XP SP2 Can Slow Down Business Apps

An anonymous reader submits "Mobile PC magazine installed XP SP2 on a bunch of notebooks and benchmarked them, finding that SP2 caused a 9-percent performance reduction in business productivity apps. While a couple of notebooks performed better, the majority took a 3- to 22-percent performance hit." For now, the story is just at the top of the Mobile PC website, but they promise more details in an upcoming issue.

Buffer checks

[JanusFury]

This is probably due to them recompiling a large number of libraries and system components with the buffer checking and other security features they added into the recent versions of Visual C++. If you ask me, it's worth it, just to know that my Windows box has a few less wide open holes to be exploited.

It definitely has proven its worth so far - I may be wrong, but I'm pretty sure the reason SP2 isn't vulnerable to that GDI+ JPEG exploit is that they recompiled GDI+ with buffer checks.

Re:Buffer checks

[metlin]

...but I'm pretty sure the reason SP2 isn't vulnerable to that GDI+ JPEG exploit is that they recompiled GDI+ with buffer checks.

Correct me if I'm wrong, but shouldn't this have been done right in the beginning itself?

If I were writing any commercial grade code, especially stuff that I know that people would take advantage of, I would sure as hell make sure that I had all my buffer checks in place.

I've heard so much about the programming practices at Microsoft and what not - and yet, ironically, these things keep cropping up so damn bloody often while some operating systems coded by a bunch of loosely connected hackers are way more robust and stable.
Hmm, makes one wonder.

(Heh, funnily OpenBSD site says - Only one remote hole in the default install, in more than 8 years! - I guess it does say a lot).

I do not understand, I would have thought that despite all the shit that MS gets for writing bad code, they would make sure that their code is largely buffer checked. Now, when you have to release stuff from outside to patch up for those, you would obviously be wasting a lot more cycles than if you had done so in the beginning, and well.

Sheesh. They do not do a good job of making software and cause you inconvenience, then they release something to make up for it, and that causes you even more inconvenience.

Hah.

Re:Buffer checks

[JanusFury]

99 buffer checks don't do you any good if one buffer is missing a check, and that one gets exploited.

That's what their compiler modifications are intended to help with, and from my experience, they help. I do agree that it should have been done sooner, though.

Re:Buffer checks

[metlin]

Uh hmm, your argument is flawed for the simple reason that just because Linux has buggy code, does not excuse Microsoft from writing good code.

And comparing Dennis Ritchie's code with today's code is again flawed - hell, why, given my today's knowledge of Physics and Mathematics that I learn by my twelfth grade, I would have been the most intelligent man alive 400 years ago.

You do not compare with what Dennis did or might have done, you make a reality check with how things are today - there is a fair section of crackers who want to exploit systems, and if you are in the business of writing commercial code, you'd better be darned good at making sure your code is good because customers are *paying* you for it.

I have another issue with MS - they concentrate more on releasing things early than checking the code full before releasing. If this were an isolated issue, I would not have a problem - it is not. And MS has had so many years in the market, so many top-notch programmers AND the resources. If you want to compare, look at OpenBSD - that's an example of OpenSource code done right - with one remote exploit in 8 years.

Linux is still in it's infancy, and for all that it's capable of it, it's quite unfair to compare it with the products of a 20 year old behemoth. If you ask me, Linux is doing a fantastic job of being a top notch enterprise systems in such a short time, when compared to Microsoft. And very few of the people behind it actually make any money of it. Does that not say a lot?

Re:Buffer checks

[omicronish]

Either they are not doing a good job of doing the whole buffer check thing that the guy harped to me about and it was all hogwash to impress upon you how "important" and "hard" coding in MS is, or there is something seriously wrong with the codebase that SO many exploits turn out everyday.

I was an intern at Microsoft this past summer, and I believe it's the shear quantity and perhaps complexity of software being written that's resulting in these bugs. They really do emphasize writing secure code now (I don't know how it was like before). I shared an office with two other interns, and during several code reviews another intern was involved with, there would be "did you check parameters here? potential buffer overflow? what if this is NULL?" And it wasn't even important code he was working on.

It was to be expected...

[lesterchakyn]

You can't install a really big bunch of fixes and expect Windows to run faster!

It has been always this way

You might be hitting the socket limit..

[bmajik]

One of the changes in SP2 was a rate limiting / queing behavior for the number of current sockets in the SYN/opening state.

In other words, suppose you have an app which tries to open 30 tcp sockets simultaneously. Some of them will get delayed by the OS.

This is to try and thwart the speed of worms or DDoS programs - which very often try and create a zillion tcp connections that never end up connecting.

Unfortuneately, it has the side effect of hurting some p2p apps (like bittorrent) and some web browsing configurations...especially if you've changed the registry value that sets the # of simultaneous socket connections IE will make to the same site. The default is like 3 or 4, but if you upped it to say, 20, and then hit a site that had 30 images all on the same server... it is likely that some of your http requests will get queued until other connect() attempts complete the handshake.

Does it suck that this is affecting some browser and other scenarios ? Yes. The topic is under discussion internally at microsoft.

The _intent_ was to try and slow down the spread of worms/ddos attacks in the event a machine got compromised....a good goal to have i think anyone would agree..

The implementation, however, does have disadvantages

If you decide to try SP2 again, anytime the connecting socket limit is reached, an very specific/obvious event will be logged in the eventlog. If you are experiencing slower network interactive speeds, try looking in the logs to see if you're hitting it.

One mitigation, by the way, is to have a proxy (i.e. squid) on another machine.. that way your handshakes from IE resolve _Very_ fast and your sockets rapidly go from handshake to connected...thus reducing the likelihood of you hitting the queing behavior.

Not a code change.. a compiler flag change..

[bmajik]

specifically, the /GS flag to the VC++ compiler.

The compiler was modified to support automatic stack overflow checking (i.e. canaries). Server 2003 was compiled with this (and as a result, MANY things that are shared-code problems resulting in exploits on other NT based OSes are either ineffective or DoS attacks on Server 2003).

The idea is that /GS compiled binaries will cause the OS to terminate the app rather then letting code execute. The source code generally doesn't need changes.

So, its a defense in depth tactic. Ideally, there'd be no BO's in code. But there are. Terminating the program with an explanation as to why is better than letting people run code on your box. :)

so its come to this.

[JVert]

This should actually be posted in the politics corner. I gotta admit ./ is doing a lot better job at playing politics then certain US canidates. Seriously, a service pack to perform maintence and add some very usefull features. What is the general response? "SP2 broke my edonkey and made my girlfriend (online) break up with me." OH OH! now its slower with certain progams because they switched some compile flags that they should have enabled years ago!

Isn't that how it always is

You can either get your ass kicked by gamers for having a slow machine, or by hackers for having an insecure one.