Larry Osterman's WebLog

Confessions of an Old Fogey
Blog - Title

So why are applets so bad, anyway?

So why are applets so bad, anyway?

  • Comments 29

There's a simple answer to that question.  As I mentioned in the first post in this series, "It's my machine dagnabbit".  The simple answer is that applets consume resources that can be better used by by the customer.

At an absolute minimum, each applet process consumes a process (no duh - that was a stupid statement, Larry).  But you need to realize that each process on Windows consumes a significant amount of system resources - you can see this in Vista's taskmgr.

There are three columns that are interesting:  Working Set, Commit Size and Memory.  Commit Size is the amount of memory reserved for the process (so can be insanely large , Working Set  is the amount of physical memory that the process is currently consuming, and Memory is the amount of working set that's not being used by DLLs.

On my machine, to pick on two applets that I have running, you find:

  • FlashUtil9d.exe consuming 4.5M of working set, 1.3M of commitment and 760K of Memory
  • FwcMgmt.exe (the ISA firewall client) consuming 4M of working set, 1.6M of commitment and 300K of Memory

That 700K is real, physical RAM that's being actively used by the process (otherwise it would have been swapped out).  With multiple applets running, it adds up FAST.  On todays big machines, this isn't a big deal, but on a machine with less memory, it can be crippling.

 

In my last post, I categorized applets into 4 categories (updaters, tray notification handlers, helper applications and services).  In addition to the common issues mentioned above, each of these has its own special set of issues associated with it.

Updaters often to run all the time, even though they're only actually doing work once a day (or once a month).  That means that they consume resources all the time that they're active.  Adding insult to injury, on my machine at home, I have an updater that is manifested to require elevation (which means I get the "your app requires elevation" popup whenever it tries to run). 

Tray notification handlers also run all the time, and adding insult to injury, they clutter up the notification area.  The more items in the notification area, the less useful it is.  This is actually the primary justification for the "big 4" notification area items in Vista - people kept on finding that the 3rd party notification area icons crowded out functionality they wanted to access.  In addition, notification handlers seem to love popping up toast on the desktop, which often interrupts the user.  In addition, since tray handlers often run synchronously at startup, they delay system boot time.

Helper applications don't have any specific issues, from what I've seen.  They just consume resources when they're running.

Services are both good and bad.  Each Windows service has a start type which lets the system know what to do with the service on startup.  There are 3 relevant start types for most services: AutoStart, DemandStart and Disabled.  When a service is marked as AutoStart, it starts on every boot of the system, which degrades the system startup time.  In addition, because services often run in highly privileged accounts, the author of the service needs to take a great deal of care to ensure that they don't introduce security holes into the system.  Before Vista, high privileged services were notorious for popping up UI on the user's desktop, a practice so dangerous, it justified its own category of security threat ("shatter attacks").  In Vista, changes were made to eliminate classic shatter attacks for all subsequent versions of the OS, so fortunately this issue isn't as grave as it was in the past.

 

 

Tomorrow:  So how do you mitigate the damage that applets can cause?

  • This is a great series! I had an ex GF who installed an HP all-in-one printer, fax, and copier on her home machine and got so many process intensive craplets from that install that her machine was bogged down nearly to the point of not being usable and they were worse than a virus to try and get off of her machine. Any help you can give user and developers alike for keeping this ridiculousness in check is great in my book.

  • I think the flash one is not so bad. From what I've seen, it *usually* only starts up when you actually view a flash animation and *generally* shuts itself down when the flash is closed. That said, I have seen it hang around, even after exiting IE completely, so maybe there's some bug there. But of course, that's how it SHOULD work.

    HP is, in my opinion, horrible for installing tones of "helper" applications. We've got a couple of HP servers and work, and they install all these hardware "monitoring" and "management" applications. Just looking at one of the servers, it's got 9 (that's right, NINE) HP processes running, one of them has 256 threads and 20MB working set. On a server with 4GB of RAM, 20MB isn't much but NINE processes can't be good...

  • Rant time....  services, services, services.  It seems that Microsoft can't let a Windows install go without  running every possible service they think anyone could ever need.  If that isn't bad enough, Microsoft can't provide informative, descriptive,  text that explains what the individual services are, what they do, and what uses them so we can determine whether they can be turned off and take control of our own computers.  

  • Todd, one of my major missions in Vista was to block every single auto-start service that was proposed.

    From when I started working on it to when we shipped, there were a grand total of 2 autostart services added (I'm actually responsible for one of those).  And for those, we worked hard to get the footprint of that service to be as small as possible.

    And there is actually a fair amount of guidance associated with the services in Vista and what they do - information from before Vista was spotty, but for Vista, I think we've done a decent job of explaining what services do and what happens when they're disabled.

  • Great series.  I have an ** printer at home that when I installed its drivers, it installed a WEB SERVER written in JAVA to run its "management studio" or whatever it was called.  So not only did I have the bloat of a constantly-running java app and the massive java virtual machine, but I had an open port just waiting for incoming HTTP requests.  Thank goodness I was behind a router, I'd hate to think how many security vulnerabilites were in that.

    I trust Microsoft now to patch security vulnerabilities through WU.  I don't trust ** to release updates when vulnerabilities are discovered in their software.

    OTOH, I just bought an HP Photosmart C5180 All-In-One and just installed the bare drivers.  I get all the functionality and NO CRAPLETS! Not even a helper process that a previous HP All-In-One had.  Kudos to HP for getting it right this time.

  • My Vista version of taskmgr doesn't have a column labeled just Memory.  My best guess is that you are referring to Memory - Private Working Set?

    Can you elaborate on this: "Memory is the amount of working set that's not being used by DLLs" - if Vista knows this memory is not being used, does that mean it could do some sort of leak monitoring?

  • Great series, Larry.

    It occurred to me while reading this that perhaps one way to alleviate "updater" applets, and maybe others, is to provide some scheduling APIs that lets Windows run the updater on schedule. This way, they're only running when they need to be (e.g. once a month), thus saving resources.

    Is that feasible?

  • sean e: Yup, I'm referring to "Memory - Private Working Set".  

    This is a rough approximation (Landy will undoubtedly find many things I'm overgeneralizing here):

    The "working set" of a process is composed the number of pages for that process that are currently swapped in multiplied by the page size (to get a number that humans can deal with).

    Every page in a process is marked as either "shared" or "private" - shared pages are pages that will be mapped in more than one process, private pages are pages that are present only in the particular process.

    Since the pages that are contained in every DLL that's mapped into a processes' address space are shared by all the other processes that have mapped the DLL, they're considered to be "shared".

    Thus the "Memory - Private Working Set" counter is the number of pages used by a process that are only used by that process and no other.

    The "private working set" is a very good estimation of the actual impact of the process on your system.

    Judah: Wait until the post on mitigations for updaters (currently 2 posts from now).  There is absolutely a way to do what you suggest, and many updaters do that.

  • Great series, Larry.

    I make it a point to go through the registry's HKLM/Software/Microsoft/Windows/CurrentVersion/Run section (and the corresponding one for HKCU) every now and then and just delete anything I don't recognize. Hazardous? Not really. If I am unsure about something, Google usually tells me what it is.

    This keeps the number of craplets running to a minimum, and I feel like I'm keeping some measure of control over my PC. :)

  • Addendum: The worst craplet ever is ATi's Catalyst Control Center that comes along when you install ATi's graphics card drivers. It auto-installs itself in the desktop context menu, it uses a ton of resources and is DOG SLOW, even on a high-end machine. It uses some kind of heavy-footed skinning engine because apparently, some i**ot over at ATi thinks I am not capable of choosing a Windows theme that I like, so their app has to have their own look, which completely clashes with every other program.

    I seem to recall that you can get rid of the Catalyst craplet somehow, but not without losing access to some of the graphics card settings it provides.

    My Sound Blaster card also came with a gaudy, fully-skinned application with lots of animations, bells & whistles to configure the card. However, the installer also included a barebones "audio console" that didn't use any custom skins or jazzy UI widgets whatsoever. Guess which one I use? Kudos to Creative for getting that one right.

  • > FwcMgmt.exe (the ISA firewall client) consuming 4M of

    > working set, 1.6M of commitment and 300K of Memory

    That looks like a typical degree of bloatware, but that is an applet that you *want*, is it not?  If I had a complaint about that program, it would be in the category of bloatware but surely not in the category of "so bad" an applet.

    > each applet process consumes a process

    Yeah, it's too bad that processes are still so expensive.  Combining crapthreads into a single process lets a bug in one crapthread walk all over the other threads, in almost the same manner as some discontinued OSes allowed a bug in any program to walk all over the kernel.  It would be better if processes were cheap enough to let each Explorer craplet run in its own process and let each service run in its own process.

  • Some of the "shared" (non-MEM_PRIVATE) pages might actually be mapped only in this particular process (private DLLs, memory mapped files etc), so they should be counted as private pages when measuring memory impact.

    As far as I know, the only way to figure out which pages are actually shared vs. potentially shareable is to query working set information from the OS (QueryWorkingSetEx) and this is a relatively expensive operation, so task manager doesn't do this. Process Explorer shows private/shared/shareable WS counters on the performance property page.

  • I'd like to nominate another candidate for worst applet ever. PhiBtn.exe is an applet installed by the drivers for Phillips webcams that simply monitors the webcam to see if the snapshot button on the camera has been pressed. It consumes over 2Mb of actual RAM, and leaks 3 registry key handles every second, so it's not just sitting idle.

  • My work IBM Thinkpad (purchased last year) has 512Mb of RAM, and all the pre-loaded IBM ThinkVantage software, anti virus and mobile connection software means that after booting and log on, the Commit Charge is just short of 500Mb.

    Nice.

  • I've recently been swapping between many wireless networks that don't have DHCP installed (for various reasons).  My 'solution' at the moment is a batch file that auto-detects the SSID the card is connected to and runs a bunch of netsh commands.  I have a hotkey to launch the script, but sometimes I forget, and wonder why the network doesn't work.

    The point of this post is: One way to fix this would be to write a craptlet that detects when the network configuration changes and automatically launches the script, but that's one more crapplet.  If Vista had up/down scripts like linux, then I could just hook into those, but no hooks means one more craplet.

Page 1 of 2 (29 items) 12