←back to thread

Windows NT on 600MHz machine opens apps instantly. What happened?

(twitter.com)
752 points dceddia | 3 comments | 23 Jun 23 14:02 UTC | HN request time: 0.842s | source
Show context
dataflow ◴[23 Jun 23 14:54 UTC] No.36447655[source]
I'm gonna guess here that the biggest chunk is the antivirus. Turning off Windows Defender's protection(s) should give the first visible speed boost, if that's what you prefer.

Another big chunk of this likely happened when they hardened the graphics subsystem for security. Win32 user calls are unbelievably expensive nowadays. SendMessage etc. have a ton of overhead.

Another chunk is likely the sheer number of expensive DLLs that need to be loaded and initialized with most apps. For example, IIRC, the moment you load COM or WinSock DLLs, your app stops loading snappily. Pretty much anything will load COM even without intending to.

Another chunk is IMM - the ctfmon process you love, for multi-language/keyboard support. ImmDisable(0) can make loading a bit snappier, but then good luck with keyboard switching and the like. It uses window hooks, which are slow Win32 calls as mentioned.

People think it's just a matter of writing plain Win32, but that's not the whole story, although it certainly helps compared to more heavyweight frameworks.

replies(3): >>36448448 #>>36449276 #>>36452190 #
hellotomyrars ◴[23 Jun 23 16:42 UTC] No.36449276[source]
The AV stuff is huge. It’s always why windows Windows 8 era PCs were maybe the most brutally slow.

SSDs mitigate those issues but it is so painful to run things on mechanical drives, a lot of which is down to the antivirus processes. The practical realities have changed.

(Also things being snappy and fast I don’t think is a common memory of people when the machines the author is writing about were contemporary. The world of software is much bigger than notepad and cmd.exe)

replies(2): >>36450283 #>>36454133 #
1. arsome ◴[24 Jun 23 00:34 UTC] No.36454133[source]
It's interesting too because AV feels somewhat less useful than ever - we're not in the days of common worms flying around the internet anymore, we're in the days of script kiddies using commercial "FUD packers" to bypass most AV scanners with their password and token stealers so they can resell the accounts.

Tools like that are basically hit-and-run and they don't need to stick around to do lasting damage.

replies(1): >>36456169 #
2. simooooo ◴[24 Jun 23 06:34 UTC] No.36456169[source]
Yes a lot of them don’t stick around, so the only real solution is to bear the cost of real-time AV scanning
replies(1): >>36488910 #
3. arsome ◴[27 Jun 23 04:27 UTC] No.36488910[source]
Real-time AV scanning is useless against even a cheap (<$10) packer though. Sure, they'll update their definitions and find it eventually, but if it doesn't have a definition for it now, having a definition for it later simply doesn't matter, the damage is done. I'd argue you're actually better to run it through something like VirusTotal where they'll have a larger assessment from many scanners and sandboxing tools to increase the odds of catching something compared to real-time scans with 1 AV.