Compartilhar via

Follow-up on NNNNnnnooooo....!

  • Artigo

I just stepped out to Building 40 to grab some lunch, (it's better than the cafeteria in Building 26, and they do better coffee too) and I bumped into Dennis Morgan, he was the lead guy on the firewall in XPSP2. I asked him what the perf impact was on startup with the firewall enabled. His reply had me grabbing my gut with laughter.

"About 5 msec."

This is a classic example of an article making a claim about performace with few, if any, facts to back up the claim.

:(

Comments

  • Anonymous
    February 25, 2005
    There's so many articles and tweak guides out there that are like that, complaining about how all of these services and background processes use valuable CPU time and system resources. But when you look at Task Manager's total CPU time for some of these, its like 5 seconds over two weeks of system uptime. Sad how so many people don't know what they're talking about.
  • Anonymous
    February 25, 2005
    The comment has been removed
  • Anonymous
    February 25, 2005
    So you're suggesting we publish info like that for customers? Good idea! That probably would have been useful information for PC Magazine, too.

    You know as well as anyone who's reading your blog that the PC Magazine folks just started turning off anything that they could turn off and still have their machine run. They probably didn't measure each footprint delta. They almost certainly didn't time boots with all combinations of services. I don't even know whether someone does that here at MSFT.

    I should also add that PC Magazine's recommendations are FAR saner than some other similar list I have seen on the web that shall not be named. The non-pcmag site was advising people to disable cryptsvc. This disabled Authenticode signature verification. The "interesting" side effect was that all updates (whether auto- or downloaded manually) would fail to install. Bad juju! In comparison, PC Magazine's advice isn't so bad.
  • Anonymous
    February 27, 2005
    Why do people use this phrase? Are they homophobic or just stupid? After reading his post, I'm leaning towards the latter.

    The XP firewall is a good defense in depth mechanism for many folks, and it's better than no firewall. I use it.

    A beta of XP I was using survived DefCon 9's vicious capture the flag network (the only place I ever saw someone trying to compromise my ssh session), so it works in the most hostile network on the planet. Removing it with nLite is just asking for trouble.

    Andrew
  • Anonymous
    February 28, 2005
    The comment has been removed
  • Anonymous
    February 28, 2005
    Don't forget that the host based firewalls like XP's or Sygate, ZoneAlarm, etc filter based on host application not just on port. A HW firewall sitting on the network can't tell if the connection going out on port 80 is from Firefox or a rootkit getting new commands.

    Sygate (others may as well) even is able to go far enough to be able to notify you upon a change in dll's the process has loaded, and prompt for re-authentication. HW firewalls physically cannot do things like this.
  • Anonymous
    February 28, 2005
    Oh NNNNnnnooooo

    1. The ICF doesn't filter outbound!

    2. No pseudo^Wpersonal firewall can seriously block unwanted outbound traffic: if in doubt, send keypress messages to IE or FireFox started in a hidden window.

    3. Any rootkit which deserves it's name will hide before PFWs!
  • Anonymous
    March 03, 2005
    hello...,
    how are you?
    i would like to take a coffe with you but it is a very difficult..., because a am in spain.
    i would like to have a site in internet. My site is miguelangel22.xmark.us but i go to build it the system give me a message error and i can not build it.
    i have to intento go to my site with apache server (maybe) and the system maybe dont give me a message error. i have to intent entry to my site with another server program. perhaps you know another taht server. I would like if you know a other server you say me it. if you can go to my page and help me to build it i an greeting you. now i am not at home. i am in a cibercafe. This night i go to intent build my site when i go home.
    in home i have installed a windows 2003 server trial edition (120 evaluate days) and i have problems with my printer (hp deskjet 720 c) because it dont print. I have called to support service in spain and they have said me that windows 2003 server dont support that printer). Maybe you can help me....
    thanks


    planetdirect22@hotmail.com

    migual angel sequi martinez

    thanks....
  • Anonymous
    May 29, 2009
    PingBack from http://paidsurveyshub.info/story.php?title=michael-howard-s-web-log-follow-up-on-nnnnnnnooooo