windows defender issues? & other AV issues?
Richard Gaskin
ambassador at fourthworld.com
Mon Jan 7 20:59:07 EST 2019
J. Landman Gay wrote:
> I'm willing to bet that any slowdown in the SE not related to AV
> intervention is probably the new auto-complete features. I've
> turned most of them off and I see no speed decrease.
Same here. But since the LC IDE is written in LCS, anything it does to
trigger this widely-documented issue with Win Defender will sooner or
later show itself in at least some of our apps.
They key question is: which language features are most affected?
A Test
-------
Given the nature of AV, it seemed file I/O would be a likely candidate,
but to pin that down for sure I dug up a test script that touches a wide
range of LCS features, running it with both Defender's Real-Time
Protection (RTP) on, and then off.
The script was the last of a series of general performance assessment
scripts started by Malte back in 2014, during the early v8 series. Many
of the elements identified through the various contributions in that
forum thread helped point the way to dramatic increases in
frequently-used operations like lineoffset, file I/O, and others. There
are many good test suites out there, including some from Mark Talluto,
Curry, and others. Many may have similar breadth; I chose this one
because I'm familiar with the specifics of its scope:
https://forums.livecode.com/viewtopic.php?f=67&t=22072&p=135950#p135752
I modified the script only slightly so that it runs in the GUI LC rather
than LiveCode Server, and with both RTP on and off.
Findings
--------
Here are the results:
RTP ON
System Version: Win32 NT 10.0
--
Test_BuildList: 187 ms
Test_LineOffset: 3741 ms
Test_LineAccessByNumber: 642 ms
Test_LineAccessForEach: 36 ms
Test_ArraySplit: 95 ms
Test_EncodeArray: 90 ms
Test_DecodeArray: 114 ms
Test_ArrayAccess: 60 ms
Test_Merge: 1409 ms
Test_BuildFilePath: 505 ms
Test_FileTextWrite: 6869 ms
Test_FileTextRead: 192 ms
Test_FileBinWrite: 9017 ms
Test_FileBinRead: 74 ms
RTP OFF
System Version: Win32 NT 10.0
--
Test_BuildList: 192 ms
Test_LineOffset: 4012 ms
Test_LineAccessByNumber: 719 ms
Test_LineAccessForEach: 39 ms
Test_ArraySplit: 99 ms
Test_EncodeArray: 113 ms
Test_DecodeArray: 143 ms
Test_ArrayAccess: 76 ms
Test_Merge: 1609 ms
Test_BuildFilePath: 579 ms
Test_FileTextWrite: 515 ms
Test_FileTextRead: 186 ms
Test_FileBinWrite: 376 ms
Test_FileBinRead: 74 ms
Most tests are close enough that any differences can be accounted for
with expectable fluctuations in general system performance due to the
effects of background tasks.
But writing files - damn! Now I understand what the reporters in the
forums have been talking about.
The magnitude of the speed hit makes me wonder exactly what RTP is doing
- detailed analysis of the file I/O buffer?
Whatever it is, it's worth thinking about in terms of how it will affect
our own apps.
Implications for Our Own Apps
-----------------------------
The LC executable is signed, so while that may mitigate other AV issues,
apparently that has no effect with the impact of file I/O ops on RTP.
The auto-complete feature you mentioned here seems very relevant for all
of us, because IIRC they use SQLite for that, where the driver's need to
jump around the b-tree structure can trigger a fair bit of disk I/O.
Even with those off, I would imagine that if you have the Dictionary tab
open in the SE you'd see a similar impact, since Dict lookups are made
as the selection changes.
If there's any good news here, it's that there doesn't appear to be
anything the team can do in the engine to avoid triggering RTP's impact.
But the bad news may impact many of us: With apparently all disk writes
affected, any use of a persistent local store will take a hit.
This includes not only flat files, but databases like SQLite.
Reading appears to have minimal impact, but while that won't affect flat
files, some DBs may modify bits of some DB files when performing even
read operations, so we can't completely rule out impact on what we think
of as read-only DB operations.
Dealing With RTP
----------------
As a paranoid security freak, I can't in good conscience recommend to
end-users to turn of any feature of their security kit.
But on balance, it's worth noting that other AV packages do not seem to
impact storage performance this horribly, if at all. And many of the
more popular alternatives are generally considered better than Windows
Defender.
So while it seems a bit heavy-handed to tell customers which AV package
to use, Microsoft's unusually aggressive approach to monitoring writes
is impactful, and from the many stories with other apps we can find
around the web, sometimes seriously.
Maybe this is one more reason to move everything to the cloud, to end
the tyrrany of overzealously monitored local disk I/O. :)
I honestly don't have the quick-fix answer that will keep our customers
happy with disk-intensive apps.
Sugggestions?
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
Ambassador at FourthWorld.com http://www.FourthWorld.com
More information about the use-livecode
mailing list