SW firewall speed drop :-(

I have a P4 2.53 Ghz machine with Win XP Pro XP2.

With ZA 6.5 installed my max network speed is 4050/920 kbps.

If I uninstall or try from a PC w/o ZA I get 4971/962 kbps (I even get that speed when testing using a WLAN connection).

That is a drop of about 20% in the speed.

Is ZA 6.5 causing this? Is there anything to about this drop?

Are there other versions of ZA that is better? Newer or older?

Is any other software firewall better?

PS! I know some of you don't like software firewalls :-) But if I INSIST on having on, what is the fastest??

Reply to
Lars-Erik Østerud
Loading thread data ...

Obviously.

Remove ZA.

Probably not.

Some may do slightly better, others may do worse, maybe you can even get ZA to give better results by tuning the config. However, all of them will slow down your connection at least to some extent, because they need to inspect the packets, which requires system resources.

If you have Windows XP: the Windows-Firewall.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Congratulations!

Well, seems so.

What should there be about it? Obviously works as expected and designed.

Since the amount of network fuckup is indeterministic, one cannot compare easily.

Hm? I thought your goal was to slow down the network and the computer, that's what these kind of software is supposed to achieve. If you want a fast network, you simply shouldn't install network fuckup software.

Reply to
Sebastian G.

But that can't check outgoing programs? And won't add anything to the HW FW at all, or?

BTW: Found an even worse network hog. The avast! Web Shield Turned it off and the speed raised from 4000 to 4600

Still can't understand why my desktop PC maxes at 4600 (even with ALL AV and FW software uninstalled) when my older slower laptop easily gets 5000. What could it be?

Reply to
Lars-Erik Østerud

Of course not. That would be pointless anyway.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Why should it? Aside from passively opening ports, where this is quite reasonable.

Hm? It's a quite good host-based packet filter, which is a quite good addition to the HW FW that you most likely don't have at all.

Worse? Seems like it did its job quite well: hogging the network.

Ehm... because you totally messed it up with the mentioned software? Because we can't assume that it properly uninstalled?

Reply to
Sebastian G.

Oh it's gone, no traces (even searched for and deleted all ZoneLab files, easy to find). So I don't really think that is the problem.

Need to try a new network cable, and maybe another network card .-)

Reply to
Lars-Erik Østerud

Found IT !!!!

I compared all settings on the two computers, and noticed some services running on mine and not on the other.

So I tested one at a time, and when I disabled the "DNS Client" (local caching of DNS entries) the speed went from 4600 and up to 4970 kpbs.

But why should the DNS client have this huge bad impact on the speed?

Reply to
Lars-Erik Østerud

makes no sense, enabled local dns cache should obviously speed up your surfing experience. i think that was a coincidence, keep testing......

M
Reply to
mak

why ?

Reply to
goarilla

Well, if you access the SAME server it could. But for new DNS addresses it would take (teoretically) a bit longer (must check local DND first).

Anyway, forund out that DNC client is slower than NO DNS client if there are many entries in the HOSTS file for some reason :-/

Reply to
Lars-Erik Østerud

For some reason? The HOSTS file normally contains only one entry...

Reply to
Sebastian G.

Yep, but why does a HUGE hosts file cause a slowdown only when DNS Client is running, not without? One should think that the hosts file needed to be parsed even when the DNC Client is not running?

Some anti ad-ware adds "fake" entries to the hosts file. That prevents accessing those sites from a web-browser (and also blocks cookies, scripts, activexes etc from those sites). But slows down with DND Client running for some reason (no slowdown without DNS Client).

More reading here:

Also,please see the note under the heading Block Spyware/Ad Networks on this page,it has an explanation of why the slowdown can sometimes occur:

formatting link
There is also info about disabling dns client service on this page,with a note about it being intended for home users:
formatting link

Reply to
Lars-Erik Østerud

Because no one ever considered testing such a case?

It gets parsed only once. It's the lookup time that goes up when combining it with the caching.

And doesn't prevent it from accessing any site whose hostname just slightly differs from the listed one. Now, as a badguy, I'd simply let resolve

*.malware.org to the same address and use a randomly generated subdomain. That's why this approach is so utterly stupid: It simply doesn't work.
Reply to
Sebastian G.

But why doesn't the lookup time go up with the DNS client disabled? The "hosts" files is still searched (entries in it still does work).

I find it strange that lookup is slower WITH the DNS client. Weird.

Reply to
Lars-Erik Østerud

Because firewalls can't do that reliably. Whatever Malware you're trying to stop from communicating: it's already running and can thus bypass your measures. The only way to reliably stop malware from communicating is to stop it from being run in the first place. Which is done by Software Restriction Policies or AV software, not personal firewalls.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

That's not weird at all. Just think through what the DNS client does when it receives a request from a program:

  1. look it up in the HOSTS lists. If found, return the entry.
  2. look it up in the cache. If found, return the entry.
  3. query the primary DNS resolver for the entry
  4. return the entry
  5. if the reply was recursive or redirected, check if the entry isn't already on the HOSTS list
  6. store the entry it in the cache

Without the caching:

  1. look it up in the HOSTS lists. If found, return the entry.
  2. query the primary DNS resolver for the entry
  3. return the entry

As you can see, for some code pathes the computitional effort for finding an entry is bigger with caching.

Going through a large HOSTS file is essentially implemented as a linear list search. One could do better, but it's not optimized for the scenario BECAUSE ONLY IDIOTS ABUSE THE HOSTS FILE FOR SOMETHING THAT SHOULD BE DONE WITHIN THE APPLICATION OR AT LEAST AT A PROPER PACKET FILTER.

Reply to
Sebastian G.

If it's completely pointless then why did Mircosoft implement the ability to block outgoing progs in Vista?

Reply to
John Adams

For the sake of completeness, not for security.

And, of course, because users demand it. Microsoft is a corporation, and thus their primary purpose is to make money. Even further, their official corporation motto is "Writing software for making money". Thus, it's their best interests to keep user happy by implementing their suggestions even though they're actually futile, particularly stupid and even pissing off some professional users (like f.e. crippling Raw Sockets on XP SP2, which forced the WinPCap team to use the legacy Win98 sockets support code path for XPSP2).

Reply to
Sebastian G.

Works for me. I get loads of ads blocked thanks to my hosts file. It's not just to help block malware.

Reply to
John Adams

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.