Optimize XP - A Windows XP Optimization Guide

[GeneralAres]

GeneralAreas: TCP incomplete connection throtteling. Your right, it will not stop any worm. However, it will (in studies by us, HP and others) slow them down. Slammer took about 14 minutes to spread, things would have been much better if this took a couple of hours (or days like CodeRed). So the setting does help

I think your way underestimating this. If you have 10x60 computers infected every minute = 600. In minute two you have 600 computers infecting 360,00 computers and in minute three 360,000 infecting 216,000,000 theoretical. IMO the patch is useless.

 

[GeneralAres]

With your reccomendation there is no safety net. The pagefile cannot be expanded when needed. If the initial size is high enough then the pagefile will not get fragmented anyway as it will not need to be resized, but in the event it needs to be it can.

Hello! With my recommendation the safety net is the EXACT same maximum that Windows XP uses by default.

By your posts here it shows you don;t even have a basic understanding of how Virtual memory works. Also if you would actually look at the source that were provided to you you would realize how pathetic you sound right now.

I take it you never bought the book off Amazon? The definition I am using is legitimate, it does not imply anything more or less.

Like yourself?

Why would I imply myself? Stop acting 15.

 

[KoolDrew]

I think your way underestimating this. If you have 10x60 computers infected every minute = 600. In minute two you have 600 computers infecting 360,00 computers and in minute three 360,000 infecting 216,000,000 theoretical. IMO the patch is useless.

It slows it down so it is not useless and there will be no drawbacks from leaving it alone.

Hello! With my recommendation the safety net is the EXACT same maximum that Windows XP uses by default.

Not is isn't. The maximum is 4GB.

I take it you never bought the book off Amazon?

Know I did not nor do I want to. First it defines Virtual Memory wrong. IT is also a optimization book. OF course a optimization book would incorrectly define the term.

Why would I imply myself? Stop acting 15.

I am 15 and I think you are the one acting a little immature as of right now.

 

[GeneralAres]

It slows it down so it is not useless and there will be no drawbacks from leaving it alone

216,000,000 theoretical infections in under three minutes is "slowing" it down? Now calculate the infection rate of 216,000,000 PC/Servers fully patched and running current AV?

Not is isn't. The maximum is 4GB.

LMAO, are you dense?

Know I did not nor do I want to. First it defines Virtual Memory wrong. IT is also a optimization book. OF course a optimization book would incorrectly define the term.

You nor anyone here is qualified to correct the books definition nor any of the reputable Dictionary Definitions I sited. Therefore using the definition I have is not incorrect nor wrong. You may not like it but it is not wrong.

I am 15 and I think you are the one acting a little immature as of right now.

Give yourself 15 years and look back on this.

 

[KoolDrew]

Give yourself 15 years and look back on this.

Then I would just laugh even harder of how pathetic you are.

 

[bsobel]

Originally posted by: GeneralAres

GeneralAreas: TCP incomplete connection throtteling. Your right, it will not stop any worm. However, it will (in studies by us, HP and others) slow them down. Slammer took about 14 minutes to spread, things would have been much better if this took a couple of hours (or days like CodeRed). So the setting does help

I think your way underestimating this. If you have 10x60 computers infected every minute = 600. In minute two you have 600 computers infecting 360,00 computers and in minute three 360,000 infecting 216,000,000 theoretical. IMO the patch is useless.

Remember, the pooling is only on uncompleted tcp/ip session. The theoretical numbers you post are meaningless as they presume an even and complete distribution of target machines (and that target machines can be multiply infected). If that was the case, the change actually doesn't slow anything down at all.

Sit down and calculate the backbone bandwidth (per second) used by those theoretical 216,000 machines in two cases:

1) Unpatched, each with 10 threads generating 100 random connection attempts per second (so 1000 per second).

2) SP2 machines, where those attempts are queued.

If nothing else (since you, apparently, work for an ISP) your bandwidth requirements are greatly reduced (with slammer, we saw many pipes saturated with traffic [slammer was UDP, but other SP2 changes addressed it, but the concept is the same])

You nor anyone here is qualified to correct the books definition

Err, I am 🙂

Bill

 

[bsobel]

Btw, finally checked the site that started all of this (presumably yours?). Just had to comment that the "Legal Notice - Reproduction of this guide in whole or in part is strictly forbidden. This guide and ALL versions thereof are protected by copyright under the Digital Millennium Copyright Act (DMCA)."

Calling out the DMCA in this instance really doesn't make alot of sense. A good old fashioned (c) 2005 your name (or company name) is what you want to have there. Since you have that at the bottom, you can really drop the second sentence.

Bill

 

[GeneralAres]

Then I would just laugh even harder of how pathetic you are.

At least you stopped using juevenile words like noob and tweaker, I guess I could call that progress. The thing I do not understand is why are you being compassionate towards me?

 

[GeneralAres]

Btw, finally checked the site that started all of this (presumably yours?). Just had to comment that the "Legal Notice - Reproduction of this guide in whole or in part is strictly forbidden. This guide and ALL versions thereof are protected by copyright under the Digital Millennium Copyright Act (DMCA)."

It makes sense that I had to add it so I would stop wasting time sending out legal notices to hosting sites to force sites to remove copies of the guide. I tried just the copyright which has always been there and it did not work.

 

[bsobel]

Originally posted by: GeneralAres
At least you stopped using juevenile words like noob and tweaker, I guess I could call that progress. The thing I do not understand is why are you are being compassionate towards me?

Err, who was that directed towards?
Bill

 

[GeneralAres]

^forgot the quote.

Remember, the pooling is only on uncompleted tcp/ip session. The theoretical numbers you post are meaningless as they presume an even and complete distribution of target machines (and that target machines can be multiply infected). If that was the case, the change actually doesn't slow anything down at all.

Sit down and calculate the backbone bandwidth (per second) used by those theoretical 216,000 machines in two cases:

1) Unpatched, each with 10 threads generating 100 random connection attempts per second (so 1000 per second).

2) SP2 machines, where those attempts are queued.

If nothing else (since you, apparently, work for an ISP) your bandwidth requirements are greatly reduced (with slammer, we saw many pipes saturated with traffic [slammer was UDP, but other SP2 changes addressed it, but the concept is the same])

I don't work for an ISP. The thing with just about all these Viruses is the patches existed in most case for over six months, especially with Slammer. IMO nothing is going to stop the spread of worms/virii until people start keeping up to date on Patches, AV and practice basic security policies. I mean today it is this tomorrow it will be something else.

 

[bsobel]

I don't work for an ISP. The thing with just about all these Viruses is the patches existed in most case for over six months, especially with Slammer. IMO nothing is going to stop the spread of worms/virii until people start keeping up to date on Patches, AV and practice basic security policies. I mean today it is this tomorrow it will be something else.

Oh, (and this is just curiosity), what did you mean by "How many people do you install broadband for on a daily basis? I do about five a week" then? You wind up helping folks with DSL self installs or something else?

I don't disagree with anything you said above regarding AV, patching, and basic security. That said, the world is what it is, and we do have ways to limit the damage the attacks do. Did you calculate the bandwidth savings from the example we are talking about? If nothing else, keeping pipes usable so people can actually download the updates/patches (even if it's after the fact) is worth being able to do.

Bill

 

[spyordie007]

Originally posted by: GeneralAres

GeneralAreas: TCP incomplete connection throtteling. Your right, it will not stop any worm. However, it will (in studies by us, HP and others) slow them down. Slammer took about 14 minutes to spread, things would have been much better if this took a couple of hours (or days like CodeRed). So the setting does help

I think your way underestimating this. If you have 10x60 computers infected every minute = 600. In minute two you have 600 computers infecting 360,00 computers and in minute three 360,000 infecting 216,000,000 theoretical. IMO the patch is useless.

You're misunderstanding how the incomplete TCP connection queue functions.

Let's take a look at how common existing worms would work. The worm on an infected machine will make random attempts to connect to other hosts and drop its payload. The worm does not know if a host it is about to connect to is real or not, it just attempts to make a connection. Lets presume that the worm has been programmed with a 10 second connection timeout; that is it tries to connect to its random target and if it doesn?t get a response in 10 seconds it gives up and goes elsewhere. Now let?s presume that when it connects to a machine it can establish a connection and infect it with the payload in an average of 10 seconds.

If the machine is sitting on a broadband connection and there is no TCP connection queue present it could easily spin 1000 connection attempts. Therefore attempting connections to 6000 hosts per min.

Whereas if we compare it to a machine with a 10 un-established TCP connection queue it drops to 60 hosts per min. That?s 1/100th the growth rate of our non-queued machines.

Now, of the hosts that it attempts to connect let?s presume that 10% of them are available and directly attached to Windows OS computers (not routers, not firewalled, not *nix servers, not part of a big segmented ?A? block and currently powered on because you cant infect a machine that?s turned off 😉 ). If you don?t like my 10% figure that?s fine (after all that I did just make up) bear with me and just keep in mind that as you increase that figure my example would scale exponentially.

If we use the following formula to calculate virus growth ( formula source):
Total infections = Initial infections * rate^time

So if the initial release of the worm is on a single machine than after an hour with our Pre-SP2 machine we have a total of ~ 4.89*10^166 infections (1*600^60).

Whereas with our SP2 machine we have ~ 4.89*10^46 infections (1*6^60).

I realize this is a little long winded. But hope it shows just how much this queue can help to slow down the infections.

 

[CTho9305]

GeneralAres - you continue to say that the SP2 connection queue limit is useless, but you have yet to provide any real information on why it is a bad thing. You first claimed it interfered with some applications, but when I asked you to name one, did not. Do you not have any examples of downsides to the limit?

 

[bigpow]

Thanks OP

🙂

I find it very useful. (after all not all AT members are XP geeks with a thread bashing attitude)

 

[spyordie007]

Originally posted by: bigpow
Thanks OP

🙂

I find it very useful. (after all not all AT members are XP geeks with a thread bashing attitude)

If you read the thread you'll see that we're not bashing. We're just making corrections becuase there is both incorrect information in the guide as well as some generally bad advice.

 

[g8wayrebel]

Originally posted by: CTho9305

And they still are. Virtual Memory Addressing is just that, how Virtual Memory is addressed. Wether it be Hardware or Software. Saying a Page File is not Virtual Memory is nonsense considering it serves no Purpose outside of the Virtual Memory Manager.

No, actually, you can have page files without virtual memory - you just have to manage it in your application instead of having the OS automagically handle it. Before Virtual Memory, if you wanted more space than there was physical memory, you would have to do exactly that. It just so happens that most OSes that take advantage of VM also use pagefiles, because they're a good idea.

quote:
For fun? Lots of people code for fun.

Right <sarcastic smiley>

I do. https://bugzilla.mozilla.org/b....cmu.edu&chfieldto=Now">Here</a> is the list of bugs in Mozilla that I've fixed and am working on fixing. I get no course credit or money for doing these - I happen to enjoy programming. Just because YOU don't enjoy computers enough to learn how the actually work, and program for fun doesn't mean other people don't.

I don't have time to respond to the rest of the incorrect replies here.

All this banter is wonderful. I would appreciate you putting up a link that actually works while you enjoy youself. For the record, I will check it out and try to learn something from it.


BTW,for those that make the argument almost all of the computers I see here(that is quite a few) are without routers or hardware firewall of any kind. Some are without AV until I get to them , and most are without firewalls other than the little bit of protection offered by SP-2. Anti- Spyware /Adware isn't even a consideration.
As far as turning off services goes, most of the people in the real world still go to "Explorer" and delete files they don't think should be on there , so turning off services they don't need would be a laughing stock. You are lucky to get them to update ,let alone have any idea what not to do.

 

[bsobel]

All this banter is wonderful. I would appreciate you putting up a link that actually works while you enjoy youself.

You might want to take a minute and learn how to edit down quotes 😉

 

[udonoogen]

did he disappear? 🙂 this thread was entertaining. the egos of some people really astound me.

 

[CTho9305]

Originally posted by: g8wayrebel

Originally posted by: CTho9305

And they still are. Virtual Memory Addressing is just that, how Virtual Memory is addressed. Wether it be Hardware or Software. Saying a Page File is not Virtual Memory is nonsense considering it serves no Purpose outside of the Virtual Memory Manager.

No, actually, you can have page files without virtual memory - you just have to manage it in your application instead of having the OS automagically handle it. Before Virtual Memory, if you wanted more space than there was physical memory, you would have to do exactly that. It just so happens that most OSes that take advantage of VM also use pagefiles, because they're a good idea.

quote:
For fun? Lots of people code for fun.

Right <sarcastic smiley>

I do. https://bugzilla.mozilla.org/b....cmu.edu&chfieldto=Now">Here</a> is the list of bugs in Mozilla that I've fixed and am working on fixing. I get no course credit or money for doing these - I happen to enjoy programming. Just because YOU don't enjoy computers enough to learn how the actually work, and program for fun doesn't mean other people don't.

I don't have time to respond to the rest of the incorrect replies here.

All this banter is wonderful. I would appreciate you putting up a link that actually works while you enjoy youself. For the record, I will check it out and try to learn something from it.

Fixed link. Fusetalk's linking style is annoying (reverse of HTML).

 

[Terumo]

Originally posted by: GeneralAres
I don't work for an ISP. The thing with just about all these Viruses is the patches existed in most case for over six months, especially with Slammer. IMO nothing is going to stop the spread of worms/virii until people start keeping up to date on Patches, AV and practice basic security policies. I mean today it is this tomorrow it will be something else.

Yeah, and the responsibility is 2 fold. If MS gets the patches out and people don't bother to keep their computer safe, then it's not MS's fault.

I see you've faced the same *nix lovers that did the same on the Firefox thread. Anything to improve Windows they'll be there with a negative.

Thanks for putting up the guide (and remember only 1 in 10 posts, and over 1600 views mean folks are soaking it in). 😉

 

[GeneralAres]

I'll be back, I have life and it was the weekend, also I work so when I get a chance I will respond some more.

We're just making corrections becuase there is both incorrect information in the guide as well as some generally bad advice.

Thats is your opinion, I've defended everything I posted in the guide with sources and facts. The people reading this thread now this. But the scariest thing to you guys I bet is the results. The emails I get are that the guide works.

More to come....

 

[spyordie007]

I've defended everything I posted in the guide with sources and facts

Like a reason to alter the TCP connection queue? :roll:

But the scariest thing to you guys I bet is the results. The emails I get are that the guide works.

Like I already said, a lot of the steps that you have are good advice (windows updates, firewalls, anti-virus, spyware). Those 4 items alone probably address in one way shape or form problems that 90% of the home users out there have had pre SP2.

The problem a lot of us have with the guide is that it includes a couple of bad suggestions as well as some FUD.

 

[Vad3r]

well, I found this thread to be educating and an enjoyable read.
If it matters, I'm 36 years old and I had no idea how VM worked.

As a spectatorer (if u will), I'd say GeneralAres probably put some time and hard work into making his guide. G-Ares didn't like the 1st comment, and is defending it tooth and nail since.
I think your holding onto your quotes from the Microsoft manuals much to tightly. Many members have explained to you where the mistake you made was (in great detail).

It pretty much got to the point it reminded me of the movie "City Slickers" where one is explaining how you can record one channel while viewing another. (discussion, discussion,.....) "enough already, even the cows can program the vcr now".

GeneralAres, some great reading up untill you started attacking opinions/quotes/links based on a guess of the age of a member.
At my age, I guess I should know what it is, and how it works. Well, I didn't, know I think I do now.

Guides such as these do help. Someone posted Antivirus/Firewall software comparison I read last week here on Anand Forums, I am now using both where I never did before. But, I found the comments in topic as helpfull as the "comparison guide".


GeneralAres, I have just one question. Do you feel everyone here is attacking you, or trying to help you understand there side of the fence ?.

From my point of view here, near all are (or were) just trying to help.

Don't hold all you read as the "word of god". I'm sure at some time, a book said "The World is Flat, and thats a FACT". When twenty or more start telling me they were on other side and didn't fall off, I'd start second guessing the book.

 

[KoolDrew]

Thats is your opinion, I've defended everything I posted in the guide with sources and facts. The people reading this thread now this. But the scariest thing to you guys I bet is the results. The emails I get are that the guide works.

Incorrect information is not an opinion. That is fact.