Slashdot Mirror
Inside the Windows Vista Kernel
Reader trparky recommends an article on Technet (which, be warned, is rather chaotically formatted). Mark Russinovich, whose company Winternals Software was recently bought by Microsoft, has published the first of a series of articles on what's new in the Vista kernel. Russinovich writes: "In this issue, I'll look at changes in the areas of processes and threads, and in I/O. Future installments will cover memory management, startup and shutdown, reliability and recovery, and security. The scope of this article comprises changes to the Windows Vista kernel only, specifically Ntoskrnl.exe and its closely associated components. Please remember that there are many other significant changes in Windows Vista that fall outside the kernel proper and therefore won't be covered."
Everytime I read anything about Vista's new features, I hear myself saying "fucking finally" like half a dozen times. Symlinks? Cancelling I/O? These are things other, better operating systems have had for over a decade. Anyone wanna start a pool for when they'll roll out a patent for symlinks?
Classic: multimedia apps take precedence over anti-virus.
Yes, as it should. If the AV activity is a scheduled full system scan, then it can indeed wait those few tenths of seconds extra, as if you're already infected, they won't make any difference. If it's a real time scan on a file you're accessing, then it can definitely wait, as the file won't be opened/executed until the scan has completed anyway.
So what exactly is the problem with giving a multimedia app a higher priority on the processor than your AV software? We're not talking about killing the AV soft, just lowering the priority; it's still running.
they've merely reimplemented nice
You've been able to set process priority through the Task Manager since at least NT4 (the earliest I remember it being available; it may have been in earlier versions too, I just don't remember seeing it personally).
It's official. Most of you are morons.
Black box OS kernels like Windows can really never be disclosed. All you can really do is make some guesses or have an insider reveal some limited details.
For this reason, OS classes in school will be based on Linux,BSD,Minux,or even ReactOS. With all of these, if want to really know how it works, there is the code.
The secret-software-business is quite different that the shared discoveries of the scientific method that works well in education and science.
Historically, the open ones will be the only ones that survive. In 50 years: You want to know how DOS worked in the 1980s? Well, no source is available. But freedos provides a good example of how it worked. You want to know how some random UNIX worked. Well the source to that specific one is not available, but BSD and Linux are a good examples of how it worked. You want to know how Windows-2000 worked? Well, no source code is available, but ReactOS provides a close approximation of how it worked.
That's complete nonsense.
There are basically two options here:
1. Antivirus hooks into the OS, and scans every program BEFORE it gets executed. In that case, the scanner's priority doesn't matter, it gets run before the program starts anyway.
2. You run the antivirus scanning every file on disk, as a normal process. This would be what the priority adjustments affect, but doing things this way you can't really detect a new virus in real time. You can just find it during the scan, and the priority only determines how fast it will proceed when something else wants CPU time.
Unfortunately many programmers seem to misunderstand this. Usually you can give user-interface processes very high priority, even if they are far less important than some of the background processes. Very often user-interface processes consume only limited amounts of processor cycles. When this happens, no matter how high their priority, they will leave plenty of cycles for the other processes.
It doesn't matter if a virus-scanning process gets delayed a few additional seconds, because there's no person waiting for it and getting impatient. It does matter if a web browser or text editor gets delayed, because there is a human waiting for them.
Terrorists can't threaten a country's freedom and democracy. Only lawmakers and voters can do that.
Perhaps you need to learn how AV software works. I said "If it's a real time scan on a file you're accessing, then it can definitely wait, as the file won't be opened/executed until the scan has completed anyway" because any anti-virus software worth using scans every single file you attempt to access before that access takes place. As such, it doesn't matter what the virus claims to be, the AV software will have scanned it before it tells the OS.
The general sequence of events is:
1 user double-clicks a file
2 the AV soft's real-time scanner is invoked to scan it
3a the file is clean, access is granted
3b the file is dirty, access is denied
It doesn't matter how long step 2 takes, or what other apps get to use cycles while it's suspended - it will complete before either of steps 3a or 3b.
It's official. Most of you are morons.
Having symlinks in the Vista kernel is nice and all, but Vista doesn't seem to offer a way to create these in Explorer. Who wants to break open a command line just to create a symlink?
Correct me if I'm wrong, but don't people criticize Linux all the time of a lack of GUI utilities in comparison to Windows? Yet when I drag a file somewhere in KDE, I can just click on "Link Here" and poof, I've got a symlink. Why have I not heard a single complaint about the lack of a user-friendly way to do this in Vista?
Furthermore, you need to have Administrator access (or use Administrator to give yourself the priviledge) to create a symlink, "because not all applications may handle symbolic links correctly". Doesn't this seem broken to anyone? Or at the very least, worrysome?