freePCtech (click here to return to the first page) Search the siteHelp on using this siteHome
Forums
 Features
 Articles
 Guides/FAQs
 Goodies
 Downloads
 About
 Contact

    Windows XP Myths


System Requirements System Requirements

Myth - "Windows XP requires a high end PC to install and run."

Reality - "Windows XP can be installed on surprisingly low system requirements contrary to popular opinion. With the average life cycle of a regular PC being roughly 4-6 years, just about any PC being used today can run Windows XP. The following requirements are Microsoft's "official" minimum system requirements which I have tested to work fine with the exception of only 64 MB of RAM (performance is poor). Increasing your RAM to 128 MB would be the only upgrade I would strongly consider as my absolute minimum Windows XP system requirements."

233 MHz CPU (300 MHz Recommended) *
128 MB Recommended (64 MB of RAM minimum supported, limits performance and some features) *
1.5 GB of available hard disk space *
Super VGA (800 x 600) or higher-resolution video adapter and monitor
CD-ROM or DVD drive
Keyboard and Microsoft Mouse or compatible pointing device

* Actual requirements will vary based on your system configuration and the applications and features you choose to install. Additional available hard disk space may be required if you are installing over a network. - Source - Source 2

Notes - Again 128 MB of RAM is recommended as the minimum, since below that disables some features, reduces prefetching benefits and reduces overall performance. Anyone who claims Windows XP will not work with these settings has never actually installed Windows XP on this hardware. Older systems generally benefit from faster harddrive performance (5400 RPM to 7200 RPM, 40 conductor IDE cables to 80 conductor ect...) and faster Internet Connections (Dial-up to Broadband) before upgrading the RAM and so forth. Adding more RAM is almost always a good idea but it is important to understand what exactly you are trying to improve. The most common complaints on older systems are loading times and Internet Performance. Windows XP will work fine for basic Office, Email and Internet use. Many do not realize how low Office 2000 or Office XP's System Requirements are either. These are the minimum requirements for Windows XP NOT any third party software you choose to use. The system requirements for any third party software must be met to use that software properly.


RAM 4GB RAM Limit

Myth - "Windows XP does not support 4GB of RAM"

Reality - "On any 32-bit Operating System (not only Windows), you only have access to 4GB of address space by default. A 32-bit Operating System can actually handle 4GB of memory. The issue is the way in which the hardware allocates memory for its own resources. The hardware needs to allocate memory space to use for things like the PCI bus, BIOS, the video card and others. It allocates this from the address space presented to it, which is not necessarily the same as the amount of physical RAM installed. Also of note, it allocates this memory from top to bottom. The problem is, when you have 4GB of RAM installed, the amount of physical memory installed is the same as the address space. If you have 4GB RAM, and the hardware needs to allocate a large chunk of memory for its own use, and it does this from top to bottom, the memory that is blocked off starts at 4GB and allocates downwards. So, the final amount of RAM the OS will be able to see is the difference. This is because when it actually allocates for the physical RAM in the system, it has to skip the chunk that was blocked off by the hardware. Since a 32-bit OS can only see 4GB, the rest of the RAM is invisible because it is above the 4GB barrier. By using the /PAE switch, you enable the OS to see above this barrier, and you can see all of your RAM, sometimes. The real problem comes back to hardware. The OS can only handle whatever resources are shown to it by the hardware BIOS. If the hardware does not support a large enough addressing range, then it simply won't report anything above that so the OS is in the dark. If the hardware supports 36-bit PAE Intel Extensions or the AMD equivalent, and you use an OS that supports PAE, you should be able to enable both and see all of the RAM." - Source - Source 2 - Source 2


DOS DOS Game Compatibility

Myth - "You cannot run DOS games on Windows XP."

Reality - "Many MS-DOS-based games will run on Windows XP and a community out there is dedicated to smoothing the way. MS-DOS was a 16-bit platform. Windows 95 meshed 16-bit and 32-bit code with MS-DOS at its core. Most 16-bit MS-DOS based programs would work fine on Windows 95. Windows 95, 98, and Me were all based on the same core technology (called kernel). Windows XP is based on a completely different kernel. It's built on code that was introduced in Windows NT, evolved into Windows 2000, and was enhanced for Windows XP. The Windows NT kernel doesn't have any MS-DOS components in it at all-it's a pure 32-bit beast. It includes a 16-bit emulator and a command prompt mode that looks like MS-DOS. MS-DOS-based games don't have the friendly installers found in the Windows 9x-based games. You should install MS-DOS-based games from a command prompt. One of the trickiest parts of making MS-DOS-based games to run on Windows XP is getting the sound to work. Succeeding at getting your ancient games up and running on Windows XP can be as rewarding as playing the game itself!" - Source - Source 2 - Source 3

Notes - If all else fails you can always try the - DOSBox DOS Emulator.


NTFS NTFS Game Compatibility

Myth - "NTFS is not compatible with games."

Reality - "Your normal software and games could not care less what file system they are being stored on. As long as it's supported by the operating system you are using, there will be no problem. With NTFS, however, permissions can play a factor in whether a game runs correctly or not. If you don't have access to a particular file that's needed by the software, it's not going to work. This is different than when a file is stored on FAT32, and is probably responsible for the mistaken belief that a game, or other software, must be compatible with NTFS. This is another good reason to familiarize yourself with the file and folder permissions in NTFS." - Source

^ TOP

Reliability Myths

Windows Windows 95/98/ME vs XP Reliability

Myth - "Windows 95/98/ME is as reliable as XP." - Comparison Chart - Reliability Video

Reality - "Windows XP is 10-30 times more reliable then Windows 95/98/ME. Windows XP Professional is built on the proven code base of Windows 2000, which features a 32-bit computing architecture, and a fully protected memory model. Windows XP offers several enhancements that make it the most reliable version of Windows yet: Application Compatibility, Compatibility Mode, Improved Device and Hardware Support, Shared DLL Support, Shutdown Event Tracker, Windows Driver Protection, Device Driver Rollback, Windows Installer, Auto Update, Dynamic Update, Windows Update, Shadow Copy Integration with Backup, Last Known Good Configuration, Automated System Recovery, System Restore Enhancements, Error Messaging and Product Support, Online Crash Analysis, " - Source

Lab Report: Windows XP More Reliable
- Windows XP Professional ran over 30 times as long without encountering problems as those running Windows 98 SE.
- None of the Windows XP Professional systems had a single application or operating system failure during the test period.
- None of the Windows 2000 Professional Gold systems had a single application or operating system failure during the test period.

^ TOP

Optimization Myths

Also known as "Bad Tweaks" these are frequently recommended and included in various tweaking programs claiming to improve performance. In each case they either do absolutely nothing or even worse, actually hurt performance. For Tweaks that work use the Optimize XP guide.

Key Key

Neutral = No Effect on Performance
Negative = Reduces Performance
Partial = Partial Performance Improvement
Warning = Causes other Problems


DLL Always Unload DLL Neutral (Disable DLL Caching, Force XP to unload DLLs)

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer] "AlwaysUnloadDLL"

Myth - "Enabling AlwaysUnloadDLL frees up more memory and improves performance."

Reality - "Adding this Registry Key in Windows 2000 or XP has no effect since this registry key is no longer supported in Microsoft Windows 2000 or later. The Shell automatically unloads a DLL when its usage count is zero, but only after the DLL has not been used for a period of time. This inactive period might be unacceptably long at times, especially when a Shell extension DLL is being debugged. For operating systems prior to Windows 2000, you can shorten the inactive period by adding this registry key." - Source - Source 2


Prefetcher /Prefetch:1 Switch Neutral

Myth - "Adding the /Prefetch:1 Switch to the startup path of a program's shortcut will decrease the program's startup time."

Reality - All it does is change your hash number - the OS is doing exactly the same thing it did before, and just saving the prefetch pages to a different file. It does not improve performance in any way. Ryan Myers of Microsoft's Windows Client Performance Team writes: "The /prefetch:# flag is looked at by the OS when we create the process - however, it has one (and only one) purpose. We add the passed number to the hash. Why? WMP is a multipurpose application and may do many different things. The DLLs and code that it touches will be very different when playing a WMV than when playing a DVD, or when ripping a CD, or when listening to a Shoutcast stream, or any of the other things that WMP can do. If we only had one hash for WMP, then the prefetch would only be correct for one such use having incorrect prefetch data would not be a fatal error - it'd just load pages into memory that'd never get used, and then get swapped back out to disk as soon as possible. Still, it's counterproductive. By specifying a /prefetch:# flag with a different number for each "mode" that WMP can do, each mode gets its own separate hash file, and thus we properly prefetch. (This behavior isn't specific to WMP - it does the same for any app.) This flag is looked at when we create the first thread in the process, but it is not removed by CreateProcess from the command line, so any app that chokes on unrecognized command line parameters will not work with it. This is why so many people notice that Kazaa and other apps crash or otherwise refuse to start when it's added. Of course, WMP knows that it may be there, and just silently ignores its existence. I suspect that the "add /prefetch:1 to make rocket go now" urban legend will never die, though." - Source - Source 2


Prefetcher Cleaning the Prefetch Folder Negative

Myth - "Deleting the contents of the Prefetch folder improves performance."

Reality - "Every time you delete an application's Prefetch (.PF) file you will cripple that application's load time the next time you go to launch it. This can temporarily increase load times by as much as 100%. For one thing, XP will just re-create the Prefetch (.PF) trace files anyway; secondly, it trims the files if there's ever more than 128 of them so that it doesn't needlessly consume space. However you do not regain optimal application load times back until after the second time you launch the same application due to the Prefetch (.PF) trace file being re-created. Prefetch (.PF) trace files are not a cache and are not preloaded into memory upon windows startup. They are never even accessed until you launch an application. Only one Prefetch (.PF) trace file per application is created. There is never ANY reason to delete these files. Cleaning the Prefetch folder is actually a temporary self-inflicted unoptimization. Why you would want to deliberately hurt your PC's performance I have no idea." - Source - Source 2 - Source 3 - Source 4 - Source 5

Malware/Viruses - Some people irresponsibly recommend cleaning this folder due to possible Malware/Virus infection. Malware/Viruses can place an infected file(s) in any folder and the Prefetch folder is no different. Do these same people recommend deleting the contents of the Windows folder because it is a popular location to find an infected file(s)? Of course not, you simply clean or delete the infected file(s) not the contents of the folder. This Myth got started due to the indiscriminate nature of the Windows Prefetcher, which will Prefetch any executable file that you load or loads during Windows start up. Thus it is quite common on an infected machine to find a Prefetch (.PF) trace file in the Prefetch folder with the same name as an infected executable. These files are NOT Malware/Viruses. They are there to improve the load time, in this case ironically, of the Malware/Virus but do not contain any infected code. Once the associated infected executable is deleted, these Prefetch (.PF) trace files do nothing and will eventually automatically be cleaned by Windows.

Corrupted Files - Some people claim that Prefetch (.PF) trace files can get randomly "corrupted" and thus they need to be periodically deleted. Files do not get "corrupted" unless something is wrong with your computer. Any file corruption is a warning sign something is wrong with your system. Overclocking, using defective components like Memory and Harddrives and using FAT32 instead of the superior NTFS file system are common causes of file corruption. NTFS is very resilient to file corruption as compared to FAT32. When storing data to disk, NTFS records file I/O events to a special transaction log. If the system crashes or encounters an interruption, NTFS can use this log to restore the volume and prevent corruption from an abnormal program termination or system shutdown. NTFS doesn't commit an action to disk until it verifies the successful completion of the action. This precaution helps prevent corruption of an NTFS volume. NTFS also supports hot-fixing disk sectors, where the OS automatically blocks out bad disk sectors and relocates data from these sectors. This housecleaning happens in the background. An application attempting to read or write data on a hot-fixed area will never know the disk had a problem. Thus the solution is fixing the cause of the file corruption.

CCleaner - Finally the useless, performance slowing cleaning option "Old Prefetch data" was moved to the advanced section and is now not selected by default. Never select this option for cleaning as it will increase application and Windows load times. This option removes Prefetch files that are a few weeks old based on the NTFS last access date. Since Windows XP already cleans this folder at 128 entries, this is a useless option that will only reduce system performance. You should never delete a Prefetch file for any installed application since that would cripple it's load times. Just because a program was not used in a few weeks does not mean you want it to load as slow as possible when you do decide to use it. If you disable the NTFS last access date stamp then this option will delete the whole contents of the Prefetch folder after a few weeks, which will cripple Windows Boot and all application load times. The Prefetch folder is also ridiculously small so cleaning Prefetch files before the 128 limit will reclaim next to no disk space. This option clearly needs a warning to prevent people from unknowingly hurting their system performance. Anyone who claims this should be cleaned for ANY reason does not understand how Windows Prefetching works. - Source

Bad Advice - This bad advice to clean the prefetch folder is posted frequently on the Internet by people who do not understand how the Windows XP Prefetcher works. Their explanations are 100% inaccurate. - Bad Advice 1 - Bad Advice 2 - Bad Advice 3 - Bad Advice 4


Prefetcher EnablePrefetcher Negative

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement\PrefetchParameters] "EnablePrefetcher"

Myth - "Setting any value higher then 3 to EnablePrefetcher will improve performance."

Reality - The Prefetcher component in Windows XP is part of the Memory Manager, and helps to shorten the amount of time it takes to start Windows and programs. This is a new feature in Windows XP which improves application load times and Windows boot times automatically. The slower your system and the larger an application, the more Prefetching helps. Even high end systems benefit from prefetching with large, slow loading applications, such as large games. By default Prefetching is enabled in Windows XP and already configured optimally. The following list describes the different possible values for the EnablePrefetcher registry key.

0 = Disabled
1 = Application launch prefetching enabled (Will cripple Window's boot times)
2 = Boot prefetching enabled (Will cripple all application load times)
3 = Applaunch and Boot enabled (Optimal and Default)

By default the Prefetcher is set to a value of 3 in Windows XP. Values such as 4, 5, 6 ect... do not exist and are thus useless. Leave this at the default value of 3 which is already optimal for maximum performance on both Windows XP Boot and initial application launches. - Source

Low Memory Systems - Recommendations to disable Prefetching on low memory systems (128 MB - 512 MB) is based on the fallacy that portions of application code are preloaded into memory before the application load is initiated during Windows startup. This is completely false and is spread by people who do not understand how Windows XP Prefetching works. The slower the system the more it will benefit from Prefetching. 64 MB systems will suffer due to insufficient RAM, reducing but not eliminating Window XP's prefetching benefits. 128 MB is the recommended minimum for optimal prefetching performance.

Boot Performance - Recommendations to set the EnablePrefetcher value to 2 to improve boot performance is based on the fallacy that portions of application code are preloaded into memory before the application load is initiated during Windows XP startup. This is completely false and is spread by people who do not understand how Windows XP Prefetching works. Only the files used during boot will be Prefetched. The Prefetch folder is not a cache. Windows XP will boot in the exact same amount of time with either value 2 or 3, the only difference with 2 is that now all of your initial application launches will not be Prefetched and thus load slower. The default value of 3 in no way negatively affects Windows XP boot times. Leave the value at 3 for optimal Windows XP boot and initial application launch times.


Prefetcher Enable Superfetch Neutral

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement\PrefetchParameters] "EnableSuperfetch"

Myth - "Adding EnableSuperfetch to the registry improves performance in Windows XP as it does in Windows Vista."

Reality - "This myth was started when the Inquirer irresponsibly ran a bogus letter without doing any fact checking. Windows internals guru Mark Russinovich said this won't work, the "Superfetch" string isn't even in the Windows XP kernel. You can confirm this yourself by checking with the strings.exe utility. This makes it impossible for it to do anything since no "Superfetch" command exists. Windows cannot execute a nonexistent command and will simply ignore it. Anyone who says this works is not only lying but a fool." - Source


Swapfile Conservative Swapfile Neutral

Myth - "Adding ConservativeSwapfileUsage=1 to the System.ini file improves performance."

Reality - "The System.ini and Win.ini files are provided in Windows XP for backward compatibility with 16-bit applications. They have no effect on the Windows XP paging file settings which are stored in the Registry. This setting only effects Windows 95/98 operating systems. The default setting for ConservativeSwapfileUsage is 1 for Windows 95, and 0 (zero) for Windows 98. On Windows 98 systems you can set ConservativeSwapfileUsage=1 under the [386Enh] heading of the System.ini file causing the system to behave as Windows 95 does, at some cost in overall system performance." - Source


Disk Cleanup Deleting Temp Files Neutral

Myth - "Deleting Temp Files improves performance."

Reality - Deleting temporary files does not improve application, gaming or system performance on NTFS volumes. All it does is increase your available disk space. This is because performance does not degrade under NTFS, as it does under FAT, with larger volume sizes. While AntiVirus, AntiSpyware and general disk scan/search times can be reduced, these are not what people associate with improved performance. Deleting the contents of your browser cache actually reduces performance for previously visited webpages since they must be reloaded into the cache. This does not mean you should not do this periodically for house cleaning reasons. Only that you should not expect improved performance from doing so.

NTFS - Maximum files per volume: 4,294,967,295
NTFS - Maximum files and subfolders within a single folder: 4,294,967,295
FAT32 - Maximum files per volume: 4,177,920
FAT32 - Maximum files and subfolders within a single folder: 65,534*

* The use of long file names can significantly reduce the number of available files and subfolders within a folder.

Notes - "With the NTFS file system, small folder records reside entirely within the MFT structure, while large folders are organized B-tree structures and have records with pointers to external clusters that contain folder entries that cannot be contained within the MFT structure. The benefit of using B-tree structures is evident when NTFS enumerates files in a large folder. The B-tree structure allows NTFS to group, or index, similar file names and then search only the group that contains the file, minimizing the number of disk accesses needed to find a particular file, especially for large folders. Because of the B-tree structure, NTFS outperforms FAT for large folders because FAT must scan all file names in a large folder before listing all of the files." - Source


Dr. Watson Disable Dr. Watson Neutral

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]

Myth - "Disabling Dr. Watson improves performance since it is always running."

Reality - "If a program error occurs, Dr. Watson will start automatically but not before unless you manually start it. Which means disabling Dr. Watson has no effect on system performance. Dr. Watson (Drwtsn32.exe) for Windows is a program error debugger that gathers information about your computer when an error (or user-mode fault) occurs with a program. Technical support groups can use the information that Dr. Watson obtains and logs to diagnose a program error. When an error is detected, Dr. Watson creates a text file (Drwtsn32.log) that can be delivered to support personnel by the method they prefer. You also have the option of creating a crash dump file, which is a binary file that a programmer can load into a debugger. This is valuable information to help troubleshoot a system problem, thus it makes no sense to disable Dr. Watson." - Source - Source 2 - Source 3

Notes - Programs errors should be addressed and not ignored by making sure you are using the latest non-Beta version of the application that crashed and apply all patches that are available from the developer of the application. This can also be a warning sign something is wrong or misconfigured with your system. Use the Diagnose XP Guide to help troubleshoot the most common causes of system problems.


Clearing the Paging File Clearing the Paging File Negative

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement] "ClearPageFileAtShutdown"

Myth - "Clearing the Paging File at Shutdown improves performance."

Reality - "Enabling this will clear the Window's paging file (Pagefile.sys) during the shutdown process, so that no unsecured data is contained in the paging file when the shutdown process is complete. If you enable this feature, the shutdown time will be increased. Some third-party programs can temporarily store unencrypted (plain-text) passwords or other sensitive information in memory. Because of the Windows virtual memory architecture, this information can be present in the paging file. Although clearing the paging file is not a suitable substitute for physical security of a computer, you might want to do this to increase the security of data on a computer while Windows is not running." - Source


Disable Paging File Disable the Paging File Negative Warning

Myth - "Disabling the Paging File improves performance."

Reality - "You gain no performance improvement by turning off the Paging File. When certain applications start, they allocate a huge amount of memory (hundreds of megabytes typically set aside in virtual memory) even though they might not use it. If no paging file (pagefile.sys) is present, a memory-hogging application can quickly use a large chunk of RAM. Even worse, just a few such programs can bring a machine loaded with memory to a halt. Some applications (e.g., Adobe Photoshop) will display warnings on startup if no paging file is present." - Source

"In modern operating systems, including Windows, application programs and many system processes always reference memory using virtual memory addresses which are automatically translated to real (RAM) addresses by the hardware. Only core parts of the operating system kernel bypass this address translation and use real memory addresses directly. All processes (e.g. application executables) running under 32 bit Windows gets virtual memory addresses (a Virtual Address Space) going from 0 to 4,294,967,295 (2*32-1 = 4 GB), no matter how much RAM is actually installed on the computer. In the default Windows OS configuration, 2 GB of this virtual address space are designated for each process' private use and the other 2 GB are shared between all processes and the operating system. RAM is a limited resource, whereas virtual memory is, for most practical purposes, unlimited. There can be a large number of processes each with its own 2 GB of private virtual address space. When the memory in use by all the existing processes exceeds the amount of RAM available, the operating system will move pages (4 KB pieces) of one or more virtual address spaces to the computer's hard disk, thus freeing that RAM frame for other uses. In Windows systems, these "paged out" pages are stored in one or more files called pagefile.sys in the root of a partition. Virtual Memory is always in use, even when the memory required by all running processes does not exceed the amount of RAM installed on the system." - Source


Moving the Paging File Moving the Paging File Negative

Myth - "Moving the Paging File to a different partition on the same drive improves performance."

Reality - "Moving the Paging File (pagefile.sys) to a different partition on the same physical hard disk drive does not improve performance. Simply using a different partition on the same drive will result in lots more head-seeking activity, as the drive jumps between the Windows and paging file partitions. Even though moving the paging file in this case can have the positive effect of defragmenting it, the loss in I/O performance out weighs any gains. It is better to simply defragment the paging file using PageDefrag and keep maximum I/O performance by leaving the paging file where it is with a single drive setup. - Source

Notes - However you can enhance performance by putting the paging file on a different partition and on a different physical hard disk drive. That way, Windows can handle multiple I/O requests more quickly. When the paging file is on the boot partition, Windows must perform disk reading and writing requests on both the system folder and the paging file. When the paging file is moved to a different partition and a different physical hard disk drive, there is less competition between reading and writing requests."


RAMdisk Paging File RAMdisk Negative

Myth - "Putting the Paging File on a RAMdisk improves performance."

Reality - "Putting a Paging File in a RAM drive is a ridiculous idea in theory, and almost always a performance hit when tested under real-world workloads. You can't do this unless you have plenty of RAM and if you have plenty of RAM, you aren't hitting your paging file very often in the first place! Conversely, if you don't have plenty of RAM, dedicating some of it to a RAM drive will only increase your page fault rate. Now you might say "yeah, but those additional page faults will go faster than they otherwise would because they're satisfied in RAM." True, but it is still better to not incur them in the first place. And, you will also be increasing the page faults that have to be resolved to exe's and dll's, and the paging file in RAM won't do diddly to speed those up. But thanks to the paging file in RAM, you'll have more of them. Also: the system is ALREADY caching pages in memory. Pages lost from working sets are not written out to disk immediately (or at all if they weren't modified), and even after being written out to disk, are not assigned to another process immediately. They're kept on the modified and standby page lists, respectively. The memory access behavior of most apps being what it is, you tend to access the same sets of pages over time... so if you access a page you lost from your working set recently, odds are its contents are still in memory, on one of those lists. So you don't have to go to disk for it. Committing RAM to a RAMdisk and putting a paging file on it makes fewer pages available for those lists, making that mechanism much less effective. And even for those page faults resolved to the RAMdisk paging file, you are still having to go through the disk drivers. You don't have to for page faults resolved on the standby or modified lists. Putting a paging file on a RAMdisk is a self-evidently absurd idea in theory, and actual measurement proves it to be a terrible idea in practice. Forget about it." - Source - Source 2


Services Disable Certain Services Negative

Myth - "Disabling these Services improves performance."

Reality - "Disabling these Services actually reduces performance."

Automatic DNS Client Service - "The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated. This effectively reduces Internet Performance for sites you have previously visited and puts an unnecessary load on your ISP's DNS server." - Source

Automatic Task Scheduler Service - "Disabling the Task Scheduler completely cripples Windows XP's Boot and Application Load times by preventing Prefetch (.PF) trace files and the Layout.ini file from being created or updated." - Source

Notes - Disabling other unnecessary services in general has only one affect on performance and that is reduced Windows XP boot times. - Source


DisablePagingExecutive Disable Paging Executive Negative Low Memory Systems, Neutral or Partial High Memory Systems

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] "DisablePagingExecutive"

Myth - "Setting DisablePagingExecutive to 1 improves performance by preventing the kernel from paging to disk."

Reality - "DisablePagingExecutive applies only to ntoskrnl.exe. It does not apply to win32k.sys (much larger than ntoskrnl.exe!), the pageable portions of other drivers, the paged pool and of course the file system cache. All of which live in kernel address space and are paged to disk. On low memory systems this can force application code to be needlessly paged and reduce performance. If you have more than enough RAM for your workload, yes, this won't hurt, but then again, if you have more than enough RAM for your workload, the system isn't paging very much of that stuff anyway. This setting is useful when debugging drivers and generally recommended for use only on servers running a limited well-known set of applications." - Source - Source 2 - Source 3


System Restore Disable System Restore Neutral

Myth - "Disabling System Restore improves performance."

Reality - "System Restore does not cause any noticeable performance impact when monitoring your computer. The creation of a Restore point also is a very fast process and usually takes only a few seconds. Scheduled System Checkpoints (every 24 hours by default) are created only at system idle time to avoid interfering with a computer during use." - Source


Defrag Disk Defragmenter Partial

Myth - "The built-in Disk Defragmenter is good enough."

Reality - "This statement would be true if the built-in defragmenter was fast, automatic, and customizable. Unfortunately, the built-in defragmenter does not have any of these features. The built-in defragmenter takes many minutes to hours to run. It requires that you keep track of fragmentation levels, you determine when performance has gotten so bad you have to do something about it, and then you manually defragment each drive using the built-in defragmentation tool." - Source - Comparison Chart (PDF)

Disk Defragmenter Limitations - "The Disk Defragmenter tool in Windows 2000/XP is based on the full retail version of Diskeeper by Executive Software International, Inc. The version that is included with Microsoft Windows 2000 and later provides limited functionality in maintaining disk performance by defragmenting volumes that use the FAT, the FAT32, or the NTFS file system. The XP version has the following limitations." - Source

- It can defragment only local volumes.
- It can defragment only one volume at a time.
- It cannot defragment one volume while scanning another.
- It cannot be easily scheduled without scripts or third party utilities
- It can run only one Microsoft Management Console (MMC) snap-in at a time.


Hibernate Hiberfil.sys Neutral

Myth - "It is necessary to delete the Hiberfil.sys before defragmenting."

Reality - "The Hiberfil.sys is a file to which the system's physical memory is written during hibernation. On resuming from hibernation, the BIOS reads Hiberfil.sys to restore the state of the computer to its pre-hibernation state. Because the location of the Hibernate file is determined very early in the startup process, it cannot be moved. It can, however, be defragmented safely at startup using an enterprise-level defragmenter such as Diskeeper or the freeware utility PageDefrag." - Source


FAT32 FAT32 vs. NTFS Negative

Myth - "The FAT32 file system is faster/better than NTFS."

Reality - "NTFS provides performance, reliability, and advanced features not found in any version of FAT. NTFS features: Built-In Security, Recoverability, Alternate Streams, Custom File Attributes, Compression, Object Permissions, Economical Disk Space Usage using a more Efficient Cluster Size and Fault Tolerance. Windows XP comes with NTFS 3.1 which includes even more advanced features such as: Encryption, Disk Quotas, Sparse Files, Reparse Points, Volume Mount Points. None of which is available with FAT32." - Comparison Chart

Performance
"NTFS is built for speed with impressive disk I/O performance on large volumes (Over 400 MB). NTFS uses a binary tree structure for all disk directories, which reduces the number of times the system has to access the disk to locate files. This system is best for large directories, and NTFS easily outperforms FAT32 in these situations. In addition, NTFS automatically sorts files in a folder on the fly. NTFS gains an edge over FAT32 by using relatively small disk allocation units (cluster sizes) for NTFS volumes. Smaller clusters prevent wasted disk space on volumes, especially those with numerous small files. Because NTFS uses small clusters better and has a more efficient design, its performance doesn't degrade with large volumes, in contrast to FAT's." - Source - Source 2

"NTFS is generally believed to be slower than FAT. However, with a correctly created NTFS volume, NTFS performance optimizations, and improved disk defragmentation, NTFS performance (including the extra "journaling") is equivalent to FAT on small disks and is faster than FAT on large disks. FAT32 performance is further reduced for volumes larger than 32 GB in two areas:

- Boot time with FAT32 is increased because of the time required to read all of the FAT structure. This must be done to calculate the amount of free space when the volume is mounted.
- Read/write performance with FAT32 is affected because the file system must determine the free space on the disk through the small views of the massive FAT structure. This leads to inefficiencies in file allocation." - Source

Gaming Performance
"The numbers show...not much difference. In fact, the only test that doesn't show near-perfect parity is PCMark04, and the difference between the results on the two file systems is less than two percent. HDTach's read and access tests, which respectively measure how fast data can be read from the drive and how quickly the drive can locate data, were nearly identical. More importantly, the gaming tests showed nary a difference in all-important frame rates between the file systems and the cluster sizes. Based on the uniformity we experienced, we highly recommend that users of Windows XP take advantage of the NTFS file system. Its gaming prowess matches that of FAT32 and it boasts a healthy line-up of advantages over its opponent." - Source

Reliability
"NTFS is a reliable file system. When storing data to disk, NTFS records file I/O events to a special transaction log. If the system crashes or encounters an interruption, NTFS can use this log to restore the volume and prevent corruption from an abnormal program termination or system shutdown. NTFS doesn't commit an action to disk until it verifies the successful completion of the action. This precaution helps prevent corruption of an NTFS volume. NTFS also supports hot-fixing disk sectors, where the OS automatically blocks out bad disk sectors and relocates data from these sectors. This housecleaning happens in the background. An application attempting to read or write data on a hot-fixed area will never know the disk had a problem." - Source - Source 2


FAT32 Converting FAT32 to NTFS Neutral

Myth - "Converting FAT32 volumes to NTFS instead of formatting them will reduce performance by forcing a 512 byte cluster size."

Reality - "Windows XP CONVERT creates the best possible cluster size according to the existing FAT format. On NTFS volumes, clusters start at sector zero; therefore, every cluster is aligned on the cluster boundary. For example, if the cluster size was 4K and the sector size was 512 bytes, clusters will always start at a sector number that is a multiple of 4096/512 for example, 8. However, FAT file system data clusters are located after the BIOS Parameter Blocks (BPB), reserved sectors, and two FAT structures. FAT formatting cannot guarantee that data clusters are aligned on a cluster boundary. In Windows 2000, CONVERT handled this problem by forcing an NTFS cluster size of 512 bytes, which resulted in reduced performance and increased disk fragmentation. In Windows XP, CONVERT chooses the best cluster size (4K is the ideal)." - Source

Notes - The FAT32 file system does not use a default cluster size smaller than 4 KB. The maximum NTFS default cluster size under Windows XP is 4 KB because NTFS file compression is not possible on drives with a larger allocation size. - Source


Free Idle Tasks Free Idle Tasks Neutral

Rundll32.exe advapi32.dll,ProcessIdleTasks

Myth - "This will free up processing time from any idle tasks and allow it to be used by the foreground application."

Reality - "Idle tasks do not use up any resources unless the system is idle and not being used. The Task Scheduler service will check if the computer is in an idle state every 15 minutes. The computer is considered to be in an idle state if there is 0% CPU usage and 0% disk input or output for 90% of the past fifteen minutes and if there is no keyboard or mouse input during this period of time. The system cannot be running on battery power either. Any user input marks the end of the idle state. Windows schedules some maintenance tasks when the system is idle and running on AC power. Other third-party programs and services may be running during system idle time also. To optimize system performance and reliability, Windows XP is designed to automatically run system maintenance tasks during system idle time:

- The Disk Layout task (every 3 days)
- The System Restore task
- The Help Services and Data Collection task

The command Rundll32.exe advapi32.dll,ProcessIdleTasks sole purpose is to allow benchmarks a simple way to force any pending idle tasks to be executed immediately, without having to wait a lengthy period of time. - Source - Source 2 - Source 3


IOPageLockLimit IO Page Lock Limit Neutral

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement] "IoPageLockLimit"

Myth - "Increasing the IO Page Lock Limit will lock more memory for exclusive access by the kernel, improving performance."

Reality - "Indeed, it does do this but only in an RTM Windows 2000 machine. It does absolutely nothing in Windows 2000 Service Pack 1 and up, and absolutely nothing in Windows XP. This makes it effectively useless, since no one in their right minds would be running RTM Windows 2000. The RTM kernel references IoPageLockLimit. The SP1 kernel does not. Neither do any subsequent editions of the kernel; neither does the XP kernel in any of its incarnations." - Source


IRQ 8 Priority IRQ Priority Neutral

[HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl] "IRQ8Priority"

Myth - "Adjusting the Priority of IRQs especially IRQ 8 improves system performance."

Reality - "IRQs don't even HAVE a concept of "priority" in the NT family; they do have something called "IRQL" (interrupt request level) associated with them. But the interval timer interrupt is already assigned a higher IRQL than any I/O devices, second only to the inter-processor interrupt used in an MP machine. The NT family of OSes don't even use the real-time clock (IRQ 8) for time keeping in the first place! They use programmable interval timer (8254, on IRQ 0) for driving system time keeping, CPU time accounting, and so on. IRQ 8 is used for profiling, but profiling is almost never turned on except in very rare development environments. Even if it was possible it doesn't even make sense why adjusting the real-time clock priority would boost performance? The real-time clock is associated with time keeping not CPU frequency. I would not be surprised if this originated in an overclocking forum somewhere. This "tweak" can be found in most XP all-in-one tweaking applications. This is a perfect example of why they are not recommended." - Source


Separate Folders Launch folder windows in a separate process Negative

Myth - "Enabling Launch folder windows in a separate process improves performance."

Reality - "Use this setting if your computer frequently crashes, and you are trying to minimize problems or troubleshoot. Be aware, however, this process uses more memory and that doing this could slow down the performance of your computer." - Source

Notes - Windows XP is a very stable operating system and should never Lock-up (freeze), display Blue Screen Stop Errors or Randomly Reboot. These are all warning signs something is wrong or misconfigured with your system. Use the Diagnose XP Guide to help troubleshoot the most common causes of system problems.


LargeSystemCache Large System Cache Negative Warning

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement] "LargeSystemCache"

Myth - "Enabling LargeSystemCache improves desktop/workstation performance."

Reality - "LargeSystemCache determines whether the system maintains a standard size or a large size file system cache, and influences how often the system writes changed pages to disk. Increasing the size of the file system cache generally improves file server performance, but it reduces the physical memory space available to applications and services. Similarly, writing system data less frequently minimizes use of the disk subsystem, but the changed pages occupy memory that might otherwise be used by applications. On workstations this increases paging and causes longer delays whenever you start a new app. Simply put enable this on a file server and disable it on everything else." - Source

"System cache mode is designed for use with Windows server products that act as servers. System cache mode is also designed for limited use with Windows XP, when you use Windows XP as a file server. This mode is not designed for everyday desktop use. When you enable System cache mode on a computer that uses Unified Memory Architecture (UMA)-based video hardware or an Accelerated Graphics Port (AGP), you may experience a severe and random decrease in performance. For example, this decrease in performance can include very slow system performance, stop errors, an inability to start the computer, devices or applications that do not load, and system instability. The drivers for these components consume a large part of the remaining application memory when they are initialized during startup. Also, in this scenario, the system may have insufficient RAM when the following conditions occur:

- Other drivers and desktop user services request additional resources.
- Desktop users transfer large files.

By default LargeSystemCache is disabled in Microsoft Windows XP." - Source


L2 Cache L2 Cache Neutral (SecondLevelDataCache)

[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\MemoryManagement] "SecondLevelDataCache"

Myth - "Adjusting the SecondLevelDataCache Registry value to match your CPU's L2 Cache size improves performance."

Reality - "SecondLevelDataCache records the size of the processor cache, also known as the secondary or L2 cache. If the value of this entry is 0, the system attempts to retrieve the L2 cache size from the Hardware Abstraction Layer (HAL) for the platform. If it fails, it uses a default L2 cache size of 256 KB. If the value of this entry is not 0, it uses this value as the L2 cache size. This entry is designed as a secondary source of cache size information for computers on which the HAL cannot detect the L2 cache. This is not related to the hardware; it is only useful for computers with direct-mapped L2 caches. Pentium II and later processors do not have direct- mapped L2 caches. SecondLevelDataCache can increase performance by approximately 2 percent in certain cases for older computers with ample memory (more than 64 MB) by scattering physical pages better in the address space so there are not so many L2 cache collisions. Setting SecondLevelDataCache to 256 KB rather than 2 MB (when the computer has a 2 MB L2 cache) would probably have about a 0.4% performance penalty." - Source - Source 2


Defrag NTFS is Fragmentation Free Negative

Myth - "The NTFS File system does not get fragmented and Defragmenters are unnecessary."

Reality - "Even though NTFS is more resistant to fragmentation than FAT, it can and does still fragment. The reason NTFS is less prone to fragmentation is that it makes intelligent choices about where to store file data on the disk. NTFS reserves space for the expansion of the Master File Table, reducing fragmentation of its structures. In contrast to FAT's first-come, first-served method, NTFS's method of writing files minimizes, but does not eliminate, the problem of file fragmentation on NTFS volumes." - Source


QoS QoS Neutral

Myth - "Disabling QoS will free up the 20% bandwidth reserved by QoS."

Reality - "There have been claims in various published technical articles and newsgroup postings that Windows XP always reserves 20 percent of the available bandwidth for QoS. These claims are incorrect. As in Windows 2000, programs can take advantage of QoS through the QoS APIs in Windows XP. 100% of the network bandwidth is available to be shared by all programs unless a program specifically requests priority bandwidth. This "reserved" bandwidth is still available to other programs unless the requesting program is sending data. By default, programs can reserve up to an aggregate bandwidth of 20% of the underlying link speed on each interface on an end computer. If the program that reserved the bandwidth is not sending sufficient data to use it, the unused part of the reserved bandwidth is available for other data flows on the same host."
- Microsoft Knowledge Base - Source


RAM RAM Optimizers/Defragmenters Negative

Myth - "Increasing the amount of available RAM using RAM Optimizers/Defragmenters improves performance."

Reality - "RAM Optimizers have no effect, and at worst, they seriously degrade performance. Although gaining more available memory might seem beneficial, it isn't. As RAM Optimizers force the available-memory counter up, they force other processes' data and code out of memory. Say that you're running Word, for example. As the optimizer forces the available-memory counter up, the text of open documents and the program code that was part of Word's working set before the optimization (and was therefore present in physical memory) must be reread from disk as you continue to edit your document. The act of allocating, then freeing a large amount of virtual memory might, as a conceivable side effect, lead to blocks of contiguous available memory. However, because virtual memory masks the layout of physical memory from processes, processes can't directly benefit from having virtual memory backed by contiguous physical memory. As processes execute and undergo working-set trimming and growth, their virtual-memory-to-physical-memory mappings will become fragmented despite the availability of contiguous memory."
- Mark Russinovich, Ph.D. Computer Engineering, Microsoft Technical Fellow - Source - Source 2


Clearmem Clearmem Negative

Myth - "Running Clearmem improves performance by freeing up memory."

Reality - "Microsoft's Clearmem, the memory-consuming test tool, is a simulation tool that lets developers measure the minimum working set for a process and to help system administrators isolate cache bottlenecks on servers. Clearmem was originally found on the Windows NT Resource Kit 4.0 CD and can now be found on the Windows Server 2003 Resource Kit. It allocates and references all available memory, consuming any inactive pages in the working sets of all processes (including the cache) and effectively clears the cache of all file data. As Clearmem increases its working set the working sets of all other processes are trimmed until they contain only pages currently being used and those most recently accessed. This reduces the performance of all running applications every time you run this by reducing their amount of available memory, forcing them to needlessly page and causing any cached file data to have to be reread from disk." - Source - Source 2


Microsoft RegClean RegClean Neutral Warning

Myth - "It is safe to use Microsoft's RegClean."

Reality - "The RegClean utility is no longer supported by Microsoft and has been removed from all Microsoft download sites. This was done for legitimate compatibility reasons with certain applications and Operating Systems. The RegClean utility was originally supplied with Microsoft Visual Basic version 4.0 for Windows. The last version of RegClean was 4.1a (build 7364.1) released on March 13, 1998 (RegClean.exe is dated December 30, 1997). During this time the latest Operating Systems were Windows 95 OSR2.1 and Windows NT 4.0. Windows 98 was not released until June 25, 1998. Compatibility with any Operating System besides Windows 95 and NT 4.0 was never substantiated, especially Windows XP. It is very dangerous to run a Registry Cleaner that was never certified to run on your Operating System since removing the wrong Registry Keys can break Applications and the Operating System. RegClean breaks functionality in the following Applications:

- Microsoft Access 2002 Standard Edition
- Microsoft Excel 2000 Standard Edition
- Microsoft FrontPage 2000 Standard Edition
- Microsoft Office 2000 Developer Edition
- Microsoft Office 2000 Premium Edition
- Microsoft Office 2000 Professional Edition
- Microsoft Office 2000 Small Business Edition
- Microsoft Office 2000 Standard Edition
- Microsoft Office Access 2003
- Microsoft Office Access 2007
- Microsoft Office Basic 2007
- Microsoft Office Basic Edition 2003
- Microsoft Office Enterprise 2007
- Microsoft Office Excel 2003
- Microsoft Office Excel 2007
- Microsoft Office FrontPage 2003
- Microsoft Office Home and Student 2007
- Microsoft Office InfoPath 2007
- Microsoft Office OneNote 2007
- Microsoft Office Outlook 2003
- Microsoft Office Outlook 2007
- Microsoft Office PowerPoint 2003
- Microsoft Office PowerPoint 2007
- Microsoft Office Professional 2007
- Microsoft Office Professional Edition 2003
- Microsoft Office Professional Plus 2007
- Microsoft Office Project Professional 2007
- Microsoft Office Project Standard 2007
- Microsoft Office Publisher 2003
- Microsoft Office Publisher 2007
- Microsoft Office SharePoint Designer 2007
- Microsoft Office Small Business Edition 2003
- Microsoft Office Standard 2007
- Microsoft Office Standard Edition 2003
- Microsoft Office Student and Teacher Edition 2003
- Microsoft Office Ultimate 2007
- Microsoft Office Visio Professional 2007
- Microsoft Office Visio Standard 2007
- Microsoft Office Word 2003
- Microsoft Office Word 2007
- Microsoft Office XP (Setup)
- Microsoft Outlook 2000 Standard Edition
- Microsoft PowerPoint 2000 Standard Edition
- Microsoft Visual InterDev 6.0 Standard Edition - Microsoft Knowledge Base - Source
- Microsoft Word 2000 Standard Edition
- Microsoft Windows Media Player - Microsoft Knowledge Base - Source - Source 2

"This issue occurs for any Microsoft Windows Installer product on which the program's installation state is set to Installed on First Use."
- Microsoft Knowledge Base - Source


Registry Cleaner Registry Cleaners Neutral

Myth - "Registry Cleaners improve performance."

Reality - "A few hundred kilobytes of unused keys and values causes no noticeable performance impact on system operation. Even if the registry was massively bloated there would be little impact on the performance of anything other than exhaustive searches."
- Mark Russinovich, Ph.D. Computer Engineering, Microsoft Technical Fellow - Source

Notes - "Registry Cleaners can fix problems associated with traces of applications left behind due to incomplete uninstalls. So it seems that Registry junk is a Windows fact of life and that Registry cleaners will continue to have a place in the anal-sysadmin's tool chest, at least until we're all running .NET applications that store their per-user settings in XML files - and then of course we'll need XML cleaners."
- Mark Russinovich, Ph.D. Computer Engineering, Microsoft Technical Fellow - Source


CPU Priority Set CPU Priority (Priority Tweak) Neutral

[HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl] "Win32PrioritySeparation"

Myth - "Setting this value to 26 gives a boost to the priority of foreground applications."

Reality - "This is one of the most useless tweaks since this is already the default and optimal setting in Windows XP. Thus you are changing nothing. The GUI control for this is built-in to Windows. Go to the Control Panel, System Icon, Advanced Tab, Performance - click Settings, Advanced Tab, Processor Scheduling - Programs is the default setting. Choosing the Programs option (26 Hexadecimal) will result in a smoother, faster response time for your foreground program (default and optimal). If you want a background task, such as a Backup utility, to run faster, choose the Background services option (18 Hexadecimal)." - Source

Myth - "Setting this value to 38 gives a boost to the priority of foreground applications."

Reality - "People are confusing the Hexadecimal and Decimal value settings of this Registry Key. By Default Windows XP already sets this value optimally to 26 Hexadecimal = 0x00000026 which is automatically translated to 38 Decimal = (38). This is shown as 0x00000026 (38) in this registry key. The Windows XP Registry Editor defaults to changing the Hexadecimal Value when you go to modify a Registry Key. The problems is it is commonly recommended to change this value to "38" with no mention of this being the Decimal value and instead the Hexadecimal Value is changed because it is the default. This makes the key show 0x00000038 (56). This is not one of this key's functional values and setting a bit field in Win32PrioritySeparation to values other than those shown in the table will result in the default option being selected (26 Hexadecimal). Thus this does absolutely nothing." - Source

Functional Values:
0x28 (0x29, 0x2A)
0x18 (0x19, 0x1A)
0x24 (0x14)
0x25
0x26 (Default and Optimal)
0x15
0x16

^ TOP

Security Myths

Cookies Cookies

Myth - "Cookies are Spyware."

Reality - "Cookies are not Spyware. It's grossly irresponsible for these Anti-Spyware companies to treat cookies like Spyware. REAL Spyware is malicious, machine-hijacking junk that throw pop-ups on your computer, resets your start page, and all sorts of other ugly tricks. A cookie is a text file that has some non-personal information what banner ads have shown on certain sites. That's it. Go ahead and open the cookie on your computer and you'll see it's harmless. Cookies are not Spyware, no matter how hard these Anti-Spyware companies try to make them out to be." - Source - Source 2 - Source 3

Notes - "Certain Cookies can still pose some privacy concerns and if you wish to remove them it will do no harm. The point is when you find many of these after running a standard Anti-Spyware scan you should not get excited that you are infected with malicious Spyware. You don't need anti-spyware software to get rid of these cookies, simply use these steps."


Limited User Accounts Limited User Accounts

Myth - "Limited User Accounts are a Realistic Security Solution."

Reality - "On a nonmanaged XP machine today, it isn't realistic to run without Administrator privileges. Unlike UNIX and UNIX-like systems such as Linux and Apple Computer's Mac OS X, Windows isn't very useable with a non-Administrator account, largely because so many applications are ignorant of rights and were written to work only with Administrator-level accounts. This is particularly problematic in a home environment, in which XP Home Edition's crippled Limited Account type, designed for children and less-technical users, is virtually useless. In Windows XP, the lame Run As option, virtually hidden under a right-click menu that typical users will never know about, is a poor substitute." - Source

"After you log on to a computer by using a Limited User Account, you may observe one or more of the following behaviors when you try to use a program that is not expressly designed for Windows XP.

- The program does not run.
- The program stops responding (hangs).
- You receive notification of run-time error 7 or run-time error 3446.
- The program does not recognize that a CD-ROM is in the CD-ROM drive.
- The program does not allow you to save files.
- The program does not allow you to open files.
- The program does not allow you to edit files.
- The program displays a blank error message.
- You cannot remove the program.
- You cannot open the Help file.

This behavior can occur because the Limited User Account prevents older programs from performing certain functions. Microsoft lists over 189 applications in this article alone that do not work right on a Limited User Account." - Source


Limited User Accounts Power User Accounts

Myth - "Power User Accounts are a Good Compromise Security Solution."

Reality - "Power User accounts allow the installation of software, including ActiveX controls and can easily be elevated to fully-privileged administrators. The lesson is that as an IT administrator you shouldn't fool yourself into thinking that the Power Users group is a secure compromise on the way to running as limited user."
- Mark Russinovich, Ph.D. Computer Engineering, Microsoft Technical Fellow - Source


Hosts File Hosts File

Myth - "Special AntiSpyware Hosts Files are necessary to prevent Spyware infections."

Reality - "Using Special AntiSpyware Hosts Files are a waste of time and leads to a false sense of security. Any Malware/Spyware can easily modify the Hosts File at will, even if it is set to Read-only. It is impossible to "lock-down" a Hosts File unless you are running as a limited user which makes using it in this case irrelevant anyway. Various Malware/Spyware uses the Hosts File to redirect your Web Browser to other sites. They can also redirect Windows to use a Hosts File that has nothing to do with the one you keep updating. The Hosts file is an archaic part of networking setups that was originally meant to be used on a LAN and was the legacy way to look up Domain Names on the ARPANET. It tells a PC the fixed numeric address of the internal server(s) so the PC doesn't have to go looking for them through all possible addresses. It can save time when "discovering" a LAN. I don't consider 1970's ARPANET technology useful against modern Malware/Spyware. When cleaning Malware/Spyware from a PC, it is much easier to check a clean Hosts File then one filled with thousands of lines of addresses. Considering how easily a Hosts File can be exploited, redirected and potentially block good sites, it is strongly recommended NOT to waste time using Special Hosts Files. Especially when proper Malware/Spyware protection can be achieved by simply using these steps, all without ever using a Hosts File."

127.0.0.1
"Special AntiSpyware Hosts Files attempt to associate a known safe, numeric address (127.0.0.1) with the names of sites or IP addresses you want to block. When the user or any process on the PC then tries to access a blocked site, it is instead directed to the safe location. It is simply impossible to update a Hosts file frequently enough since it is cheap and easy to purchase new domain names and move to new IP addresses. You also run into problems in accidentally blocking good sites since many sites share the same IP addresses with other sites using Shared IP Hosting. Also once a malicious site is shutdown, that IP Address then becomes free and can easily be acquired by another non-malicious site."

Large Hosts Files
"Large Hosts Files cause Internet related slowdowns due to DNS Client Server Caching. This negatively effects your browsing speed. AntiSpyware Hosts File authors irresponsibly recommend disabling the DNS Client Service to solve this problem. This is not a solution. The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated. This effectively reduces Internet Performance for sites you have previously visited and puts an unnecessary load on your ISP's DNS server." - Source

Notes - There is a much better solution for bad site blocking using SpywareBlaster which more intelligently use's Internet Explorer's built-in Zone Security settings and the registry. Mozilla/Firefox protection is also provided.

Notes - "IE has never implemented a specific DNS Pinning feature." - David Ross, Microsoft Security Engineer - Source


Insecure Spyware, Malware and Virus Security

Myth - "It is impossible or difficult to secure Windows XP from Spyware, Malware or Viruses."

Reality - "It is very easy to secure Windows XP, simply use Secure XP - A Windows XP Security Guide. To put it bluntly I simply do not get infected with anything. Keep in mind nothing can fully protect you from something you manually install." - Source


Really Hidden Files Really Hidden Files

Myth - "There are Really Hidden Files in Windows XP that are impossible to see."

Reality - "Any file can be seen in Windows XP once you change from the default view settings. Go to the Control Panel, Appearance and Themes, Folder Options, select Show hidden files and folders and uncheck Hide protected operating system files (Recommended). Protected operating system files also known as Super Hidden Files are by default hidden from view. They are critical system files that if deleted can cause various system problems." - Source - Source 2 - Source 3

Notes - It is possible to get infected by malicious programs known as "Rootkits" which can truly hide themselves from being viewed in Windows Explorer. These malicious programs can be detected using special scanners such as RootkitRevealer.


Vmyths Virus Hoaxes

Myth - "All Email Virus warnings are real."

Reality - "With the increase in the growth of viruses and Trojan programs, many computer users have turned to the Internet as a fast and easy tool to warn friends and co-workers of these threats. At the same time, there has also been a growth of virus hoax warnings. These warnings often describe fantastical or impossible virus or Trojan program characteristics, but appear to be real and forwarding these hoax warnings to friends and co-workers only perpetuates the problem. If you receive an Email that you suspect is a hoax, do not forward it to anyone and never open the attachments. Check in the Vmyths Hoax Database to confirm it is a hoax and delete the Email. If the Email originated from someone you know, send them an Email explaining the hoax." - Source


US-CERT Vulnerabilities

Myth - "The Windows Platform has more Security Vulnerabilities than the Linux/Unix Platform."

Reality - "Between January 2005 and December 2005 there were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities" - Source

Notes - Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

Reality - "The Linux Kernel v2.6.x has had 231 Vulnerabilities compared to 213 Vulnerabilities for Windows XP." - Source


Windows XP Firewall XP Firewall

Myth - "The Windows XP Firewall is not good enough because it lacks outbound filtering."

Reality - "I believe there are a lot of incorrect assumptions and outright myths about outbound filtering. I really like the Firewall in Windows XP Service Pack 2 (SP2). It is lightweight, centrally manageable, does the job well, is unobtrusive, and does something very critical: it protects the system at boot. That last one is crucial; we have seen many systems in the past get infected during boot even with a firewall turned on. Any outbound host-based firewall filtering in Windows XP is really just meaningless as a security feature in my opinion. True, it stops some malware, today, but only because current malware has not been written to circumvent it. There simply are not enough environments that implement outbound rules for the mass market malware authors to need to worry about it. In an interactive attack the attacker can circumvent outbound filters at will. To see how, consider this. Circumventing outbound host-based firewall filters can be accomplished in several ways, depending on the scenario of the actual attack. First, the vast majority of Windows XP users run as administrators, and any malware running as an administrator can disable the firewall entirely. Of course, even if the outbound filter requires interaction from the user to open a port, the malware can cause the user to be presented with a sufficiently enticing and comprehensible dialog, that explains that without clicking "Yes" they will not ever get to see the "dancing pigs". See, the problem is that when the user is running as an administrator, or the evil code runs as an administrator, there is a very good chance that either the user or the code will simply disable the protection. Of course, the user does not really see that dialog, because it is utterly meaningless to users. That is problem number one with outbound filtering. Given the choice between security and sufficiently enticing rewards, like "dancing pigs", the "dancing pigs" will win every time. If the malware can either directly or indirectly turn off the protection, it will do so. The second problem is that even if the user, for some inexplicable reason clicked "No. Bug me again" or if the evil code is running in using a low-privileged account, such as Network Service, the malware can easily step right around the firewall other ways. As long as the account the code is running as can open outbound connections on any port the evil code can simply use that port. Ah, but outbound Firewalls can limit outbound traffic on a particular port to specific process. Not a problem, we just piggy back on an existing process that is allowed. Only if the recipient of the traffic filters based on both source and destination port, and extremely few services do that, is this technique for bypassing the firewall meaningful. The key problem is that most people think outbound host-based firewall filtering will keep a compromised asset from attacking other assets. This is impossible. Putting protective measures on a compromised asset and asking it not to compromise any other assets simply does not work. Protection belongs on the asset you are trying to protect, not the one you are trying to protect against! Asking the bad guys not to steal stuff after they have already broken into your house is unlikely to be nearly as effective as keeping them from breaking into the house in the first place." - Source - Source 2

^ TOP

"Secret" Myths

There are various myths people incorrectly think are hidden Secrets, Easter eggs or bugs in Windows XP.

Folder 'CON' Folder

Myth - "Not being able to name a file or folder 'CON' is a bug or a secret"

Reality - "Several special file names are reserved by the system and cannot be used for files or folders: CON, AUX, COM1, COM2, COM3, COM4, LPT1, LPT2, LPT3, PRN, NUL. This goes back to DOS 1.0 which didn't support subdirectories, lowercase, or filenames longer than 8.3. 'CON' is a reserved word from the old DOS days, simply meaning 'console'. If you wanted to create a new text file in DOS you could type 'copy con newfile.txt' meaning copy from the console to newfile.txt. This would let you type some lines and when you ended the file you would have a file called newfile.txt containing whatever you wrote in the console. Since they are still relied on with things like batch files (redirect to >NUL) they are still reserved today." - Source - Source 2

Notes - This has nothing to do with the patched "DOS Device in Path Name" Vulnerability of Windows 95/98.


Notepad Notepad Phrases

Myth - "There are Secret phrases like "bush hid the facts" you can type into Notepad"

Reality - "Notepad makes a best guess of which encoding to use when confronted with certain short strings of characters that lack special prefixes. The encodings that do not have special prefixes and which are still supported by Notepad are the traditional ANSI encoding (i.e., "plain ASCII") and the Unicode (little-endian) encoding with no BOM. When faced with a file that lacks a special prefix, Notepad is forced to guess which of those two encodings the file actually uses. The function that does this work is IsTextUnicode, which studies a chunk of bytes and does some statistical analysis to come up with a guess. Sometimes it guesses wrong and displays random characters after you save and open the file. Any combination of characters in the same order 4-3-3-5 will cause the same problem: "Bill lie and cheat" "this app can break", "hhhh hhh hhh hhhhh", "this isa bug dummy" ect..." - Source - Source 2


Telnet Telnet Star Wars

Myth - "There is a hidden ASCII version of Star Wars in Windows"

Reality - "No hidden version of Star Wars exists in Windows. This version is accessed over the Internet using a program called Telnet. Telnet is a simple, text-based program that allows you to connect to another computer by using the Internet. While Telnet is included in Windows, the ASCII (text-based) version of Star Wars is not. Simply disconnecting or powering down your modem will prevent you from watching it. This is no different from watching a video file over the Internet but instead of using a web browser you are using the Telnet program. These text-based animations can be viewed online at ASCIIMATION.co.nz" - Source - Source 2

^ TOP

End

 

 

 

 

 

 

 




Special reviews and download files
Hold No Punches... by Rode
by Mark Rode

 

Free PC Tech

Copyright © The NOSPIN Group, Inc. 1991-2008.  All rights reserved.