[HN Gopher] Firefox engineers discover a Windows Defender bug th... ___________________________________________________________________ Firefox engineers discover a Windows Defender bug that causes high CPU usage Author : mconley Score : 336 points Date : 2023-04-05 18:48 UTC (4 hours ago) (HTM) web link (bugzilla.mozilla.org) (TXT) w3m dump (bugzilla.mozilla.org) | SpaceManNabs wrote: | I knew I wasn't hallucinating about windows defender. | Osiris wrote: | It used to be possible to disable real-time protection but know | it's not. The UI toggle is only for a limited time and the Group | Policy option doesn't work anymore. | consumer451 wrote: | Random thought: | | I am not sure what the at-scale energy use reduction of this bug | fix will be, but... | | If I had a pile of money I would consider creating a special bug | bounty style program for energy use reduction. | | This might be a very efficient way to reduce carbon output from | personal and data center computing. | howinteresting wrote: | I agree. Windows Defender and Gatekeeper on macOS both have | pathological performance characteristics in some cases -- $$$ | should act as a good incentive to figure them out. | JoeAltmaier wrote: | Funny how that sort of thing can work out. I was involved in an | industrial optimization company years ago. Microsoft came out | with power-save features in their new release. | | The staff at a metal-recycling company we were installing at, | started complaining that the furnace would stop optimizing | overnight. We investigated. | | The controller computer would go into power-save mode, which | suspended our control app. So the furnace would just sit there | wasting power and burning up electrodes. | | I calculated that during that week our furnace site wasted more | power than all the power saved in America that year with power- | save mode. | | It would literally have been better if _they 'd never invented | power save mode_. | | So be careful how much fiddling around we do. The law of | unintended consequences will bite you in the butt every time. | wizofaus wrote: | > It would literally have been better if they'd never | invented power save mode. | | Only if you considered the purpose of power-saving mode to | reduce total energy usage, vs to reduce amount of power (and | consequent wear & tear) an individual machine uses. However | that MS would release a feature like that which automatically | kicks in on upgrade without any sort of consideration of what | the machine was used for - it could be running life-support | systems! - seems an issue. But I'd also expect a fair bit | more diligence on behalf of engineers responsible for | monitoring and maintaining systems that need 24x7 uptime. | dylan604 wrote: | >it could be running life-support systems! | | i shudder at the thought that a critical piece of life- | support anything would be running a windows based OS. | throitallaway wrote: | https://www.youtube.com/watch?v=Uh64nPT7JWk | ChuckNorris89 wrote: | _> it could be running life-support systems! _ | | Life support systems don't run windows. And if you're | running consumer windows on anything critical, you fucked | up. | muststopmyths wrote: | Or... the controller app could be written to prevent | suspension via available APIs. If that wasn't an option, you | could turn off power saving mode on the computer as well. | JoeAltmaier wrote: | Power save was a new thing. We were all learning. | Dalewyn wrote: | >So be careful how much fiddling around we do. The law of | unintended consequences will bite you in the butt every time. | | Also known as: If it ain't broke, don't fix it. | depereo wrote: | I found a large company was publishing windows server | templates to its private cloud clients with power saving mode | enabled. | | The issue I was originally investigating was SQL timeouts; | turned out the virtual servers were putting their virtual | nics to sleep. | paulryanrogers wrote: | Isn't this more a failing of the operator: using a consumer | grade OS for an industrial case? | throitallaway wrote: | I cringe whenever I see a BSOD or other usage of Windows on | appliances in public. There are such better options | available. | ChuckNorris89 wrote: | _> There are such better options available._ | | Meh, I see Ubuntu black screens in public appliances as | well. | JoeAltmaier wrote: | Such distinctions were not so available back then. | jacquesm wrote: | Absolutely they were. Plenty of real time options since | the 80's. | jacquesm wrote: | Worse: a consumer grade OS with a reputation for blue | screens and random reboots, remote updates and other | niceties that you _really_ don 't want when you're | controlling real world hardware. | dijit wrote: | be very careful what you define as "consumer grade", | microsoft officially positions variants of windows as | professional, industrial and enterprise grade. | | Linux as she is written comes with no warranty of anything, | it is much more "consumer grade" than those variants of | windows. | | I think even enterprise linux does not come with support | for industrial applications. | | (I say this as a huge proponent of Linux supremacy) | RcouF1uZ4gsC wrote: | Is Windows Defender even worth enabling? | | It eats up a lot of CPU. It doesn't seem like much help in a | default update enabled system where you are using a regular user | account instead of an administrator account. | | In addition, anti-virus and real time scanning is itself | potential surface area for an exploit (for example a few years | back there was an exploit based on Norton antivirus email | scanner). | bobsmooth wrote: | Enable it on your parents PC but you shouldn't need it. | Dalewyn wrote: | Yes. | | It uses next to no system resources (issues like this aside), | it integrates perfectly with Windows (it comes from Microsoft, | after all), it's reasonably effective (to the chagrin of AV | vendors the world over), and it isn't intrusive. | lapsis_beeftech wrote: | Windows Defender is worse than nothing but in recent versions | of Windows it is enabled by default, very difficult to disable, | and may get re-enabled at any future software update. | Narishma wrote: | I don't think you can disable it anymore in recent versions of | Windows unless you install another AV software. | zokier wrote: | Getting rid of Defender is one of the best reasons to buy 3rd | party AV. | ChuckNorris89 wrote: | 3rd party AV is worse than defender | Strom wrote: | You can disable it. First you have to disable the tamper | protection and real time protection in the GUI. Now the real | time protection will come back automatically in some time, | unless you do the following. | | If you have a Pro version of Windows there is a group policy | setting for it. [1] | | If you have Home, you can achieve the same effect by manually | tweaking the registry. [2] | | -- | | [1] Computer Configuration > Administrative Templates > | Windows Components > Windows Defender Antivirus > Real-time | Protection | | [2] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real- | Time Protection\"DisableRealtimeMonitoring"=dword:00000001 | Strom wrote: | How many threats has it detected for you? I ran it for a decade | or so and it caught exactly zero, so then I decided to disable | it, because it makes file system access about 5-10x slower than | it can be on my NVMe drive. Not bandwidth, but I/O syscalls. So | things like node_modules become a real pain. | ivanmontillam wrote: | I've experienced a bug related to the on-disk real-time scanning | of Windows Defender, but instead with 100% disk bandwidth usage | for unreasonable amounts of time. | | I purchased a license of a proper antivirus software to avoid | that bug and the performance issues gone away. | | When you install another AV software, Windows Defender steps down | and leaves scanning to the 3rd-party security solution. I | selected one of the most lightweight ones I could find. It has | been a net win for me. | | One shouldn't need to do this, but it has worked so far, for | years now. | Cthulhu_ wrote: | > I purchased a license of a proper antivirus software | | Which is that? For years (and come to think of it, this goes | back to the 2000's or even 90's), AV / antimalware software | comes across as scareware, using tricks to ensure you're afraid | of not having it. | | And second, who here has ever had a virus in the past ten | years? | zokier wrote: | There are some performance benchmarks for AV products: | | https://www.av-comparatives.org/tests/performance-test- | octob... | | https://www.av-test.org/en/antivirus/home- | windows/windows-10... (less useful..) | | AV comparatives has some other tests also that might be of | interest to HNers: | | https://www.av-comparatives.org/tests/uninstallation- | test-20... | | https://www.av-comparatives.org/tests/false-alarm-test- | septe... (reason why you might not want to pick the fastest | product..) | jacobsenscott wrote: | I agree AV software is essentially useless malware, but as to | "who here has ever had a virus..." - well - the botnets are | running somewhere. | wizofaus wrote: | Indeed, I wouldn't install anything from McAfee if you paid | me too, given the way it automatically installs itself along | with various other unrelated applications and the number of | phishing emails claiming to be from McAfee (which presumably | exist because their creator is aware of how often McAfee | itself pushes similar messages out). | | I can't actually remember the last time any anti-malware | software (built-in or otherwise) actually detected anything | like a traditional virus, but there are plenty of computer | users who are rather more trusting of links (including ones | that download executables) in emails and the like. I don't | doubt if I used a machine with all protection turned off and | with the level of caution of a typical non-technical user | it'd be hit with malware sooner or later. Most likely a | browser plugin capable of reading passwords as I type them | etc. | ivanmontillam wrote: | > Which is that? | | I purchased a license of ESET Internet Security, and full | disclosure: back in early 2017, I worked at an ESET-licensed | reseller as a Presales and Support Engineer, so I know how to | fine-tune it and all the ins and outs. | | By nature, it's very lightweight (330 Mb RAM footprint), but | you can fine-tune it even more if you want. | | > And second, who here has ever had a virus in the past ten | years? | | We the people at HN are tech-savvy and of course will not get | infected, but recently I spotted malware out-in-the-wild via | Facebook Ads[0]. | | Your usual grandma/grandpa using the computer to connect with | loved ones and play Candy Crush Saga _will_ get infected, if | they are not by now. | | Some people tell me: "bUt tHaT'S BeCaUsE ThEy aRe vIsItInG | WeIrD SiTeS," well, even if you stick to the common social | media sites and usual news sites, you _will_ get infected. | | I cannot emphasize this enough, but you're responsible of | your own computer so I will not proselytize you into | purchasing AV software. | | -- | | [0]: | https://twitter.com/IvanMontillaM/status/1604308301579051009 | Dalewyn wrote: | >Some people tell me: "bUt tHaT'S BeCaUsE ThEy aRe vIsItInG | WeIrD SiTeS," well, even if you stick to the common social | media sites and usual news sites, you will get infected. | | I recall reading a study a few years back saying how it's | safer to browse porn sites than it is to browse what most | would call "common" sites such as retailers. | [deleted] | ivanmontillam wrote: | Interesting, my assumption would be that porn sites must | clean themselves from that malware-ish reputation, | whereas "common" sites with low-end ad networks don't | have it (but they are prone to gain it, because of | careless/negligent ad bidder verification). | Arrath wrote: | > I've experienced a bug related to the on-disk real-time | scanning of Windows Defender, but instead with 100% disk | bandwidth usage for unreasonable amounts of time. | | Sophos does this on my work laptop with depressing regularity. | At this point I just go grab coffee when the fans max out, | cause I know the disk is similarly pegged and it'll be about as | snappy as a bogged down Windows 98 machine until it finishes. | miyuru wrote: | I stopped using windows and moved to Fedora and Mac when I | faced the same issue you faced. Cannot trust windows after | shipping this perf bug and the modern standby bug. | nabakin wrote: | A bug pending for 5 years, wow | bdcp wrote: | TL;DR? | boredumb wrote: | Firefox engineers discovered a Windows Defender bug that causes | high CPU usage. | ape4 wrote: | "This problem has two sides: Microsoft was doing a lot of | useless computations upon each event; and we are generating a | lot of events. The combination is explosive. Now that | Microsoft has done their part of the job (comment 82), we | need to reduce our dependency to VirtualProtect. Bug 1822650 | in particular will help with that." | nier wrote: | Firefox engineers discovered a bug in Windows Defender that | causes high CPU usage. | dakial1 wrote: | [flagged] | nvrspyx wrote: | It was also fixed with a definition update in Windows Defender | some time last month, so you probably have the update since | these happen in the background and don't require any restart. | You can check by going to: | C:\ProgramData\Microsoft\Windows Defender\Definition | Updates\{BUNCH-OF-NUMBERS} | | Right click `mpengine.dll`, choose Properties, click Details | tab, and check to see if Product Version is >= 1.1.20200.3. | Mine is 1.1.20200.4 and was updated in mid/late March. If the | version is less than 1.1.20200.3, you can manually trigger a | definitions update in Windows Defender under Virus & Threat | Protection. | marcodiego wrote: | > a ~75% CPU usage reduction was noted when browsing YouTube in | Firefox | | I wonder how many of the people who say "Firefox is significantly | slower than chrome" are using windows... On my computer, Firefox | IS slower than chrome but (with ad blockers enabled) by an | insignificant amount. By still being "the last remaining mostly | independent, maintained and reasonably popular browser" I'd | prefer it to use over chrome even if it is a bit slower. | | Of course, ms is no longer the "old micro$oft" but their history | on how they handle competitor browsers makes one think how much | interest they could have in investigating and fixing such a bug. | | My takeaway is: prefer independent software as much as you can. | boringuser2 wrote: | Firefox is significantly slower than chrome. | | This usually doesn't matter, but you can immediately see it in | any page that | | A) has a massive DOM | | or | | B) uses complex regular expressions that eat up the engine | stkdump wrote: | I've read that a number of times now, but I have trouble | matching it to my perceptions. Can you point to a specific | website where you notice that slowness and then describe what | action is slower? (Initial load, clicking stuff, scrolling, | etc.) | | Just as an example, loading jslinux.org for me in Firefox is | about twice as fast than in Chrome. That might be a special | case of course, because it is a very special type of workload | that probably is not common on other websites. But I would | love to see concrete examples of the opposite. | 0000000000100 wrote: | WebGL / Canvas heavy sites are typically significantly | slower in Firefox compared to Chrome. Google Maps is a | pretty good example of this. | tomrod wrote: | To be fair though, Google maps is an awful beast on any | browser compared to older versions. | crooked-v wrote: | Put 10,000 or so event handlers with their own DOM updates | on a page. Chrome will run it smoothly (taking up a huge | amount of RAM in the process), Firefox won't. | cptskippy wrote: | What is the definition of huge amount of RAM? How does | Chrome perform when it's RAM constricted? Are we blaming | Firefox for poorly designed websites? | | It feels like this is a straw man constructed to bash | Firefox, rather than a real world scenario. | crooked-v wrote: | Extremely poorly-optimized websites are far more common | these days than even mildly performant ones. | SketchySeaBeast wrote: | Do you have an example of one with 10,000 event handlers? | If the case where Firefox falls isn't real it doesn't | matter that other sites suck (not arguing that fact). | jldl805 wrote: | That's not a specific site though. | [deleted] | kevingadd wrote: | For our benchmark suites at work, Firefox and Chrome | generally trade back and forth on who's faster. It's not a | consistent 'chrome is fastest'. I'm sure there are specific | websites where Chrome dominates but I've yet to see any | evidence that we're still in the bad old days where Firefox | was orders of magnitude slower on important stuff. | bayindirh wrote: | Firefox is slower than Chrome if and only if your DNS is not | responding as fast. When backed by a performant DNS server, | Firefox is generally faster than Chrome. | | Don't ask me how I know it. | Cthulhu_ wrote: | Both of which are more issues with the website than the | browser, imo. | rascul wrote: | I just ran a test at https://browserbench.org/Speedometer2.1/ | | Firefox scored 89.5 +-1.7 | | Chromium scored 87.3 +-2.9 | | I guess that means Firefox did faster for those tests. I don't | use Chrome or Chromium based browsers in general so I don't | know how they compare in "feel". | | I am on Linux. | Karellen wrote: | 79.3+-0.92 for me in Epiphany/Gnome Web | | Which is a lot better than I was expecting compared to | Firefox/Chromium. | zamadatix wrote: | 80-90s feels low in general, my phone gets +300 on that. | Maybe some funky CPU powersave interfering with the runs? | SketchySeaBeast wrote: | Hmmm, that seems like it's going to be super situational. It | hit 160 +- 1.9 in Firefox, 236 +- 5.2 in Chrome. So results | are all over the map. | someNameIG wrote: | On my base M1 MacBook Air FireFox is noticeably slower than | Chrome/Edge/Safari. | guelo wrote: | Strange, I have the same laptop on a fast network and I can't | tell the difference. | pjmlp wrote: | Firefox is slower than Chrome regardless of the OS. | jandrese wrote: | I have definitely noticed my laptop fans spinning up whenever I | do Youtube on Firefox on Windows. I just figured the GPU | acceleration was broken, but this makes sense. Certainly not | the first time Windows Defender has consumed extraordinary | amounts of system resources for simple tasks. | dylan604 wrote: | I've noticed that AWS Console will spin up the fans on my MBP | running Firefox, specifically on the EC2 screen. None of the | other Console screens spin up the fans like that. Viewing | about:performance always shows the AWS tab running full tilt | to the point I've jokingly assumed they're trying to spin up | an instance via WASM ;-) | olyjohn wrote: | The "new" EC2 console is the biggest pile of crap. | ThatMedicIsASpy wrote: | On Linux I fixed issues by setting media.ffmpeg.vaapi.enabled | true in about:config. | | From fan noise to none on youtube/twitch - chrome never made | the fans spin. | ziml77 wrote: | It's not just Windows that it's worse on though. It doesn't | perform well on macOS either. It's not as bad as it used to be | when it had a horrible power draining interaction with display | scaling on macOS, but it's still isn't as efficient as Chrome | or Safari. | jldl805 wrote: | I use all three browsers (FF for personal, Edge for work and | on my Surfaces, Chrome on my chromebooks). Edge on Surfaces | is the fastest and tbh these days I like Firefox over Chrome | in every way, and don't notice a speed difference. I consider | myself a power user, for what it's worth. | omnimus wrote: | I have suspicion that lots of the "chrome is faster" is because | devs optimise for chrome. More unique and "new" the API is the | bigger the difference. Webgl is probably pretty different | between browsers but nobody will bother to even look at webgl | project in Firefox. It's pretty remarkable that such complex | code can run pretty well in multiple different browsers. | | Another example Chrome has rel=prerender support and some | libraries use it to make loading pages faster. Safari and | Firefox don't support it. But it's progressive enhancement so | why not use it. Result is that Chrome seems faster. There are | probably many ways to make things faster on the other side but | nobody will bother. | solarkraft wrote: | It's much much slower for me on macOS. But that's with all my | extensions while I don't have as many on Chrome. | nijave wrote: | Firefox seems a little slower than Chrome on Linux but force | enabling some of the GPU offload stuff seemed to help. | LeoNatan25 wrote: | Windows Defender itself is a bug that causes high CPU usage, by | design. ;-) | ravenstine wrote: | Windows Defender is a long standing bug in the Windows operating | system. ;) | | My impression is that its invention was for the sole purpose of | eradicating the idea that Windows is insecure and prone to | viruses, which explains why it can be overzealous and CPU hungry. | | I would only enable it for family members who don't know what | they are doing. For some reason, I haven't needed any form of | active virus scanning in something like 15 years. If it turns out | I've been infected this entire time, the criminals sure are | taking their time stealing my money, etc. | thewataccount wrote: | There's a misconception that you need to do something "stupid" | to get a virus which is simply not the case. 0 days exist, and | worms are still a thing (looking at you samba). | | A great example is Pytorch just recently had a supply chain | attack, and installing the nightly version between December | 25th and December 30th, 2022 - would result in your home | directory getting uploaded including ssh keys. | | Chrome also just had a 0 day 2022 - CVE-2022-3075 | | Pytorch supply chain attack via Triton 2022/2023 - | https://www.bleepingcomputer.com/news/security/pytorch-discl... | | EDIT: Also there's a misconception that linux somehow doesn't | get viruses - however the Pytorch attack affected linux users. | Making a virus for windows gives you far more targets then | linux, which is why they're far more common. | bakugo wrote: | > 0 days exist, | | And they're almost exclusively used in targeted attacks | against valuable targets, because burning a 0-day to hack | grandma's old laptop and steal her facebook password isn't a | particularly good investment. | longsword wrote: | There will always be 0 days out there, but they will always | be very expensive and rare. If you have the ressources to buy | or find a 0-day, you definetly won't blow it by executing | known malware, or other stuff, which falls under the detected | by AV's. I really don't thing that having AV installed will | protect any user from a 0-day. | | On the other side, you install a very invasive av software, | which runs as privileged user and intercepts everything thats | happening on your system. They even make a great target for | malware by themself. Just recently ClamAV had a bug in it's | file scanner, which let to an rce: CVE-2023-20032 | lionkor wrote: | windows users will also happily "run as administrator", while | a lot of linux users know not to do that in my experience | ChuckNorris89 wrote: | _> a lot of linux users know not to do that in my | experience_ | | _README.md : "to get this to work, curl or wget the | following script and run it as sudo"_ | | Linux users: Aye | qup wrote: | Yes, I have an absolutely pristine record and I have never, | ever copy-pasted a script from the internet with sudo, or | piped curl into bash because I'm lazy and I trust most | github READMEs. Never. | olyjohn wrote: | Defender is designed to tick a box on enterprise security | checklists. That is about all it really excels at. It keeps IT | people happy because they don't have to deal with a third party | for their shitty AV. | squeaky-clean wrote: | > who don't know what they are doing. | | I think this would describe the majority of computer users. And | the majority of computer users are also using Windows. | | > I haven't needed any form of active virus scanning in | something like 15 years | | Microsoft Defender antivirus was released alongside Windows 8 | in 2012. And it's essentially a rewrite of Microsoft Security | Essentials which came included starting with Vista. If you | haven't been explicitly disabling it, which your comment sounds | like, you've been running one without knowing it for 16 years | Dalewyn wrote: | >Microsoft Defender antivirus was released alongside Windows | 8 in 2012. And it's essentially a rewrite of Microsoft | Security Essentials which came included starting with Vista. | | Not quite. | | Windows Defender was released together with Windows Vista, | this was very rudimentary and only handled malware and | spyware not unlike Malwarebytes, it did not handle viruses. | | Microsoft Security Essentials was released standalone | sometime during Windows 7's era, this was fully fledged anti- | virus. | | Microsoft Security Essentials was renamed Microsoft Defender | and bundled with Windows starting from Windows 8, where it | has stayed to this day. | squeaky-clean wrote: | You're right I was wrong about MSE which was the Windows 7 | era. But Windows Defender was released in 2005 and was a | rebrand of Microsoft AntiSpyware, which itself was a | rebrand of GIANT AntiSpyware. | | The version of Windows Defender that came with Vista was a | bit different and included realtime scanning when | executables were run. | olyjohn wrote: | They bought out the best AV product on the market, and | initially it was amazing. They even improved on it at | first, but then it started aging into the turd they is now | Defender. | uni_rule wrote: | It's decent enough in the past 8-10 years that I don't bother | with much free antivirus on my own or others' machines in the | current year. It's a far cry from the Windows XP / 7 era where | it was fucking useless and people got Ransomware or Rogues | pretending to be AV's every other Tuesday just from using | google images. Nowadays it is simply adequate for most people. | | At this point the only other antivirus I bother keeping an | install of on my personal system is Malwarebytes free in case | things really go tits up and I need to run it and rkill from | safe mode. | acdha wrote: | > I would only enable it for family members who don't know what | they are doing. | | The problem is that this also includes most people who think | they know what they're doing. We're in the middle of a big | change in how general purpose computers work and it's basically | driven by accepting that people make mistakes, trusted sites or | things like their URL shorteners or social media are | compromised periodically, etc. Maybe you're really good at | never visiting dodgy websites, always use an ad blocker, etc. | ... but have you never installed the wrong Python, NPM, etc. | package by mistake? | | Short term, something like Defender makes sense for most | devices used for web or email. Longer term, I think we need | more focus on sandboxing, hardware MFA, etc. so we aren't using | systems so brittle that everything just falls apart if you make | a mistake. I don't want the entire world to be iOS but the | status quo sucked more. | mconley wrote: | TL;DR: Windows Defender had a bug that made certain system calls | expensive on CPU cycles when Defender's Real-time Protection | feature is enabled. After discovery, Mozilla reported this issue | to Microsoft. Microsoft is releasing a patch that should result | in lower CPU usage when using Firefox on sites like YouTube (a | ~75% CPU usage reduction was noted when browsing YouTube in | Firefox with the fixed version of Defender). | | It seems like the HN submission form truncated the # from the end | of the URL I linked to, which linked to the relevant comment. | I'll try that here: | | https://bugzilla.mozilla.org/show_bug.cgi?id=1441918#c82 | | and | | https://bugzilla.mozilla.org/show_bug.cgi?id=1441918#c91 | Diggsey wrote: | Well, also Firefox is making an excessive number of calls to | that slow system call compared to other browsers (Chrome, | Edge). | zokier wrote: | Well, it was fast system call until MS added AV hook to it. | sfink wrote: | My understanding is that until recently (January), V8 (inside | Chrome & Edge) made a similar number of calls. The main use | is making it so that JIT-generated code is not writable while | it is executing. It's an important security measure. V8 | switched to a more recent mechanism (memory protection keys) | that have been gradually getting support from the various | OSes. But IIUC, they switched off the mprotect/VirtualProtect | calls unconditionally, and added in the protection key stuff | only where supported, which suggests that they left some | configurations without any protection at all. SpiderMonkey | (in Firefox) has not yet switched to the cheaper mechanism. | | I may have some of the details wrong. | | https://source.chromium.org/chromium/_/chromium/v8/v8.git/+/. | .. | nagisa wrote: | pkeys are hardware-specific as far as I am aware, and at | least last time I tried them didn't work on hardware as | recent as zen 1. | cjblack wrote: | I'm curious how much excess energy has been consumed, and won't | be consumed any longer, as a result of this improvement - even | just limited to reduced CPU usage on Windows machines using | Firefox to watch Youtube. | | I love thinking about the impacts of tiny improvements at scale | like this, might do some napkin math on it later and see if I | can come up with something in the right order of magnitude. | 2ICofafireteam wrote: | Next: Canadian cars and their daytime running lights. | wongarsu wrote: | Running lights during daytime seems to reduce crashes by | about 5-10%, and crashes consume a lot of energy. Depending | on crash severity there's at a minimum the wasted time for | all involved parties and frequently the necessity for | repairs (including the production of replacement parts, | paint etc), and at the high end the involvement of | emergency personnel and their vehicles, hospital beds, | doctors, the production of entire new cars as replacement | for totaled ones, etc. | | I'm not so sure that running lights isn't a net positive, | especially with the introduction of LED lights. | fsckboy wrote: | firefox browser share is teeny tiny these days | tomrod wrote: | Teeny tiny multiplied by 7 Billion by 365 days per year by | 24 hours per day by a fraction of a kW does add up. | beAbU wrote: | 7B people are not watching youtube on Firefox 24/7 365 | days a year. | tomrod wrote: | Correct. Some teeny tiny fraction of market share is. For | the conceptual calculation, I refer you to my earlier | comment. | mulmen wrote: | But at any given moment someone is. | zokier wrote: | Note that this issue is not exclusive to MS Defender, but | likely all Windows AV products to varying degrees: | | > > I would also like to add that this high CPU usage issue | while using Firefox is not exclusive to Microsoft Defender. _It | 's an issue for Norton's AV products also_ and should be the | same for Symantec Endpoint products too. | | > > So, you should also test them. | | > It is true that we should analyze the situation with other AV | vendors, however, given the numbers shared above, and given how | relevant it is to keep track of memory protection changes in | order to detect malicious behavior, it is very likely that the | explanation for Windows Defender _also applies (at least in | part) to other AV vendors_. | | Can we get edit on the title? | IronWolve wrote: | It's not just mozilla, been working defender issues for the | last few years on thousands of windows vm's. Mostly due to the | enabling the more intensive heuristic real time engine and they | have different code bases depending on versions installed on | different windows builds, and patching does seem to trigger it. | For months we had issues where we couldnt log into some vm's | due to high cpu for defender, and had to bounce the vm and | apply a temp defender fix. | | I think its a growing issue, as they mature/migrate their older | code base, issues become less frequent. | psychphysic wrote: | I have malwarebytes premium and defender CPU usage is nearly | 100% at times bringin Firefox to a halt. Chrome works | fine..I've been blaming Firefox so far. | Yoric wrote: | In my experience (as a former Firefox dev), antivirus / | antimalware software are really poorly behaved. They tend | to: | | - require admin rights (which means that if they have | vulnerabilities, it can take control of the entire machine, | even if Firefox itself is sanboxed); | | - monkey-patch the Firefox executable in memory, which | works (when it does) as long as the version of the software | tracks closely the version of Firefox, which may or may not | be the case; | | - ... and also decreases the memory-safety of Firefox, | which makes it easier to pwn; | | - ... and also makes the crash reports unreliable; | | - install encryption certificates that are actually less | trustworthy than Mozilla's, hence decreasing the security | of https; | | - block Firefox and add-on security updates, also | decreasing security; | | - install privileged add-ons, many of which are easy to | exploit from any webpage; | | - ... | | Part of the work on Crash Scene Investigations was | attempting to determine whether the crash was in Firefox or | in code or in some bogus foreign code. Depressingly often, | it was the latter. | | In your case, it's entirely possible that malwarebytes was | simply untested on Firefox. | jbritton wrote: | I had always assumed that one application could not touch | the memory of another application. Does running as Admin | allow breaking this boundary? | genocidicbunny wrote: | > - monkey-patch the Firefox executable in memory, which | works (when it does) as long as the version of the | software tracks closely the version of Firefox, which may | or may not be the case; | | This one was a frustratingly common cause of crashes when | I worked in gamedev. So many crashes would end up being | some overlay or antivirus monkeying about with memory. | jodrellblank wrote: | > " _Windows Defender had a bug that made certain system calls | expensive_ " | | It also has a bug(?) which makes method calls 100x slower in | PowerShell 7: | | https://github.com/PowerShell/PowerShell/issues/19431 | dang wrote: | Ok, I've put that back in the URL above. Thanks. | mgaunard wrote: | [flagged] | moonchrome wrote: | This just reminds me of constant "things worked so fast on my | Windows 95 machine back in the day with 16MB RAM". Meanwhile any | piece of software could crash your PC and it did so regularly (I | still keep spamming save in software because of those days) and | internet was a pandoras box. | | I wonder how much overhead in modern OS/PC user experience comes | from security/stability abstractions and tools. | jacobsenscott wrote: | I think it mostly comes from the fact that computers are so | fast now people write apps without worrying too much about | performance - apps have always grown to use whatever resources | are available. But when you app had to run on a pentium with | 16MB of memory - you actually had to work hard on performance | because you had such limited resources. | moonchrome wrote: | Yes but people have this nostalgic rose tinted glasses of | software from that era - it was hot garbage that crashed all | the time because they had so many constraints. Yeah GC | introduces a bunch of overhead - but it also means you don't | get segmentation faults, memory corruption, etc. | | Modern software is much more reliable than the software from | that era, people nowadays complain when a button isn't | working - back then a button could randomly freeze my entire | PC. | throitallaway wrote: | > it was hot garbage that crashed all the time because they | had so many constraints | | Correlation != causation. I started using PCs heavily in | the mid 90s, and yes "Illegal Operations" were abound. | However, the SDLC has also come a long way with testing, | automated QA, etc. Back then there was a lot more "wild | west" going on for both hardware and software. Generally, | practices are much more mature by default nowadays. | flatiron wrote: | And computers are so vastly different. We have these layers | upon layers to deal with these differences. Back in the day | it was just DOS and 386/486 then optimize the crap out of it. | Even doom had their sound stuff done through a compatibility | layer. Now a days you need to deal with multiple video cards | and os and processors. Just easier to make a one and done | solution and leverage it | dylan604 wrote: | >(I still keep spamming save in software because of those days) | | muscle memory prevents me from being able to type a semicolon | without cmd-s being the very next keys typed. | Sunspark wrote: | Defender's Real-Time feature also creates 100% CPU usage when | burning a Windows To Go ISO using Rufus. Need to turn it off or | things will go slowly. | pfoof wrote: | An an experienced one-person IT department "Antimalware Service | Executable" turns our laptops into rockets since always | vezycash wrote: | I suffered because of this problem until I remembered that it's | possible to exclude firefox.exe process in defender. | pwarner wrote: | Every security app seems to have problems like this all the time, | and they never seem to be able to detect them themselves. | Security software that didn't suck would be a huge opportunity, | and yeah as others have alluded too, a huge carbon emission | reduction! | | I had two different IT mandated apps taking up a total of 3.5 | _complete_ CPU cores for a week before I undocked and noticed the | fast battery drain. On an M1 no fan blast to alert me. It 's a | terrible terrible state of affairs. ___________________________________________________________________ (page generated 2023-04-05 23:00 UTC)