How efficient is your security setup? (comparative contest)

Hm, and why are you impressed with ioreads ? You'd better ask about page faults.

 

For PE fans :


Must be the antivirus part of Comodo that makes it sneaky. Cause in my setup (with no AV) is as sneaky as most out there.

Opera is far more sneaky.

@ Creer. Could you tell me in your screenshot what the 5th and 6th columns are in english? (mem use and VM?)

https://www.wilderssecurity.com/attachment.php?attachmentid=206246&d=1234131742

 

Not Creer, but here is an English view of the Vista Task Manager information that should be east to correlate.

 

Sure,

5th - Memory Usage
6th - Peak Memory Usage

 

Ah, makes sense. I was curious about the AVG figures and thought there was something i was missing. Peak usage makes more sense.

Thanks Sded, i hadn't realised it's the Vista task manager. It appears Creer has changed 1 column.

 

Vista has added a lot more selectable columns in Task Manager, so you can roll your own display.

 

I see... There is definitely an improvement over XP's task manager. Also i see they decided to enhance the use of terms. For example, the XP task manager, names "VM size" the "private bytes". Vista's use of terms is more clear.

 

That is to say Opera is a specific software, it actually uses a lot of memory, but since you cannot see all the opened tabs at once it can painlessly free its working set when you stick with one of them. On the opposite, most of the memory HIPS uses can be referenced in any upredictable moment (it doesn't depend on user that much, it depends on all the other processes activity, including background activity), so reducing working set leads to an extra system work to remap the memory pages. Also, when analizing memory usage it is important to see how the figures change in time. In different moments you can get very different pictures. If you carefully look at all the pictures posted here about the same processes you'll see, they differ much.

 

Yes, but on my installation i think Comodo is behaving like a good boy.

I 've been running non stop with emule for 6 hours, don't see much change in Comodo.

Yes, because it also depends on their OS (Vista has different memory management) and their available RAM, as well as pagefile settings. Maybe that's why for some Comodo is sneaky, while for others isn't.

 

This well may be

What I try to say is "in a general case this is very tricky task to analize memory usage" and "do not make conclusions until you clearly understand the tech background of the figures and have enough of them"

This is 3xist who made me crazy with his "4 MB". When I see such irresponsible statements I go crazy, sorry for this

 

Granted, the 4MB is only a part of the memory that is used.

So, 3xist made a "statement" based on only one parameter. However, your stance on Comodo, was also unbalanced IMHO. Calling them sneaky etc. I haven't a VM so i don't know how exactly it operates. But , as you say, at the end becomes more complicated to analyse the RAM usage. So, your statement that the programmers of Comodo are sneaky, is IMHO unbalanced too. Based on a run on a VM. I run Comodo from time to time for months now and i can't complain about it. There is somekind of increased system lag, as happens with most HIPS products that use multiple hooks, but that's to expect. But CPU wise and memory wise, i haven't seen anything weird. While i can't say the same for emule for example, which has a memory leak over time, with private bytes slowly climbing. So, either Comodo is sneaky, or it is in deed more difficult to analyse and thus one should be more cautious before making the final statement of either "Comodo runs only on 4MB" or "Comodo is sneaky by unloading on private bytes the memory, so to appear on low working set".

So, pardon me to say this, but you should try Comodo without VM and then see what happens. You could also specify your OS, RAM and pagefile settings. (i have a friend running XP with 3+GB which has disabled page file completely. You can imagine the implications in memory use. I am against this, but i use fixed size page file and i also have "light" startup RAM use and 2GB. Someone with 1GB may force Windows to increase use of virtual memory).

 

Wouldn't it be simpler (maybe less fun ) to stop arguing about whose dog has the biggest balls and just ask a Comodo user to please run a Vista map of Comodo without AV like the one shown for OA? It still doesn't say anything about who is better, since time-memory trades are architecture dependent, but at least might give a rough idea of where the products ended up in their trades. And maybe throw in a few other products. I am not a Windows programmer but these same trades have been going on since the dark ages of computing and often come up with different (correct) answers depending on your goals. I will stipulate that all of the products use well qualified computer scientests/software engineers. And that there is actually some architecturing and tradeoffs going on. I can run the other OA memory numbers if anyone cares, but don't have Comodo. And I'll even throw in the numbers for Prevx Edge by rolling down the TM display. And someone can do the same for XP with Process Explorer. But currently most of us seem to have lots of memory and worry about time, so efficiency is At least that might help the arguing move on.

 

I use VM for very long I can say for sure it doesn't affect memory usage data. At least the same OA version shows very close figures in VM and on my lovely lappy with 4GB of RAM. And no, I will hardly install Comodo on my real machine, for to do this I need to unistall something I do not want to

I'm not sure about pagefile value, but on the test VM it is set to "system managed". I think pagefile is rather about swapping, than about memory map in a process. As for "sneaky" ... you cannot decline that some people was fooled by a small size of a working set, so in a way it was misleading. And I'm inclined to think this was made intentionally (taking in accound most people only see this figure in TM by default), because for actual performance +/- 10 MB is not a problem at all, and even more, when a working set is disbalanced with a total memory process takes, it results in unnecessary CPU overhead (though, not for the process in question, but for a system process and csrss, which is Windows memory manager).

 

Well, i don't have ever used VM, but i have often used Comodo and my screenshot, doesn't show anything out of the ordinary compared with the other processes that run... So, on my system, for some reason, it doesn't have the behaviour displayed on your VM. On my PC it has more or less a 1:1 ratio between working set/private bytes, which is what most processes have in the same screenshot. So, at best, Comodo sometimes uses sneaky tactics, but in some others, it doesn't.

Let me guess... You run OA and that's the one "you don't want to uninstall"? (please surprise me and tell me you 're not using OA! ).

Personally, i MUST decline, since on my PC, the 2 Comodo processes have the same working set/private bytes ratio, as most other processes. If i accept that Comodo is on purpose using small working set, because a roughly equal size or memory is unloaded on private bytes, by looking at my Process Explorer, i must say that the same sneaky tactic is followed by most of my other processes, Microsoft included.

I mean, i have:

cpf.exe working set: 9MB, private bytes: 14,5 MB and
cmdagent.exe working set: 10MB, private bytes: 8 MB.

I don't see where's the big trick. The values that YOU refer from your VM, granted, could support your thesis. But mine don't. You want to say just because you 're suspicious that they shoud maintain a perfect 1:1 ratio? Fine, it shoud have been on my PC:

cpf.exe working set 11,5 MB, private : 11,5 MB
cmdagent.exe working 9 MB, private : 9MB.

So they managed to trick me by "hiding" what... 3,5MB (wow!) from the working set. I hope they didn't sweat much.

But, i have noticed (in your post history) that you have a particular "attention" about Comodo's matters, so i don't intend to transform this into a "how efficient is your Comodo"?

To each, his own conclusions.

 

One reservation on the above, for 1)the AV (as i said, i don't run it) and 2) the v 3.8 (which is beta and i haven't used).

For the 3.5.x.439 w/o AV, that i use, i see no "trick". For the future, we will see. Although it is probable that i will be sticking with this version for a long time, as i don't like the "Threatcast" thing and i suspect with introduction of new features, there will be new bugs. While the .439 is very stable on my PC.

 

You are right. May be they took this tactic only recently ?

No sirprise. I'm sure OA is the best tool out there and I'm proud to use it and to help in development by betatesting and sharing my experience

I do not see any trick here, 1:2 and even 1:3 ratio is acceptable. But what version do you use ?

You are right. I have some valid reasons to pay attention to Comodo. But the same is true for many people. Let us take 3xist, for example. He is definitely paying much more attention to Comodo

 

I don't know or how one can define "recently". The point is, if it's a common practice, why is it Comodo the sneaky one?

And you do well. OA is excellent product.

The latest (3.5.X.439).

http://img24.imageshack.us/img24/2484/49104027yu1.png

See, that's why i can't speak that i see a sneaky tactic. Here it's not even 1: 1,5. On cmdagent.exe the ratio is even "penalizing" the working set. Now why on your VM gives ratios of 4:1 i don't know (I could only make hypothesis about variables).

3Xist uses Comodo and is a Comodo forum moderator. It's only natural...

 

Out of curiocity, since you use OA, please do post the working set/private bytes of the 4 OA processes.

 

i coudnt even install it here but thats ok defensewall(very soon)and sandboxie have outbound protection buddy

 

You can't install it because there is currently a known conflict between OA and DW . But OA is in beta, so maybe this will be fixed for the next stable release and so you will be able to install it.

Defensewall with outbound control will be a very interesting application. I mean, already is, but with outbound control, one could drop his firewall alltogether.

 

ahhhh no wonder

 

Ah, i see you already knew. Well, i said it just in case you didn't, cause in that case you may have wondered if it was Sandboxie to cause the problem.

 

no sandboxie at the time i tried to install it sandboxie was not in the house this war may be between defensewall and online armor then

 

Recently does mean "in more recent versions"

And yes, this practice is common, but not that common you try to show. For example my TM shows 92 processes, but not just a single one shows 4MB of a working set having 25MB of virtual memory used. And yes, in some specific cases when allocated memory is not frequently used, this practice helps to optimize system performance in general, but this is not the case with security where evey byte should be used in the most optimal way (just because security is involved in too many system events).

I also use Comodo from time to time. Should I also become Comodo forum moderator to have a right to pay attention to it ?

 

No probs. OAhlp is a process to handle popups, so it is idleing most of the time (this is about ratio in memory figures). This is right after login. Will post another picture in an hour