing any commercial grade code, especially stuff that I know that people would take advantage of, I would sure as hell make sure that I had all my buffer checks in place.

I've heard so much about the programming practices at Microsoft and what not - and yet, ironically, these things keep cropping up so damn bloody often while some operating systems coded by a bunch of loosely connected hackers are way more robust and stable.
Hmm, makes one wonder.

(Heh, funnily OpenBSD site says - Only one remote hole in the default install, in more than 8 years! - I guess it does say a lot).

I do not understand, I would have thought that despite all the shit that MS gets for writing bad code, they would make sure that their code is largely buffer checked. Now, when you have to release stuff from outside to patch up for those, you would obviously be wasting a lot more cycles than if you had done so in the beginning, and well.

Sheesh. They do not do a good job of making software and cause you inconvenience, then they release something to make up for it, and that causes you even more inconvenience.

Hah.

Re:Buffer checks

[JanusFury]

99 buffer checks don't do you any good if one buffer is missing a check, and that one gets exploited.

That's what their compiler modifications are intended to help with, and from my experience, they help. I do agree that it should have been done sooner, though.

Re:Buffer checks

[metlin]

The reason I brought that up was because I was interview by Microsoft last summer at Seattle, and one of the groups that interviewed me was the systems group.

(Funnily, systems wasn't even my area, but still they interviewed me, but that's another story...)

They were of the opinion that since MS is a favourite target of hackers and the like, any MS programmer ought to go to extraordinary lengths to patch any and all buffer checks and foo bar. I was asked to write some piece of code for compiler design and memory management, and the guy kept harping on buffer checks.

I would imagine that with ALL those checks, such things would not be common - but lo! and behold, there they are.

Either they are not doing a good job of doing the whole buffer check thing that the guy harped to me about and it was all hogwash to impress upon you how "important" and "hard" coding in MS is, or there is something seriously wrong with the codebase that SO many exploits turn out everyday.

I can only guess which one it is.

Re:Buffer checks

[IronChef]

I've heard so much about the programming practices at Microsoft and what not - and yet, ironically, these things keep cropping up so damn bloody often while some operating systems coded by a bunch of loosely connected hackers are way more robust and stable.
Hmm, makes one wonder.

the openbsd people are united by an ideology. Microsoft employees are largely, though not exclusively, united simply by the desire for a paycheck.

I work in a Microsoft facility and let me tell ya, they aren't all smoking what Steve Ballmer is.

Is it any wonder that quality suffers when compared to a project that is a labor of love?

Or maybe my bad attitude is why I am a contractor and not full time there. :)

Re:Buffer checks

[metlin]

Uh hmm, your argument is flawed for the simple reason that just because Linux has buggy code, does not excuse Microsoft from writing good code.

And comparing Dennis Ritchie's code with today's code is again flawed - hell, why, given my today's knowledge of Physics and Mathematics that I learn by my twelfth grade, I would have been the most intelligent man alive 400 years ago.

You do not compare with what Dennis did or might have done, you make a reality check with how things are today - there is a fair section of crackers who want to exploit systems, and if you are in the business of writing commercial code, you'd better be darned good at making sure your code is good because customers are *paying* you for it.

I have another issue with MS - they concentrate more on releasing things early than checking the code full before releasing. If this were an isolated issue, I would not have a problem - it is not. And MS has had so many years in the market, so many top-notch programmers AND the resources. If you want to compare, look at OpenBSD - that's an example of OpenSource code done right - with one remote exploit in 8 years.

Linux is still in it's infancy, and for all that it's capable of it, it's quite unfair to compare it with the products of a 20 year old behemoth. If you ask me, Linux is doing a fantastic job of being a top notch enterprise systems in such a short time, when compared to Microsoft. And very few of the people behind it actually make any money of it. Does that not say a lot?

Re:Buffer checks

[omicronish]

Either they are not doing a good job of doing the whole buffer check thing that the guy harped to me about and it was all hogwash to impress upon you how "important" and "hard" coding in MS is, or there is something seriously wrong with the codebase that SO many exploits turn out everyday.

I was an intern at Microsoft this past summer, and I believe it's the shear quantity and perhaps complexity of software being written that's resulting in these bugs. They really do emphasize writing secure code now (I don't know how it was like before). I shared an office with two other interns, and during several code reviews another intern was involved with, there would be "did you check parameters here? potential buffer overflow? what if this is NULL?" And it wasn't even important code he was working on.

Re:Buffer checks

[metlin]

I was not trying to flame MS for their past actions - however Microsoft started out with a fairly clean codebase for both Win2k and WinXP. Given that, it seems bad that such vulnerabilities keep coming up.

I do agree that both Win2k and WinXP are a lot more stable than their predecessors. However, you would think that when you are doing something the second time, you would double-check to make sure that you do not make the same mistakes as you did the first time.

I just feel that this is not happening - and any number of factors could be contributing to it (market, economics, manpower, complexity what not) - but that does not mean you do not take the pains to not do it well. I'm sure Microsoft's trying to take as much care as they can to ensure that this does not happen.

However, despite that, these still seem to be happening. Which is what I find quite baffling - there seems to be a fundamental flaw somewhere in there, and that needs to be taken care of. Which is what I mentioned in my initial posting, too.

Re:Buffer checks

[metlin]

You are right in saying that MS comes from the same Cowboy C Coder Culture (CCCC, ha!), however MS has had a significant amount of time to grow out of it. If twenty five years later they are still doing the same mistakes they did back then (maybe fewer in number, but equally dangerous), there is something wrong.

Fundamentally, yes, you are right in saying that complexity brings such mistakes. However, that's not an excuse to use it as a crutch to release buggy software.

Re:Buffer checks

[glitch23]

"did you check parameters here? potential buffer overflow? what if this is NULL?" And it wasn't even important code he was working on.

Clippy can still be dangerous if he goes unchecked.

It was to be expected...

[lesterchakyn]

You can't install a really big bunch of fixes and expect Windows to run faster!

It has been always this way

Another benchmark test

[Adam9]

Here is another article where they ran different benchmarks on SP2 and SP1. The office productivity test was the one with the biggest difference. The article puts the blame on the new firewall.

They should compare a PC with SP2 and one with SP1 with a third party firewall.

Why-

[thewldisntenuff]

was this even posted at all?

This wasn't even a readable story - just a small synopsis of a story that will be featured in Mobile PC mag next month. There could have been plenty more info, but instead we got two paragraphs.....

OTOH, is an average 9% drop in performance even an issue? I mean, 9% in office apps is nothing....Who needs high performance when typing, making spreadsheets, or even a PowerPoint presentation?

This (once again) illustrates the MS push towards security over performance/compatibility

-thewldisntenuff

Positives and negatives

[Bill_Royle]

I've seen some drag on my system since putting SP2 on, but it's really a double-edged sword.

However, in my experience it's harder now for sites to push ActiveX controls and executables to your PC now, unless you do a bit of tweaking or visit a deliberately malicious site.

Considering the system drag that occurs when the average user installs spyware inadvertently, I'd say the SP2 drag ought to be cancelled out for the time being, as it's a bit harder for spyware to propogate under it.

Re:Of course.

[savagedome]

my internet lagged so bad I had to reinstall Windows Xp. Worked better after that.

Bollocks. Reinstall XP? Did you atleast try removing SP2 to begin with? You could atleast set a system restore point before you do any major upgrade that contains patches and/or including third party drivers.

I am no Windows fan but just trying to make it sensational that you had to reinstall XP from scratch doesn't really do anything. I have installed SP2 pretty much after it was released and have had no problems. (Well, of course some people are going to see glitches considering the size of that damn thing).

And maybe, just maybe, did you think of the possibility that your *P2P* app might be the bugger. Just a thought.

You might be hitting the socket limit..

[bmajik]

One of the changes in SP2 was a rate limiting / queing behavior for the number of current sockets in the SYN/opening state.

In other words, suppose you have an app which tries to open 30 tcp sockets simultaneously. Some of them will get delayed by the OS.

This is to try and thwart the speed of worms or DDoS programs - which very often try and create a zillion tcp connections that never end up connecting.

Unfortuneately, it has the side effect of hurting some p2p apps (like bittorrent) and some web browsing configurations...especially if you've changed the registry value that sets the # of simultaneous socket connections IE will make to the same site. The default is like 3 or 4, but if you upped it to say, 20, and then hit a site that had 30 images all on the same server... it is likely that some of your http requests will get queued until other connect() attempts complete the handshake.

Does it suck that this is affecting some browser and other scenarios ? Yes. The topic is under discussion internally at microsoft.

The _intent_ was to try and slow down the spread of worms/ddos attacks in the event a machine got compromised....a good goal to have i think anyone would agree..

The implementation, however, does have disadvantages

If you decide to try SP2 again, anytime the connecting socket limit is reached, an very specific/obvious event will be logged in the eventlog. If you are experiencing slower network interactive speeds, try looking in the logs to see if you're hitting it.

One mitigation, by the way, is to have a proxy (i.e. squid) on another machine.. that way your handshakes from IE resolve _Very_ fast and your sockets rapidly go from handshake to connected...thus reducing the likelihood of you hitting the queing behavior.

Not a code change.. a compiler flag change..

[bmajik]

specifically, the /GS flag to the VC++ compiler.

The compiler was modified to support automatic stack overflow checking (i.e. canaries). Server 2003 was compiled with this (and as a result, MANY things that are shared-code problems resulting in exploits on other NT based OSes are either ineffective or DoS attacks on Server 2003).

The idea is that /GS compiled binaries will cause the OS to terminate the app rather then letting code execute. The source code generally doesn't need changes.

So, its a defense in depth tactic. Ideally, there'd be no BO's in code. But there are. Terminating the program with an explanation as to why is better than letting people run code on your box. :)

Welcome to Windows upgrades

[coupland]

If you thought SP2 would be a speed upgrade then you also buy the previous lines that Win98, ME, NT4, W2K, XP would make Windows faster than previous versions. Of course these fallacies are based on the assumption that you would install the upgrade on a *newer* PC than their sample set. No Windows update has ever been faster than its predecessors.

Period.

Poll question!

[corsair2112]

If I post an "article" on my 5 megs of webspace provided to me by my ISP denouncing Windows XP saying that installing SP2 will steal my first born and rape my cats, then "create" some benchmarks to prove my point, then submit the article to slashdot, will it make it on the frontpage?

I'll even conclude in the article that running linux will solve world hunger and even do my laundry.

Maybe not faster, but more of the same apps!

[EtherAlchemist]

I found one instance where a fix actually allows you to pirate OTHER software (or at the very least violate otherwise restrictive "one machine at a time" clauses in the EULA).

I installed SP2 and didn't notice any problems at all. Then, I fired up Fireworks which has a little util that sees if other copies using the same license are running on the network (who, me?) and was prompted by Windows telling me that the service had been blocked and did I want to Continue Blocking, Unblock or should it Ask Me Later.

Well, so far, choosing Ask Me Later has enabled (for testing, of course) running multiple copies of single license software when we would not have been able to previously.

Neat! Thanx Bill!

so its come to this.

[JVert]

This should actually be posted in the politics corner. I gotta admit ./ is doing a lot better job at playing politics then certain US canidates. Seriously, a service pack to perform maintence and add some very usefull features. What is the general response? "SP2 broke my edonkey and made my girlfriend (online) break up with me." OH OH! now its slower with certain progams because they switched some compile flags that they should have enabled years ago!

Isn't that how it always is

You can either get your ass kicked by gamers for having a slow machine, or by hackers for having an insecure one.

WINDOWS

[YrWrstNtmr]

...actually HAS business apps.

News Flash!

[Phat_Tony]

XP SP II Can Slow Down Business Aps!

Similar problems have been found with XP SP I, the original XP, along with Windows 2000, 98, ME, CE, 95, and 3.1.

Sheesh, slowdown! That's nothing...

[YE]

...some business apps like Gator even refuse to run!