SW firewall speed drop :-( - Firewalls

This is a discussion on SW firewall speed drop :-( - Firewalls ; I have a P4 2.53 Ghz machine with Win XP Pro XP2. With ZA 6.5 installed my max network speed is 4050/920 kbps. If I uninstall or try from a PC w/o ZA I get 4971/962 kbps (I even get ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 34

Thread: SW firewall speed drop :-(

  1. SW firewall speed drop :-(

    I have a P4 2.53 Ghz machine with Win XP Pro XP2.

    With ZA 6.5 installed my max network speed is 4050/920 kbps.

    If I uninstall or try from a PC w/o ZA I get 4971/962 kbps
    (I even get that speed when testing using a WLAN connection).

    That is a drop of about 20% in the speed.

    Is ZA 6.5 causing this?
    Is there anything to about this drop?

    Are there other versions of ZA that is better?
    Newer or older?

    Is any other software firewall better?

    PS! I know some of you don't like software firewalls :-)
    But if I INSIST on having on, what is the fastest??
    --
    Lars-Erik - http://www.osterud.name - ICQ 7297605
    WinXP, Asus P4PE, 2.53GHz, 1GB, MSI 7600GS, SB-Live

  2. Re: SW firewall speed drop :-(

    Lars-Erik Østerud <.@.> wrote:
    > With ZA 6.5 installed my max network speed is 4050/920 kbps.
    >
    > If I uninstall or try from a PC w/o ZA I get 4971/962 kbps
    > (I even get that speed when testing using a WLAN connection).
    >
    > That is a drop of about 20% in the speed.
    >
    > Is ZA 6.5 causing this?


    Obviously.

    > Is there anything to about this drop?


    Remove ZA.

    > Are there other versions of ZA that is better?
    > Newer or older?


    Probably not.

    > Is any other software firewall better?


    Some may do slightly better, others may do worse, maybe you can even get
    ZA to give better results by tuning the config. However, all of them
    will slow down your connection at least to some extent, because they
    need to inspect the packets, which requires system resources.

    > PS! I know some of you don't like software firewalls :-)
    > But if I INSIST on having on, what is the fastest??


    If you have Windows XP: the Windows-Firewall.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  3. Re: SW firewall speed drop :-(

    Lars-Erik Østerud wrote:

    > I have a P4 2.53 Ghz machine with Win XP Pro XP2.
    >
    > With ZA 6.5 installed my max network speed is 4050/920 kbps.
    >
    > If I uninstall or try from a PC w/o ZA I get 4971/962 kbps
    > (I even get that speed when testing using a WLAN connection).
    >
    > That is a drop of about 20% in the speed.



    Congratulations!

    > Is ZA 6.5 causing this?



    Well, seems so.

    > Is there anything to about this drop?



    What should there be about it? Obviously works as expected and designed.


    > Are there other versions of ZA that is better?
    > Newer or older?
    > Is any other software firewall better?



    Since the amount of network ****up is indeterministic, one cannot compare
    easily.

    > PS! I know some of you don't like software firewalls :-)
    > But if I INSIST on having on, what is the fastest??



    Hm? I thought your goal was to slow down the network and the computer,
    that's what these kind of software is supposed to achieve.
    If you want a fast network, you simply shouldn't install network ****up
    software.

  4. Re: SW firewall speed drop :-(

    > If you have Windows XP: the Windows-Firewall.

    But that can't check outgoing programs?
    And won't add anything to the HW FW at all, or?

    BTW: Found an even worse network hog. The avast! Web Shield
    Turned it off and the speed raised from 4000 to 4600

    Still can't understand why my desktop PC maxes at 4600
    (even with ALL AV and FW software uninstalled) when my
    older slower laptop easily gets 5000. What could it be?
    --
    Lars-Erik - http://www.osterud.name - ICQ 7297605

  5. Re: SW firewall speed drop :-(

    Lars-Erik Østerud <.@.> wrote:
    >> If you have Windows XP: the Windows-Firewall.

    >
    > But that can't check outgoing programs?


    Of course not. That would be pointless anyway.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  6. Re: SW firewall speed drop :-(

    Lars-Erik Østerud wrote:

    >> If you have Windows XP: the Windows-Firewall.

    >
    > But that can't check outgoing programs?



    Why should it? Aside from passively opening ports, where this is quite
    reasonable.

    > And won't add anything to the HW FW at all, or?



    Hm? It's a quite good host-based packet filter, which is a quite good
    addition to the HW FW that you most likely don't have at all.

    > BTW: Found an even worse network hog. The avast! Web Shield
    > Turned it off and the speed raised from 4000 to 4600



    Worse? Seems like it did its job quite well: hogging the network.

    > Still can't understand why my desktop PC maxes at 4600
    > (even with ALL AV and FW software uninstalled) when my
    > older slower laptop easily gets 5000. What could it be?



    Ehm... because you totally messed it up with the mentioned software? Because
    we can't assume that it properly uninstalled?

  7. Re: SW firewall speed drop :-(

    Sebastian G. wrote:

    > Ehm... because you totally messed it up with the mentioned software? Because
    > we can't assume that it properly uninstalled?


    Oh it's gone, no traces (even searched for and deleted all ZoneLab
    files, easy to find). So I don't really think that is the problem.

    Need to try a new network cable, and maybe another network card .-)
    --
    Lars-Erik - http://www.osterud.name - ICQ 7297605

  8. Re: SW firewall speed drop :-(

    Found IT !!!!

    I compared all settings on the two computers, and noticed some
    services running on mine and not on the other.

    So I tested one at a time, and when I disabled the "DNS Client" (local
    caching of DNS entries) the speed went from 4600 and up to 4970 kpbs.

    But why should the DNS client have this huge bad impact on the speed?
    --
    Lars-Erik - http://www.osterud.name - ICQ 7297605

  9. Re: SW firewall speed drop :-(

    Lars-Erik Østerud wrote:
    > Found IT !!!!
    >
    > So I tested one at a time, and when I disabled the "DNS Client" (local
    > caching of DNS entries) the speed went from 4600 and up to 4970 kpbs.
    >

    makes no sense,
    enabled local dns cache should obviously speed up your surfing experience.
    i think that was a coincidence, keep testing......

    M

  10. Re: SW firewall speed drop :-(

    Ansgar -59cobalt- Wiechers wrote:
    > Lars-Erik Østerud <.@.> wrote:
    >>> If you have Windows XP: the Windows-Firewall.

    >> But that can't check outgoing programs?

    >
    > Of course not. That would be pointless anyway.


    why ?

    >
    > cu
    > 59cobalt


  11. Re: SW firewall speed drop :-(

    mak wrote:

    > enabled local dns cache should obviously speed up your surfing experience.
    > i think that was a coincidence, keep testing......


    Well, if you access the SAME server it could. But for new DNS
    addresses it would take (teoretically) a bit longer (must check local
    DND first).

    Anyway, forund out that DNC client is slower than NO DNS client if
    there are many entries in the HOSTS file for some reason :-/
    --
    Lars-Erik - http://www.osterud.name - ICQ 7297605

  12. Re: SW firewall speed drop :-(

    Lars-Erik Østerud wrote:


    > Anyway, forund out that DNC client is slower than NO DNS client if
    > there are many entries in the HOSTS file for some reason :-/



    For some reason? The HOSTS file normally contains only one entry...

  13. Re: SW firewall speed drop :-(

    > > Anyway, forund out that DNC client is slower than NO DNS client if
    > > there are many entries in the HOSTS file for some reason :-/

    >
    > For some reason? The HOSTS file normally contains only one entry...


    Yep, but why does a HUGE hosts file cause a slowdown only when DNS
    Client is running, not without? One should think that the hosts file
    needed to be parsed even when the DNC Client is not running?

    Some anti ad-ware adds "fake" entries to the hosts file. That prevents
    accessing those sites from a web-browser (and also blocks cookies,
    scripts, activexes etc from those sites). But slows down with DND
    Client running for some reason (no slowdown without DNS Client).

    More reading here:

    Also,please see the note under the heading Block Spyware/Ad Networks
    on this page,it has an explanation of why the slowdown can sometimes
    occur:
    http://www.bleepingcomputer.com/tuto...utorial51.html

    There is also info about disabling dns client service on this
    page,with a note about it being intended for home users:
    http://www.mvps.org/winhelp2002/hosts.htm
    --
    Lars-Erik - http://www.osterud.name - ICQ 7297605

  14. Re: SW firewall speed drop :-(

    Lars-Erik Østerud wrote:

    >>> Anyway, forund out that DNC client is slower than NO DNS client if
    >>> there are many entries in the HOSTS file for some reason :-/

    >> For some reason? The HOSTS file normally contains only one entry...

    >
    > Yep, but why does a HUGE hosts file cause a slowdown only when DNS
    > Client is running, not without?



    Because no one ever considered testing such a case?

    > One should think that the hosts file
    > needed to be parsed even when the DNC Client is not running?



    It gets parsed only once. It's the lookup time that goes up when combining
    it with the caching.

    > Some anti ad-ware adds "fake" entries to the hosts file. That prevents
    > accessing those sites from a web-browser (and also blocks cookies,
    > scripts, activexes etc from those sites).



    And doesn't prevent it from accessing any site whose hostname just slightly
    differs from the listed one. Now, as a badguy, I'd simply let resolve
    *.malware.org to the same address and use a randomly generated subdomain.
    That's why this approach is so utterly stupid: It simply doesn't work.

  15. Re: SW firewall speed drop :-(

    Sebastian G. wrote:

    > It gets parsed only once. It's the lookup time that goes up when combining
    > it with the caching.


    But why doesn't the lookup time go up with the DNS client disabled?
    The "hosts" files is still searched (entries in it still does work).

    I find it strange that lookup is slower WITH the DNS client. Weird.
    --
    Lars-Erik - http://www.osterud.name - ICQ 7297605

  16. Re: SW firewall speed drop :-(

    goarilla <"kevin DOT paulus AT skynet DOT be"> wrote:
    > Ansgar -59cobalt- Wiechers wrote:
    >> Lars-Erik Østerud <.@.> wrote:
    >>>> If you have Windows XP: the Windows-Firewall.
    >>>
    >>> But that can't check outgoing programs?

    >>
    >> Of course not. That would be pointless anyway.

    >
    > why ?


    Because firewalls can't do that reliably. Whatever Malware you're trying
    to stop from communicating: it's already running and can thus bypass
    your measures. The only way to reliably stop malware from communicating
    is to stop it from being run in the first place. Which is done by
    Software Restriction Policies or AV software, not personal firewalls.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  17. Re: SW firewall speed drop :-(

    Lars-Erik Østerud wrote:

    > Sebastian G. wrote:
    >
    >> It gets parsed only once. It's the lookup time that goes up when combining
    >> it with the caching.

    >
    > But why doesn't the lookup time go up with the DNS client disabled?
    > The "hosts" files is still searched (entries in it still does work).
    >
    > I find it strange that lookup is slower WITH the DNS client. Weird.



    That's not weird at all. Just think through what the DNS client does when it
    receives a request from a program:

    1. look it up in the HOSTS lists. If found, return the entry.
    2. look it up in the cache. If found, return the entry.
    3. query the primary DNS resolver for the entry
    4. return the entry
    5. if the reply was recursive or redirected, check if the entry isn't
    already on the HOSTS list
    6. store the entry it in the cache

    Without the caching:

    1. look it up in the HOSTS lists. If found, return the entry.
    2. query the primary DNS resolver for the entry
    3. return the entry

    As you can see, for some code pathes the computitional effort for finding an
    entry is bigger with caching.

    Going through a large HOSTS file is essentially implemented as a linear list
    search. One could do better, but it's not optimized for the scenario BECAUSE
    ONLY IDIOTS ABUSE THE HOSTS FILE FOR SOMETHING THAT SHOULD BE DONE WITHIN
    THE APPLICATION OR AT LEAST AT A PROPER PACKET FILTER.

  18. Re: SW firewall speed drop :-(

    Ansgar -59cobalt- Wiechers wrote:

    > Of course not. That would be pointless anyway.
    >
    > cu
    > 59cobalt


    If it's completely pointless then why did Mircosoft implement the
    ability to block outgoing progs in Vista?



  19. Re: SW firewall speed drop :-(

    Sebastian G. wrote:
    >It simply
    > doesn't work.


    Works for me. I get loads of ads blocked thanks to my hosts file. It's
    not just to help block malware.

  20. Re: SW firewall speed drop :-(

    Sebastian G. wrote:

    > Going through a large HOSTS file is essentially implemented as a linear
    > list search. One could do better, but it's not optimized for the
    > scenario BECAUSE ONLY IDIOTS ABUSE THE HOSTS FILE FOR SOMETHING THAT
    > SHOULD BE DONE WITHIN THE APPLICATION OR AT LEAST AT A PROPER PACKET
    > FILTER.


    I do it at the application level too but the hosts file is a fallback.
    What is a "proper" packet filter? Being an idiot is more fun than being
    an arrogant kraut ****wit.

+ Reply to Thread
Page 1 of 2 1 2 LastLast