←back to thread

Windows NT on 600MHz machine opens apps instantly. What happened?

(twitter.com)
752 points dceddia | 6 comments | 23 Jun 23 14:02 UTC | HN request time: 1.741s | source | bottom
Show context
dataflow ◴[23 Jun 23 14:54 UTC] No.36447655[source]
I'm gonna guess here that the biggest chunk is the antivirus. Turning off Windows Defender's protection(s) should give the first visible speed boost, if that's what you prefer.

Another big chunk of this likely happened when they hardened the graphics subsystem for security. Win32 user calls are unbelievably expensive nowadays. SendMessage etc. have a ton of overhead.

Another chunk is likely the sheer number of expensive DLLs that need to be loaded and initialized with most apps. For example, IIRC, the moment you load COM or WinSock DLLs, your app stops loading snappily. Pretty much anything will load COM even without intending to.

Another chunk is IMM - the ctfmon process you love, for multi-language/keyboard support. ImmDisable(0) can make loading a bit snappier, but then good luck with keyboard switching and the like. It uses window hooks, which are slow Win32 calls as mentioned.

People think it's just a matter of writing plain Win32, but that's not the whole story, although it certainly helps compared to more heavyweight frameworks.

replies(3): >>36448448 #>>36449276 #>>36452190 #
1. hellotomyrars ◴[23 Jun 23 16:42 UTC] No.36449276[source]
The AV stuff is huge. It’s always why windows Windows 8 era PCs were maybe the most brutally slow.

SSDs mitigate those issues but it is so painful to run things on mechanical drives, a lot of which is down to the antivirus processes. The practical realities have changed.

(Also things being snappy and fast I don’t think is a common memory of people when the machines the author is writing about were contemporary. The world of software is much bigger than notepad and cmd.exe)

replies(2): >>36450283 #>>36454133 #
2. bamfly ◴[23 Jun 23 18:05 UTC] No.36450283[source]
> The AV stuff is huge. It’s always why windows Windows 8 era PCs were maybe the most brutally slow.

IIRC Win8's also the first Windows I found unusable on spinning rust. Part of it may have been AV, but things like opening the start menu had significantly worse delays there than on a flash disk. It seems like they'd simply disregarded all development/design discipline about disk I/O, across the OS.

... which, you keep doing that everywhere, lots of devs making lazy choices to just grab this from disk here or just write a little data synchronously there, and it'll add up to non-negligible delay, even on a flash disk. And it'll make an HDD craaaawl. Which is exactly what happened.

replies(1): >>36461641 #
3. arsome ◴[24 Jun 23 00:34 UTC] No.36454133[source]
It's interesting too because AV feels somewhat less useful than ever - we're not in the days of common worms flying around the internet anymore, we're in the days of script kiddies using commercial "FUD packers" to bypass most AV scanners with their password and token stealers so they can resell the accounts.

Tools like that are basically hit-and-run and they don't need to stick around to do lasting damage.

replies(1): >>36456169 #
4. simooooo ◴[24 Jun 23 06:34 UTC] No.36456169[source]
Yes a lot of them don’t stick around, so the only real solution is to bear the cost of real-time AV scanning
replies(1): >>36488910 #
5. hellotomyrars ◴[24 Jun 23 18:56 UTC] No.36461641[source]
Yes. It’s a combination of those factors for sure. There are just so many more constant disk hits from 8 and on, and a good deal of them are from Defender. I do PC service and repair on the side and tossing in a cheap SSD makes most people happy because the drive being slammed was the only thing “wrong” with their computer.

Thankfully we’re largely past that.

That said, I rarely see malware on most of the machines I touch. I get more calls about automatically fullscreened browser windows with scare text and a phone number to call than any actual software problems.

Defender does work well enough for any average person and I’m happy if only because the vast majority of AV software is sold in the most disgusting way. Just as bad as the malware scare tactics honestly.

6. arsome ◴[27 Jun 23 04:27 UTC] No.36488910{3}[source]
Real-time AV scanning is useless against even a cheap (<$10) packer though. Sure, they'll update their definitions and find it eventually, but if it doesn't have a definition for it now, having a definition for it later simply doesn't matter, the damage is done. I'd argue you're actually better to run it through something like VirusTotal where they'll have a larger assessment from many scanners and sandboxing tools to increase the odds of catching something compared to real-time scans with 1 AV.