How efficient is your security setup? (comparative contest)

I wouldn't dare to say what happens "usually". A single process can have a lot of the threads, and all of them can have different priority. Process priority is just a default a thread is created with (base priority), but it can be changed before thread is started (if created suspended). So a problem is not in CPU time itself, but rather in a way CPU is utilized. I'd show you real life example where different threads in a process have different priority, but I do not want to be accused in an unfair marketing, so I leave you on your own in this discovery

 

RAM is 2GIG...

CPU is only 1.33Ghz or so.

Cheers,
Josh

 

Yep, but take a look here, this is 2h after reboot and some work with VM.

 

Does someone who use Look'n'Stop FW, could post here their result as a screenshot?

 

I think the results would be more interesting and accurate if the tests where expanded.

-Use before/after scenarios.
-Use synthetic benchmarks
-Use custom tests

So basically:
No Security tests:
-status of the of the Performance tab in the task manager 5 minutes after startup
-status of the of the Performance tab in the task manager 24 hours after startup, all this time idle
-After a fresh reboot run as many test suites as possible(reboot between each, run each 3 times for averaging). things like 3dmark and sandra
-Use the pc for 24 hours, again log the performance tab data

Rerun all the above tests exactly the same but this time with the security application(s) but add the detailed process information of each security application like done in this thread.

Also try run a P2P test, preferebly with 1000's of peers

---------

I think the results will be surprising.

Best case scenario would be near 0% impact on the benchmarks regardless of cpu cycles and ram used by the security application.

Also keep an eye on page-faults, a tell tale sign of an application trying to keep its memory low by pushing all of it to the page file

 

Not sure a vm is a good bet. Specially when comparing numbers.

 

VM is a good bet, I do not see much difference in performance data. It may be CPU time is greater (and this is natural), but memory usage is completely the same. VM is even better, because as a rule it is short on the RAM.

 

How can it be better than the actual, real thing?

 

Real thing ? Do you know, that this "real thing" is just a different kind of VM ?

There is not such a term in computer world as "real thing", all this stuff consists of the virtual things of that or other type. As for VM, (I mean VMWare), it is used all over the world for the testing of any kind except "realtime" thins, but that is to say Windows is not "realtime" OS, so there is not any problem with testing in VM win32/64 based software. I can say even more, many "real" services you can access using the Internet actually live in VMs.

 

While trying to avoid PC philosophy (holly!), just want to say that, indeed, there is no such term in "computer world". Just as there is no "computer world".

 

Computer world is the world where computer technologies work

But let us skip philosophy and stay with the pure technical aspects. Do you have any proof (except feelings) VM differs from "real PC" ? How much did you use VM in your life ? Are you IT person or just a user ?

 

Sure thing!we do have..
A few resources that are still under development are not fully emulated yet by virtual machines..take directX for example,it wasn't emulated until a few months ago and still is only by vmware..also linux since the last time i checked could not use fusion engine under vm's...and i think i have read of more resources..

 

I think this depends on hardware VM can emulate and on the native drivers it has rather than on software limitations. What is wrong if it cannot virtualize advanced video-card ? Yes, this is wrong if you develop or test something videocard dependent, but HIPS is by definition HW-independent thing, so it should (and does) work the same. Let us regard it as P5 computer with a basic VGA video. HIPS still should work the same

 

lemme put it that way...
less emulated stuff>less running stuff>less checked/controlled stuff by arsenal>less resource indications(e.g a slight less ram? )

 

RAM, HDD, number of processors, swap size can be configured. Performance depends on a host computer. This is quite possible that VM on a modern host runs faster than a native system on some outdated computer. But let us return to what we have started from. I posted screenshort where cmdagent took over 50MB. Do you really think if more free RAM was available it would took less RAM for itself ? I didn't notice such behavior from the other programs.

 

http://risl.codename.fi/security.JPG

My realtime with Dr.Web 5.0 and XP Firewall only, total memory usage after 1 hour is a whopping ~11,5mb. I decided to drop any additional real-time protection and rely on my av+updated firefox.

I do have spybot s&d, radix, gmer and rku as some additional on-demand tools.

 

My new setup:
i changed OA to Rising Personal Firewall 2009.

4 hours after turn ON my PC and:

• about 2h browsing (3 separate windows Opera browser with about 15 tabs each).
• Background - 1,5h TV-streaming, 1h radio-streaming BBC.

... really i'm impressed with this FW. It is the one of the lightest fw i have ever had.

 

Take a look at CPU time your System process takes now. 5 mins seems to be too much. It takes more CPU than explorer.exe

 

Yes you right, i think that was because i restored my fresh Windows from image, and then system had to searched ~43updates. After restart i think everything back to normal.

 

That is to say, Windows updates are handled by svchost

 

yes, but doesnt it come from the internet and doesnt the internet traffic move through the FW? is that not why P2P increases system strain? correct me if im wrong on this

 

Yea thats the idea, but win update is just an http download,while p2p can be hundrends/thousands of direct connections transfering small data packets.

 

I run Process Explorer - Sysinternals, and i saw that many processes belongs to System process i.e. svchost (DcomLaunch, DNS client, Rhcp, etc etc) services (like PlugnPlay, EventLog)... so i think it is normal.

 

You are completely right. And which is more, NDIS level FW driver does it job under the System process. So depending on architecture FW processes can show close to zero time, but additional time can be added to the System process. It depends on where and how the network rules are processed.