How efficient is your security setup? (comparative contest)

Did you try OA recently, is i still CPU intensive on P2P?
I noticed that, but on a much older release. They must have fixed it, no?

 

IS the code (of the Av part) 32 bits or 64 bits (FW/HIPS was one of the first 64 bits programs)

 

The Av part have been compatible with 64 bit vista for a while now! And the 3.8 version hopefully to be released tomorrow is compatible as well.

But feels like a bit off topic this..
Maby best to keep it to the comparisons..

 

This starts to get interesting

For one I'd like to know how you are going to estimate and manage the memory used by the mapped system dlls, by RTL ? Are you going to subtract it from the "pure" memory or not ? For two I'd like to say that yes, there is no need to have it "all the time" to perform functionality, but for "performance sake" this is definitely better to have it in a working set than virtualized, and to have it virtualized is better than to have it not allocated at all. For three I'd like to know how are you going to estimate the resources pushed to the other processes ? And finally a system itself. If your driver uses system threads their resources are added to System process. The same relates to NDIS filters. How are you going to estimate it ?

After you answer these four questions we can come closer to the figures.

I get it from my 30 years coding experience. Yes, sure, you can free memory, but there is a lot of memory (state tables, rule tables, caches, indexes for a fast sorting) it is better not to free.

This is well known, to perform faster you need more RAM.

Just a simple example. To calculate CRC you need to have a table. The table can be static and initialized and can be dynamic and calculated on demand. There is nothing in the middle. You should pick one of the two options, to sacrifice either RAM or performance. The same implies almost to every algorythm, especially to an algorythm optimized for a performance.

 

I suppose, it all comes down on how someone defines CPU intensive. I 've tried one of the betas (i think the 3.xx.14, that is the first version i saw that fixes the problem with Emule) and it was as usually constantly 1-3% of CPU. Which, for some might be ok, but, not for me, when some other firewalls don't sweat at all.

For the rest, Creer posted 2 screenshots of OA's CPU time, without p2p (just surfing or surfing and streaming). Now, imagine that CPU time, with 150 connections at the same time instead of a couple.

In CPU Time with p2p, going from the lightest to the heaviest, on my pc, things go more or less like this: Kerio 2=Ghostwall > Rising Free > Ashampoo Free > PC Tools Firewall >/= Comodo >> ZA > OA >> Outpost >/= Sygate.

For me, from ZA and on, begins the "unacceptable" zone. Just think that i bought the lifetime license of Outpost and i don't run it, because of that.

 

Indeed, but it's only one computer. I do remember being one of the heavy fw's on Emule, but .. you know

 

Well, OA is fine, it's just me that i am paranoid about CPU Time. I mean, as matter of principle almost, i can't stand the idea that always background applications, eat considerable CPU time. I mean, if you saw my 5 hours up screenshot, it's full of "zeros" and that's the way i like it.

Right now i don't have p2p on, but it would make little difference (the firewalls up to Comodo, don't increase noticebly their cpu consumption in p2p). See all the avg CPu consumption?

http://img519.imageshack.us/img519/2154/87906511hi8.png

You can ignore the 5.99% it's fastone screencapture, to take the screenshot. Only Opera is above 2%.

The most CPU intensive setup i have tried was under p2p, with Outpost and DW. I mean, Emule eats on its own 3-4% of the CPU. Outpost was spiking all the time 2-7% , DW was spiking 1-8% (i was also browsing). If you added all that, you have every few seconds up to almost 20% of the CPU for just 3 programs. Then add the antivirus.

At the end, things add up. Emule, i can't change it. But the rest, i can. Because, if you take as acceptable 2% for the browser, 2% for the AV, 2% for a firewall, 2% for BB, 2 % for some other 3rd party applications that run at startup, they add up to at least 10%. And since my CPU is 3800x2 AMD, there are situations in multitasking (watching HD movie while in p2p and burning dvd or AV scanning or x264 encoding) that i can use 10% of my CPU for not having much slowdown.

Everyone has his quirks. Some people judge an application as "light" only by looking at RAM. Personally i have 1,6 GB free physical RAM right now, so i don't care. Looking at RAM, is for me, surpassed as criterion. I look at CPU Time and i am paranoid about it. There are so many security solutions out there, that i find no point in "sacrificing" my CPU time.

 

Iam hungry..

Actually visualized is faster than to have it in the "working set" sometimes.
At least it will be lighter on the user until something resource heavy is required, having a lot of memory ready that comes to no use will only slow things down for all other applications and will make the user feel like the program slows down the computer.

When a resource intense thing such as a scan for viruses, or you get attacked with a lot of packages (ddos) then allocate 50-100 MB memory will sure be a bit slower than to already have it there, but its a quick process and will probably in most cases not be noticed at all.

I will not try to defend the way comodo has solved this.

It uses very little memory and you may be right that it somehow hides and uses more memory but most if not all users "feels" how light the new beta is.

I believe comodo already proved that a hips can use less than 8-20 MB normally, So I will not try to prove them right once again until you prove them wrong.

oh sorry for that, congratulations to your career! , agree that there is some memory you can't free, comodo sure uses some static stuff, but very little, thats why it has a small memory footprint.

Correct, thats why its memory usage go up when scanning for viruses. To make the scan fast!

excactly, almost to every algorithm

 

Do you have enabled Cool&Quiet AMD Technology?
I ask you about this because i also have AMD processor - x2 5000+ (2600MHz) and i noticed that when C&Q is ON (CPU frequency = 1000MHz) then all my CPU usage in Windows Task Manager is about ~18-26%, but when C&Q turn OFF then CPU usage is ~3-8% max.

 

Now is lower than first time when i opened My Doc

 

No, i have disabled it in BIOS and haven't even installed the driver in Windows. My CPU core, is a fortunate - by accident - "EE", meaning energy efficient one, and practically runs all the time at the nominal 2000 Mhz speed, at 1,10 Volts. So why use Cool N quiet at that point, that would put VCore to 1,45 in order to run at 2000 MHz... I save on the electricity bill and i also have my CPU always running at its max capacity and cooler than it i had Cool N Quiet. So in my case, using "Cool N quiet" would actually be "Hot and expensive".

Needless to say, that i have manually set the VCore in BIOS to 1,1 to achieve this. The funniest thing is that i bought it as "normal" SK939 and not as EE.



And runs perfectly stable at 1,1 (prime 95, S&M, games, all fine).

 

I have only run Cool N Quiet for a few days (before i realised what golden core i had), but my guess is this for Cool N quiet:

- When the core runs at the low CNQ speed, at low volt, your Core speed lowers (in my case it runs at 1 Ghz instead of 2Ghz). So, your apps, take bigger percentage of the CPU power when that is running at low frequency.

- When for any reason, CNQ throttles the CPU frequency at top capacity (which also occurs if you disable CNQ all together), the same applications will be eating a lower percentage of the - NEW - core frequency.

To say as example, the same apps that take 10% of 1Ghz (low Cool N Quiet speed), will be taking 5% of 2Ghz (high CNQ speed).

That's why i imagine, your CPU use varies so much.

 

Wow, really nice result! so you under-volting your CPU, i never tried this i have only C&Q Technology ON which monitors system operation and automatically adjusts cpu voltage and frequency for a cool and quiet operating environment. It means in my case - cpu voltage is lower when c'n'q is on (1.1.V @ 1GHz, normally is ~1.31V @ 2.6GHz)

Exactly

 

Yes, theoretically i am undervolting it and shouldn't boot at all or crash continuously. But i have a "rare" core. With Cool N Quiet on, it was automatically running at 1000MhZ@1.1V and 2000Mhz@1.4V (in bios, it was taking about 1,42 actually).

But, i made it run at 2000Mhz@1.1V. Which is almost a miracle!

Look at this:
http://en.wikipedia.org/wiki/List_of_AMD_Athlon_64_microprocessors

Officially, my CPU is this: Toledo:
Athlon 64 X2 3800+ 2000 MHz 2 x 512 KiB 1000 MHz 10x 1.30-1.35 V 89 W Socket 939


But, in reality, it behaves more like the AM2 Windsor "EE" in voltage:

Athlon 64 X2 3800+ 2000 MHz 2 x 512 KiB 1000 MHz 10x 1.025/1.075 V 35 W Socket AM2


Basically, i have a CPU core that shouldn't exist! It runs rock stable downvolted by 0.20-0.25V compared to official specs.


You can try to lower the voltage and see if it holds the stability. If you see BSODs, reboots, or not booting, bring it back to the "normal" voltage.

 

Guys, this thread is about "how efficient is your security setup", but not "how energy efficient is your core CPU". Lets stay on topic.

 

Sorry Ilya, you are right... we need to create a new thread

 

Proved ? By what fact ? If you mean TM shows 4mb of a workig set this proves nothing. I still do not see virtual memory usage. And again, theoretically, with the known means, hooking application can distribute its resources between all the processes in a system, so to prove anything the first thing to prove is to prove this is not the case.

 

Just installed the latest CIS. CmdAgent takes ~4 MB of a working set and 25Mb of virtual memory. This is right after login. After I have started ProcessExplorer virtual memory increased to 27.5 MB.

And if you believe ProcessExplorer it shows:

7 MB - working set
27.5 MB - private bytes
106 MB - virtual size

So, where do you see 4MB of RAM ? I see 27.5 MB on a clean VM with only ProcessExplorer started.

BTW. 4 to 25 and 7 to 27.5 is a very bad ratio, it definitely causes unnecesary slowdown when seeking for and remapping the pages missed in a working set.
They'd better increase working set to 10 -12 MB. But then they will not look that impressive to the noobs

 

Hi Kees.

Here is the info you asked for, After browsing for an hour, Browsing with full Comodo Internet Security 3.8 Beta 2:

 

And really... I dunno why, people aren't sticking to this thread. This is about Memory Usage & CPU Time. So I will stick with CPU Time & Memory Usage. Not people bashing because a product has more VM Size or whatever.

Cheers,
Josh

 

Pretty d@m efficient with the exception i still harbor a suspicion over MBR infectors as well as file infector.

Yeah, it's simple enough to restore over a punk junk distractor like those, but i'm looking for something that can head them off at the pass right at the moment their getting ready to sink their teeth in either the MBR or enter a file to scramble up it's code making it useless.

Any Ideas?

Markymoo has the anser on doing a quick fix when bit by an MBR infector, but what bugs me is what if they fashion something to immediately re-infect the MBR the moment it's restored?

File Infectors are my worse nightmare if you ever played with them. Some are unrecoverable from an attack.

EASTER

 

THX

The minimal number of I/O reads are impressive, total CPU time is 6 secs, what is your CPU and RAM for my reference?

 

Comodo's CPU time, even under emule, is very low. Mine is entry level dual core but shows a more than acceptable cpu time.

 

Here's my current setup with Comodo 3.5.x.439. Actually since i installed it today and was tinkering it, the CPU Time is higher than if i had rebooted and left it alone.

And this is during p2p too (2 hours on):

 

We are talking about memory usage, but you are talking about the figures you even cannot explain what do they mean. Can you ? Do you understand that the column in TM which shows "Memory" actually means working set which is just a part of total memory and can be set to any value using SetProcessWorkingSetSize(GetCurrentProcess(), XX, YY). And if you set XX == YY = 1024 Kb then TM will show ~1024 Kb despite of what memory process actually takes. The rest of the memory is just pushed out to (depends on task manager you use) either Virtual memory (in case of Windows TM) or Private bytes (if you use ProcessExplorer, for example). You need not be a computer genius to use this trick, every noob can do it. And when you say "Comodo uses 4 MB" or "Comodo uses 1 MB" this is nothing but BS.

And what I'm saying is not bashing, but not letting the people who are not tech and can be easily misled to be fooled. As I said in the very beginning "some sneaky programmers use this trick to fool their users to believe their programs are low on memory". And now we see this is the case of Comodo.