Johann's Blog
Johann's Blog

Whatever I want to share
Rating 0
2 Pages V   1 2 >
Entries on 13-December 10

Hackers Steal Mcdonald's Customer Data

Posted by Johann, 13 Dec 2010, 09:03 AM

McDonald's is working with law enforcement authorities after malicious hackers broke into another company's databases and stole information about an undetermined number of the fast food chain's customers. McDonald's has also alerted potentially affected customers via e-mail and through a message on its website.

"We have been informed by one of our long-time business partners, Arc Worldwide, that limited customer information collected in connection with certain McDonald's websites and promotions was obtained by an unauthorized third party," a McDonald's spokeswoman said via e-mail on Saturday.

McDonald's hired Arc to develop and coordinate the distribution of promotional e-mail messages, and Arc in turn relied on an unidentified e-mail company to manage the customer information database. This e-mail company's systems were hacked into.

Is Personal Privacy A Lost Cause?

Posted by Johann, 13 Dec 2010, 09:00 AM


THE answer is not as far as the law is concerned. Legislators and courts are tackling privacy issues with vigour. Yet the unstoppable advances in technology, media and communications which stir up so much social agitation about privacy also highlight the law's limitations.

The law has recognised that every man's home is his castle, a refuge from the world, since the 1600s. Step outside into the public arena and everything changes, the more so as the world goes virtual. Celebrities may target media entities, persuade courts that there is a human right to privacy even in public, get injunctions or damages and large awards of legal costs. But who can stop a fan with a mobile phone?
Advertisement: Story continues below

The law has protected confidences ever since Prince Albert sued to protect Queen Victoria's family etchings. Fast forward more than 100 years and now it is "relationship" videos or photographs that people want to keep private, from their own circle or from magazines, websites, or YouTube.

Even when the law recognises privacy as a value worth protecting, it is not an absolute value to be protected at all costs. Not everyone is entitled to it. Some may forgo it. Privacy must compete with fundamental features of a democratic society such as the open and transparent administration of justice and government, freedom of expression and the freedom of the press. WikiLeaks is not about privacy - it is about how governments juggle transparency and accountability with security and diplomacy. The safety or health of the community might trump individual rights. The law, and those who live under it, like the media, have to judge what is the right balance.

Having a law against something cannot prevent people flouting it, finding a loophole or creatively setting up a whole new order, like the internet, that makes old laws appear at best limited and at worst useless. While once the power of public communication may have been in the hands of a privileged few, who could be targeted by the law, every individual with a mobile phone is now a publisher to the world. A photograph, the most powerful, concise and probative form of information, can be communicated in seconds. Privacy can be lost in seconds.

Yet we don't give up on having a law against theft just because thefts keep happening. Privacy is worth fighting for, but the hardest question in any law of privacy is where the boundary between private and public should lie, and that boundary is being continually redrawn.

Barbara McDonald is a professor of law at the University of Sydney and co-author of Celebrity and the Law (Federation Press, 2010).


Privacy isn't a lost cause: the main question is how to protect it.

The powerful Privacy Committee, which I headed from 1975 to 1982, was one of the first in the world. Government gave us wide powers to investigate, thinking the culprits were in the private sector, but it soon became evident that, because of its many functions, government was the main invader. Politicians soon regretted the powers they granted.

We based our approach not on giving rights, but by avoiding the need for such rights. We did this by publicising how previously secret systems worked and ensuring that those responsible for them acknowledged their inevitable mistakes. It was agreed that individuals should be offered the opportunity for a personal discussion in which reasons were explained and errors corrected. This flexible, non-confrontational approach worked well, particularly in areas such as credit bureaus, police criminal histories and hospital records.

Our philosophy became: privacy is best protected by flexible guidelines, monitored by an informed and concerned public, and aided by a vigilant permanent watchdog.

The balancing of privacy with other community interests is not a static thing, since it changes over time and geographically.

Politicians, however, believe all society's problems can be solved by legislation. Therefore they pass confrontational, complex, inflexible privacy laws that do not keep up to date, rarely anticipate the problem, and often run roughshod over established, commonsense practices, causing more problems than they solve.

How many people are reassured by the privacy statements telling you that your information will only be disclosed "as authorised by law"? How reassured would they be to know that myriad bodies are so "authorised", when it is not known whom or how many are so authorised?

If we are to remain a vibrant society of confident individuals, personal privacy is fundamental. We must be eternally vigilant, act courageously, and ensure we remain individuals and never become mere "ciphers". The public, and the watchdog, must never sleep.

Bill Orme was head of Australia's first statutory privacy body and is a community activist lawyer.


PRIVACY is about human dignity. It is not about secrecy, but about preserving our sense of self. We all need private time and private space in which to reflect, share intimacies, express joy or grief, or just go about our daily lives.

Even public figures - regardless of whether they choose a public life - deserve the freedom to work out at the gym, take a shower or seek medical treatment, without the fear of exposure that can bring ridicule or humiliation.

Privacy is also about what we choose to share of ourselves. What you tell your work colleagues may be very different from what you reveal to your GP or your partner. What better example do we have of modern privacy in action than social networking sites, on which members actively construct their identities, by choosing what about themselves they reveal to their friends, to friends of friends, and to the world at large? You may question whether these choices are always well-informed or wise, but they are choices nonetheless.

Privacy must of course be held in balance with other public interests, but I don't believe that we must necessarily trade our privacy in exchange for more security, or better healthcare, or the benefits of technology. The protection of privacy is often essential to securing other public benefits.

For example, research has shown that many people will avoid seeking medical treatment if they believe their privacy will not be respected - especially teenagers, and adults with sexual health, mental health or substance abuse concerns. Both public and individual health outcomes are best served when privacy controls are robust and trusted. As we await the introduction of shared electronic health records, the Facebook generation will expect finely calibrated personal controls over who can see what of their health information. The expected public health benefits of shared e-health records depend on high levels of participation, and therefore public trust in the way privacy will be protected.

Privacy is a value which enables each of us some choice or control over how our personal information is used, and how our behaviour or communications are monitored. It is as relevant today - in this age of social media, e-health records and celebrity gossip mags - as it ever was.

Anna Johnston is director of Salinger Privacy. She was previously deputy privacy commissioner of NSW.


I HAD a call from a newspaper journalist last week who had heard a rumour I was about to blow the lid on the tawdry past of a certain cricket star's wife. Apparently I'd hired a computer hacker; a trained "Facebook specialist" with the ability to recover profiles well after they had been taken down. As such, I was in possession of some hot photos which the couple were nervously expecting to see in Woman's Day.

I had a chuckle to myself during that call - I just love that the Gen Y's in my office are gaining reputations as genius codebreakers! It was no accident though. I didn't hire them for their spelling, that's for sure; it's their Facebook-keeping skills I need.

The reporter was right, I am in possession of some information on the cricketer's wife, but it didn't take an ASIO spy to uncover it. One of my "hackers" took about 20 minutes trawling social networking sites to find it. The cricketer's wife had taken down her profile but by getting in quickly and contacting her friends, we had a good starting point.

But the question here isn't whether a celebrity or even a celebrity's wife or partner can expect to achieve privacy - that's a no-brainer. Human curiosity means celebrities will never achieve privacy and nor should they expect it. In one hand you have fame, in the other privacy. It's a tradeoff, and it's why I suspect so many celebrities tweet; they have accepted they are public property and they are happily running with it.

The question is whether privacy, in its purest, en masse form, is a lost cause altogether. Again, I have only to look to my hackers for the answer. I can think of only a handful of occasions where I've asked my staff to track down someone and they haven't been able to do it. One was just this week and when I demanded to know why we couldn't find the missing piece of our latest amazing crime story, my news editor meekly replied, "It turns out she's in witness protection."

As a frustrated young cadet journalist scanning electoral rolls and knocking on one door after another until I had the right "Andrew Smith" or "John Jones", I might have argued that people who want to remain anonymous easily could. But now that we facebook, tweet, join forums, email and blog - and in doing so can get closer and quicker to anyone in the world - it's not just celebrities faced with a tradeoff, it's all of us. If we want the best of the world's communications, we can wave goodbye to privacy.

Exim Code-execution Bug Overlooked For 2 Years, Now With Root Access

Posted by Johann, 13 Dec 2010, 08:59 AM

Exim maintainers have warned of an in-the-wild attack that allowed the miscreants to execute malicious code with unfettered system privileges by exploiting a bug in older versions of the open-source mail transfer agent.

The memory-corruption vulnerability resides in Exim 4.69 and earlier versions, and already has been used in at least one attack to completely root an enterprise server, according to this account. Security pros have sounded the alarm because the vulnerability is remotely exploitable and is already being used maliciously. What's more, attack code has also been added to the Metasploit exploitation kit, making it easy for others to reproduce the attack.

“It doesn't get much worse than remote code execution as root,” said Dan Rosenberg, a security consultant for Virtual Security Research. “You can just run your exploit on the network and execute code. You don't need any user interaction.” Maintainers for the Debian and Red Hat distributions of Linux have already issued patches, and their counterparts for other distributions are sure to follow soon. The most reliable fix is to update to version 4.7.

Dutch Anonymous Ddoser Gets Pwned And Owned

Posted by Johann, 13 Dec 2010, 08:57 AM

A cyber activist linked to Anonymous has been arrested after failing to mask the IP address of his computer while executing DDoS attacks against the Dutch Police and national prosecutor's office.

"Awinee" allegedly carried out the digital offensive in retaliation for the recent detention of a 16-year-old Dutch boy accused of participating in pro-WikiLeaks attacks against a number of websites, including MasterCard and PayPal.

"From behind his computer, [Awinee] used hacker software to flood the website of the prosecutor's office with as much digital traffic as possible," Dutch security officials explained in an official statement.

Anonymous DDoSer gets pwned and owned"Investigations by the National Police Services Agency showed that the man [also] urged other Internet users to participate in the attack."

In addition, prosecutors claim Awinee participated in an earlier DDoS strike against - which terminated its controversial relationship with WikiLeaks in August.

"[Of course], not hiding the IP address of [your] computer involved [in DDoS attacks] makes it easy for high-tech crime cops to identify where the attack [is] coming from. That's [obviously] a pretty silly mistake to make if you're going to attack the website of your country's national prosecutor," said Sophos security expert Graham Cluley.

"[So], even if you feel strongly that WikiLeaks is being persecuted or abandoned by online companies think very carefully before volunteering your PC and engaging in a DDoS attack. After all, it could be that the police are knocking on your door next."

How To Get Secret Service Grade Security

Posted by Johann, 13 Dec 2010, 08:47 AM

You could be forgiven for thinking that spying is all about midnight parachute drops, Aston Martins and vodka martinis – shaken, not stirred. However, when you strip away all the fiction, spying can be reduced to one word: information.

Espionage is all about acquiring information, keeping it safe and transferring it securely. This makes spies and spying a valuable learning ground for anybody who takes PC and internet security seriously.

In this age of high-speed broadband and information overload, you might expect setting up a secure communications channel to be easy. You'd be wrong. Just look at the Russian agents – coyly dubbed 'illegals' by the FBI – who were unmasked in America this summer.

They all had rock-solid cover stories, wads of cash at their disposal and access to cutting-edge spy technology, yet they were unable to keep their messages safe from American counter-espionage teams. We can all become safer surfers by understanding the techniques and, more importantly, the errors made by real life spies.

Ciphers, for example, have been the mainstay of espionage for centuries. A cipher makes information useless unless you know how it works.

When in Rome

Julius Caesar is often cited as the first to use a mathematically-based system of obfuscation. His cipher system was simple: each letter in the alphabet was shifted forward a fixed number of places. A Caesar shift of three would turn 'A' into 'D' and 'PC Plus magazine' into 'SF SOXV PDJDCLQH'.

Even in Caesar's day, such a cipher probably wouldn't fox many people for long. Such shifts can now be solved in the blink of an eye, but that doesn't mean ciphers should be discounted. Indeed, modern ciphers have evolved to a point where they would take so long to solve that it's not practical to break them.


Practically speaking, we should all use ciphers to encrypt sensitive data. A good choice for field agents is the free, open source TrueCrypt for Windows and Linux machines. This package uses some of the strongest freely available encryption algorithms, such as AES-256, the 448-bit Blowfish, CAST5 and Triple DES.

To give you an idea of its resilience, hard drives protected by TrueCrypt and belonging to jailed Brazilian banker Daniel Dantas were handed to the FBI for decryption in 2009. After four months of subjecting the software to intense attacks, the FBI gave up and returned the drives.

TrueCrypt isn't just useful for creating a virtual encrypted disc on your computer; it can also protect portable drives. This makes it ideal for 'brush passes' – a way of quickly handing over information as one spy walks past another in a public place. The process used to involve microfilm, but now a high-capacity USB key is the preferred medium – possibly why the FBI also calls brush passes 'flash meetings'.

A TrueCrypt USB drive has several layers of security. When set up properly, a TrueCrypt partition appears to consist of random data. Even if someone forces you to reveal the password (damn Jack Bauer and his rusty pliers!), you can create a partition to include a further hidden volume, or even an entire hidden operating system, containing sensitive information.

Take care when encrypting your files though, warns Steven Bellovin, Professor of Computer Science at Columbia University in New York. "Commercial cryptography software is so difficult to use that even experts find it challenging," he says. "Even really sophisticated people can get some subtle things wrong, and newcomers are likely to get a lot more wrong." Such as leaving the password for your encryption system written on a piece of paper at home for the FBI to discover, as demonstrated by clumsy illegal Richard Murphy.

Wireless networks

Even brief physical interaction has risks. If either spy is under surveillance, they risk exposing more of their network. A 21st century twist on the brush pass, then, is the wireless flash meet.

In New York, Anna Chapman, one of the Russian illegals, would hang out at a cafe or book shop with a laptop and create an ad-hoc Wi-Fi network: a private hotspot that requires neither a router nor an internet connection. A Russian government official carrying a smartphone would then approach the vicinity, join the network and exchange data as zip files. The spy handler never entered the building, and once completed the meeting while driving past in a minivan.

Wireless networks have their own problems, though. All wireless devices have a unique registration number, or Media Access Control (MAC) address, which is broadcast during a Wi-Fi data transfer. In the case of Anna Chapman, US law enforcement agents were able to divine her laptop's MAC address. This enabled them draw up a charge sheet showing that she'd visited certain places and joined ad-hoc networks, and sniff packets sent from her laptop in busy public network areas such as coffee shops.

If you're paranoid, you could change your network adaptor's MAC address. The 12-digit hexadecimal code is sometimes stored in an EPROM, which can be altered. Poke around the internet and you'll also find programs that enable you to spoof MAC addresses.

What can we learn from all this? Never, under any circumstances, send anything of importance over a public network. There are too many points of failure: the passage of data between your laptop and the network's access point, the access point itself, and the traffic between the access point and the internet.

o Wi-Fi is iffy – what about the phone? Sadly, no self-respecting spy should consider it. In the UK, the Regulation of Investigatory Power Act (RIPA) and the Data Retention Directive force phone companies to keep records of calls and texts for a year, and give wire-tapping rights to dozens of government departments.

In the US, the Windows-based DCS-5000 system combines point-and-click monitoring of voice calls with location-tracking via mobile phone towers, plus DVR-like recording and playback. It can be set up to eavesdrop and track any landline or mobile phone in the country within seconds.

Don't think you can rely on new smartphone security apps, either. Philip Zimmermann is a computer security guru and the creator of PGP (Pretty Good Privacy), the world's most widely used email encryption algorithm. He says, "Mobile phone encryption only works up until the point where it hands over to the voice network. At some point, there's a gateway between the data and voice parts of the phone network, where a wiretap becomes possible."

Using voice over IP (VoIP) services may be more secure, but Stephen Bellovin says it depends on which service you use: "A lot of VoIP products don't encrypt, even though it's in the [widely used] SIP standard. However, Skype uses very strong cryptography and the best thing is that people don't have to worry about it – it just works."


Zimmermann is more sceptical. "Skype encrypts, but we don't know how, so it's hard to evaluate the quality of the encryption," he told PC Plus. "I don't hear a lot of complaints from governments about their citizens using Skype. The oppressive governments around the world seem fairly happy with it." Which is as good a reason as any for spies to avoid it.

Zimmerman has his own solution: an open source voice and video encryption protocol called Zfone that works with SIP VoIP systems such as Google Talk and Apple iChat. When Zfone is running on two computers, they negotiate a strong encryption key in a peer-to-peer fashion. This means there are no public keys, certificate authorities or trust models. When the call ends, the key is destroyed. A new version of the (free) Zfone software will be released shortly.

Digital forest

Secure phone calls can be handy for arranging to meet 'the swift hawk by the silent pond at midnight' (pre-arranged pass-phrases help confirm who you're talking to), but they're less useful for passing on gigabytes of data. And if you're venturing into the digital world, the smart spy knows that the best place to hide a tree is in a forest.

Every day, three billion email accounts send and receive over 300 billion messages. Surprisingly, email is fairly secure according to Philip Zimmermann. "Even if you don't encrypt your mail, your mail server might encrypt it when it sends it to another mail server. The two servers can have an SSL (secure socket layer) connection between them – the same protocol your bank uses to communicate with your web browser."

You'll want to bump up security, perhaps with Zimmermann's own PGP, although this can be tricky to use. Hushmail removes the hassle, enabling you to send private emails via SSL to other Hushmail users – or even to normal email addresses using a question and answer combination.

"The best public scientific knowledge suggests that it would be impossible to decrypt our emails with current technology," explains Ben Cutler, CEO of Hush Communications. "However, it's likely that Hushmail messages have been intercepted by other means. For example, a customer doing human rights work in Eastern Europe reported certificate warnings when accessing our website. We determined that someone was trying to eavesdrop on the connection between his computer and Hushmail by proxying his computer's network traffic. Fortunately, he heeded the warning and avoided the attempt."

Of equal concern to secret agents should be Hushmail's willingness to deal with law enforcement. Hushmail has been forced on several occasions to hand over plain-text copies of emails, including those of US National Security Agency (NSA) whistleblower Thomas Drake. Ironically, Drake was intending to show reporters details of two failed NSA programmes, code-named Trail Blazer and Thin Thread, designed to check billions of phone calls, emails and chats for potential espionage and terrorist threats.

Another problem with encrypted emails is that they stick out like sore thumbs amid the sea of spam, automated messages and Facebook updates that comprise most email traffic. Professor Bellovin sums it up:

"If the FBI or MI6 see encrypted messages going from the US or the UK to known addresses in Moscow, they'll get suspicious and start investigating."

Hiding in plain sight

What a shy spy needs is a way of communicating with handlers without it even looking as though a message is being sent. And here's where things get really interesting, because the Russian illegals in America were all supplied with custom steganography software.

Steganography is the art of hiding not just the content of a message, but the existence of a message itself. The Russian software enabled the agents to insert a hidden file into an innocuous-looking image, such as a photo of Anna Chapman in a bikini. That image could then be attached to a normal, unencrypted email or even posted on a website for the world to see. Only its intended recipient would be able to extract and decrypt its payload.

However, image steganography has its limitations. Steganographic communication only works as long as no one suspects its existence, and sending a large batch of stolen documents could mean a conspicuous series of photos flying back and forth to Moscow.

Forward-thinking spies should consider network steganography, where secret data is concealed in the ebb and flow of data online.

Elzbieta Zielinska is a researcher in the Network Security Group at the Warsaw University of Technology. Her team has succeeded in using VoIP services to hide a stream of steganographic secrets. "We've tested it and proved it to work," says Zielinska. "You can modify the delays between packets so that certain packets are dropped at the receiver. This might escape the attention of the people talking, but those dropped packets can carry just about anything."

The Warsaw researchers have found ways to inject steganographic information into everyday web traffic, potentially turning Flickr and Facebook into ultra-secure data channels. They even have a system called HICCUPs (Hidden Communication System for Corrupted Networks) that can embed concealed files in Wi-Fi networks by modifying wireless packets' check sum data.

Underground video

Surely tinkering with individual packets results in glacially slow bit-rates? Not so, says Zielinska. "We came up with the idea of using steganography at the physical layer of an Ethernet network, where packets are often padded out with zeroes," she says. "Introducing network steganography here gives data rates sufficient for a decent quality MPEG-4 video stream. There are no limitations." If only that were true.

The truth is that all 'secure' communications systems have one major limitation: you and your fellow secret agents. Any encryption technology is only ever as strong as its weakest user.

As Steven Bellovin says, "You don't go through strong cryptography – you go around it. If I want to read someone's email, I'm not going to try to break strong cryptography, I'm going to hack into their desktop and wait until they decrypt it."

Cutler admits that Hushmail users are rarely as reliable as his algorithms. "We've had people getting their passphrases stolen by Trojan horse programs, installed by users who are unaware of what they are or by computer viruses," he says.

Philip Zimmerman agrees. "Once a computer is compromised, all bets are off," he says. "Spyware can capture keystrokes while you type your pass-phrase or decrypt your key and send it to the mother ship. As long as you're using general purpose computers that can be used to download games, open attachments and visit porn sites, you're going to have this problem."

There's only one thing for it. Spies like us – and the hapless Russian illegals – are just going to have to disconnect from the grid, unplug our computers, break out the invisible ink and start studying cipher books. The condor will see you at the queen's castle.

Entries on 11-December 10

Secret U.s. Space Plane May Be Too Mysterious

Posted by Johann, 11 Dec 2010, 07:45 AM

Transparency. Openness. International cooperation. These are some of the principles the United States should embrace in order to “safeguard U.S. satellites and protect space,” according to a new report from the Union of Concerned Scientists. Problem is, one of AmericaĘs latest and greatest space gizmos runs afoul of those noble ideas. With its secretive X-37B “space plane,” the United States has been anything but transparent, open and cooperative.

The Air Force launched the 29-foot-long, Boeing-built X-37 in April. Now six months into a potential nine-month deployment, the X-37 periodically changes orbits, frustrating amateur satellite-spotters. Similar to the Space Shuttle, only smaller and fully robotic, the highly maneuverable X-37 includes a payload bay that can accommodate, well, practically anything. “You can put sensors in there, satellites in there,” said Eric Sterner, from The Marshall Institute. “You could stick munitions in there, provided they exist.”

The X-37Ęs flexibility — “dual-use” is the technical term — itself could be a little alarming to other nations. Worse, the Air Force has declined to say exactly what X-37 is doing now and in the future. Gary Payton, Under Secretary of the Air Force for Space Programs, was as vague as possible in describing the botĘs mission. “Take a payload up, spend up to 270 days on orbit. TheyĘll run experiments to see if the new technology works.”

Nsa Worried Three Strikes Will Ramp Up Encryption

Posted by Johann, 11 Dec 2010, 07:40 AM

As we mentioned last week, France has started their government-funded effort to prop up the entertainment industry's inability to adapt to the broadband age. They're doing this via the ingenious practice of tracking, stalking and booting P2P users (and future content customers) off of the Internet. The system is expected to ramp up quickly, up to 150,000 IP-addresses per day -- so ISPs (at least those without one foot in the content arena) are justifiably worried about the added costs.

According to Techdirt, U.S. law enforcement is also opposed to France's plan, worried that such severe punishment of P2P users will ramp up encryption use and make surveillance all the more difficult. That could explain why we've yet to see implementation of a three strikes law in the U.S., despite the entertainment industry's heavy influence on Congress and presence within the DOJ.

Europe Tests Cyberwar Defenses In Simulation Exercise

Posted by Johann, 11 Dec 2010, 07:28 AM

European member states have tested their responsiveness to a cyberattack in a large-scale exercise that simulated attempts by hackers to paralyze critical online services. The aim of the test was to enhance understanding of how cyber-incidents are handled and test communication links and procedures in case of a real large-scale cyber incident.
European Union member states on Thursday ran their first-ever simulation of an EU-wide cyber war as a step toward setting up worldwide exercises, officials in Brussels said.

The defense of Internet systems shot up the international agenda in 2007, after pro-Russian hackers launched a large-scale attack on Estonian servers. Since then, governments around the world have invested hugely in setting up ever-tougher web defense systems.

In Thursday's exercise, codenamed "Cyber Europe 2010 Relevant Products/Services", experts from all 27 EU states plus Iceland, Norway and Switzerland faced "simulated attempts by hackers to paralyze critical online Relevant Products/Services services in several EU member states," a statement released in Brussels read.

"Today's exercise is due to be followed by more complex scenarios ultimately going from European to global Relevant Products/Services level," the statement read.

The exercise simulated a creeping attack on national Internet systems, with critical Web sites in each country gradually falling offline. Under such circumstances, each national defense system would have to cooperate with all the others to find ways of first bypassing, and then neutralizing, the attack.

The aim of the test was to "enhance member states' understanding of how cyber incidents are handled and test communication links and procedures in case of a real large-scale cyber incident."

The question of international cooperation on cyber-defense is occupying both the EU and NATO at present. The United States is pushing for NATO members to increase cyber-defense coordination.

Twenty-one of NATO's states are also EU members. European Commission spokesman Jonathan Todd said that Thursday's exercise had not been coordinated with the alliance, but stressed that future exercises could be more complex, with possible NATO involvement.

What's Inside Microsoft's Kinect, Anyway?

Posted by Johann, 11 Dec 2010, 07:27 AM

It's been a Kinect-filled few days and it's not going to stop today.

Just as new users were settling in to play with Microsoft's latest Xbox 360 accessory, i was tearing their unit apart. What? Someone's gotta do the dirty work around here.

This is slightly more interesting than most of the gadget teardowns iFixit does because there are not a lot of products like Kinect out there. When it comes to phones, netbooks, laptops and MP3 players, we know what it takes to put a device like that together. However, Kinect is a different story altogether. On Monday, we overheard one guy in line to buy Kinect telling someone, "I don't actually know how it works; I think it runs on magic actually. That sounds right," and we think a lot of people might be in the same boat. Maybe not to that extreme, but you'd probably like to know more about what's inside, right?

Well, here's what iFixit found:

* Four microphones -- a first, according to CEO Kyle Wiens. "We've taken apart binaural devices before, but this is our first quadaural sensor setup!"

* Two cameras (pictured).

* An IR transmitting diode.

* One fan. Wiens says that for a 12-watt device, Microsoft seems very paranoid about heat dissipation and blames this paranoia on the infamous red-ring-of-death problems that have plagued the 360. "This is a good thing for consumers, but we can't help but wonder if they've gone overboard in the cooling department," Kyle said.

* 64 MB of Hynix DDR2 SDRAM.

* A "tiny, diminutive, even" motor (pictured).

* A three-axis accelerometer.

* A Prime Sense PS1080-A2. "Kinect is based on Prime Sense's motion detection technology," explains Kyle. "This chip is the Kinect's brains —– all the sensors are wired into here for processing before transmitting a refined depth map and color image to the Xbox."

Analysis: Physx On Systems With Amd Graphics Cards

Posted by Johann, 11 Dec 2010, 07:23 AM

Rarely does an issue divide the gaming community like PhysX has. We go deep into explaining CPU- and GPU-based PhysX processing, run PhysX with a Radeon card from AMD, and put some of today's most misleading headlines about PhysX under our microscope.
The history and development of game physics is often compared to that of the motion picture. The comparison might be a bit exaggerated and arrogant, but thereĘs some truth to it. As 3D graphics have evolved to almost photo-realistic levels, the lack of truly realistic and dynamic environments is becoming increasingly noticeable. The better the games look, the more jarring they seem from their lack of realistic animations and movements.

When comparing early VGA games with today's popular titles, itĘs amazing how far weĘve come in 20 to 25 years. Instead of animated pixel sprites, we now measure graphics quality by looking at breathtaking natural occurrences like water, reflections, fog, smoke, and their movement and animation. Since all of these things are based on highly complex calculations, most game developers use so-called physics engines with prefabricated libraries containing, for example, character animations (ragdoll effects) or complex movements (vehicles, falling objects, water, and so on).

Of course, PhysX is not the only physics engine. Up until now, Havok has been used in many more games. But while both the 2008 edition Havok engine and the PhysX engine offer support for CPU-based physics calculations, PhysX is the only established platform in the game sector with support for faster GPU-based calculations as well.

This is where our current dilemma begins. There is only one official way to take advantage of PhysX (with Nvidia-based graphics cards) but two GPU manufacturers. This creates a potential for conflict, or at least enough for a bunch of press releases and headlines. Like the rest of the gaming community, weĘre hoping that things pan out into open standards and sensible solutions. But as long as the gaming industry is stuck with the current situation, we simply have to make the most of whatĘs supported universally by publishers: CPU-based physics.


Why did we write this article? You might see warring news and articles on this topic, but we want to shine some light on the details of recent developments, especially for those without any knowledge of programming. Therefore, we will have to simplify and skip a few things. On the following pages, weĘll inquire whether and to what extent Nvidia is probably limiting PhysX CPU performance in favor of its own GPU-powered solutions, whether CPU-based PhysX is multi-thread-capable (which would make it competitive), and finally whether all physics calculations really can be implemented on GPU-based PhysX as easily and with as many benefits as Nvidia claims.

Additionally, we will describe how to enable a clever tweak that lets users with AMD graphics cards use Nvidia-based secondary boards as dedicated PhysX cards. We are interested in the best combination of different cards and what slots to use for each of them.

We used a new test system for this article, since it supports up to quad-GPU graphics, an overclockable CPU, huge amounts of memory, and a powerful PSU.
AMD Phenom II X6 1090T (Thuban) @ 4.0 GHz
Prolimatech Megahalems + Noiseblocker Multiframe M12-PS
16 GB Kingston HyperX 1600 CL9
Hard drive
Super Talent Ultradrive GX2 (System), 1 TB Western Digital Caviar Blue (Programs)
Aerocool V12XT, 800 Watt
SilverStone Raven RV02
Zalman Fan Control for 1 x Noiseblocker Multiframe S3 120mm and 3 x Silverstone 180 mm
Windows 7 Ultimate x64

This configuration fares well by modern gaming standards and should stay suitable for heavy 3D gaming into the near future.

Relevance of the CPU PhysX solution

LetĘs first examine the fact that Nvidia currently only allows GPU-accelerated PhysX on its own graphics cards, thus forcing everyone else to calculate the PhysX instructions implemented in games using the CPU. The result for non-Nvidia gamers is usually an unplayable game when you turn PhysX on without a GeForce card installed. Obviously, the goal of this article is not to judge business decisions, but rather to understand the lack of performance experienced on systems not equipped with Nvidia graphics cards.

Why is CPU PhysX so much slower than GPU PhysX in modern games?

Assuming that a calculation can be parallelized, a GPU with its multiple shader units is faster than a conventional CPU with two, three, four, or even six cores. According to Nvidia, physics calculations are two to four times faster on GPUs than CPUs. ThatĘs just half of the truth, though, because there are no physics features that couldnĘt be implemented solely on the CPU. Quite often, games use a combined CPU + GPU approach, with the highly parallelizable calculation,s such as particle effects, performed by the GPU and the more static, non-parallelizable calculations, such as ragdolls, performed by the CPU. This is the case in Sacred 2, for example. In theory, the ratio of highly parallelizable calculations should in many cases be too low to really take noticeable advantage of the immense GPU speed.

But then why is the difference often so drastic in practice?

There are at least two reasons for this. The first one is that, in almost all of the games tested, CPU-based PhysX uses just a single thread, regardless of how many cores are available. The second one is that Nvidia seems to be intentionally not optimizing the CPU calculations in order to make the GPU solution look better. WeĘll have to investigate multithreading at a later time with a suitable battery of benchmarks. Right now, we want to explore Nvidia deliberately leaving its code in a state where CPUs just canĘt compete with GPUs.

CPU PhysX and Old Commands

In an interesting article by David Kanter at Real World Technologies, he explored using IntelĘs VTune to analyze CPU-based PhysX. Looking at the results, he found loads of x87 instructions and x87 micro operations.

* Explanation: x87 is a small part of the x86 architectureĘs instruction set used for floating point calculations. It is a so-called instruction set extension, a hardware implementation providing essential elements for solving common numerical tasks faster (sine and cosine calculations, for example). Since the introduction of the SSE2 instruction set, the x87 extension has lost much of its former importance. However, for calculations requiring a mantissa of 64 bits, only possible with the 80-bit wide x87 registers, x87 remains important.

David speculated that optimizing PhysX code using the more modern and faster SSE2 instruction set extension instead of x87 might make it run more efficiently. His assessment hinted at 1.3 to 2 times better performance. He also carefully noted that Nvidia would have nothing to gain from such optimizations, considering the companyĘs focus on people using its GPUs.

We reconstructed these findings using Mafia II instead of Cryostasis, and switching back to our old Intel-based test rig, since VTune unfortunately could/would not work with our AMD CPU.


Our own measurements fully confirm Kanter's results. However, the predicted performance increase from merely changing the compiler options is smaller than the headlines from SemiAccurate might indicate. Testing with the Bullet Benchmark only showed a difference of 10% to 20% between the x87- and SSE2-compiled files. This might seem like a big increase on paper, but in practice itĘs rather marginal, especially if PhysX only runs on one CPU core. If the game wasnĘt playable before, this little performance boost isnĘt going to change much.

Nvidia wants to give a certain impression by enabling the SSE2 setting by default in its SDK 3.0. But ultimately itĘs still up to developers to decide how and to what extent SSE2 will be used. The story above shows that thereĘs still potential for performance improvements, but also that some news headlines are a bit sensationalistic. Still, even after putting things in perspective, itĘs obvious that Nvidia is making a business decision here, rather than doing what would be best for performance overall.

Does CPU PhysX Really Not Support Multiple Cores?

Our next problem is that, in almost all previous benchmarks, only one CPU core has really been used for PhysX in the absence of GPU hardware acceleration--or so some say. Again, this seems like somewhat of a contradiction given our measurements of fairly good CPU-based PhysX scaling in Metro 2033 benchmarks.
Graphics card
GeForce GTX 480 1.5 GB
Dedicated PhysX card
GeForce GTX 285 1 GB
Graphic drivers
GeForce 258.96

First, we measure CPU core utilization. We switch to DirectX 11 mode with its multi-threading support to get a real picture of performance. The top section of the graph below shows that CPU cores are rather evenly utilized when extended physics is deactivated.

In order to widen the bottleneck effect of the graphics card, we start out with a resolution of just 1280x1024. The less the graphics card acts as a limiting factor, the better the game scales with more cores. This would change with the DirectX 9 mode, as it limits the scaling to two CPU cores.

We notice a small increase in CPU utilization when activating GPU-based PhysX because the graphics card needs to be supplied with data for calculations. However, the increase is much larger with CPU-based PhysX activated, indicating a fairly successful parallelization implementation by the developers.

Looking at Metro 2033, we also see that a reasonable use of PhysX effects is playable, even if no PhysX acceleration is available. This is because Metro 2033 is mostly limited by the main graphics card and its 3D performance, rather than added PhysX effects. There is one exception, though: the simultaneous explosions of several bombs. In this case, the CPU suffers from serious frame rate drops, although the game is still playable. Most people wonĘt want to play at such low resolutions, so we switched to the other extreme.

Performing these benchmarks with a powerful main graphics card and a dedicated PhysX card was a deliberate choice, given that a single Nvidia card normally suffers from some performance penalties with GPU-based PhysX enabled. Things would get quite bad in this already-GPU-constrained game. In this case, the difference between CPU-based PhysX on a fast six-core processor with well-implemented multi-threading and a single GPU is almost zero.


Contrary to some headlines, the Nvidia PhysX SDK actually offers multi-core support for CPUs. When used correctly, it even comes dangerously close to the performance of a single-card, GPU-based solution. Despite this, however, there's still a catch. PhysX automatically handles thread distribution, moving the load away from the CPU and onto the GPU when a compatible graphics card is active. Game developers need to shift some of the load back to the CPU.

Why does this so rarely happen?

The effort and expenditure required to implement coding changes obviously works as a deterrent. We still think that developers should be honest and openly admit this, though. Studying certain games (with a certain logo in the credits) begs the question of whether this additional expense was spared for commercial or marketing reasons. On one hand, Nvidia has a duty to developers, helping them integrate compelling effects that gamers will be able to enjoy that might not have made it into the game otherwise. On the other hand, Nvidia wants to prevent (and with good reason) prejudices from getting out of hand. According to Nvidia, SDK 3.0 already offers these capabilities, so we look forward to seeing developers implement them.

Preface to the PhysX Hybrid Solution

We devote this part of the article to those who use a Radeon as their main graphics card, but still want to enjoy hardware-accelerated PhysX. As of this writing, our methods here work just fine. Refer to the links below, however, because as Nvidia releases new driver updates, new versions of this hybrid solution tweak will have to be released as well.

This dodgy game with Nvidia unfortunately only has one losing side: the users. It makes commercial sense for Nvidia to exclude its competitors through driver limitations, but the companyĘs economic welfare might not be the biggest concern for AMD users who desire the admittedly impressive benefit of PhysX.

System Requirements
Windows 7 x86 or x64
PhysX-Enabled Graphics Card
GeForce 8800 GTS 512, 9600 GT, 9800 GTX, GT 240, GTS 250, GTX 260, GTX 285, GTX 460, GTX 470, or GTX 480
GeForce Driver Version
At least one free PCIe x4 slot

A primary graphics card has to be used as the image output device. With version 1.04ff of the tweak, the dedicated PhysX graphics card no longer needs to be connected to a monitor. Among other benefits, this frees more resources for physics calculations. The graphics card does not have to be SLI-capable, but check your PSU to confirm that it can output sufficient power.

The Software

You can get the latest tweak from Download and information. The necessary drivers and PhysX downloads are offered by the respective manufacturersĘ Web sites. We haven't offered a direct link to the tweak for two reasons: the continuous driver updates will make the link obsolete, and we respect the work of the developers enough to link to the original source.

The Installation

The procedure:

* Shut down the computer and unplug the power
* Plug in the Nvidia card that will be used for PhysX
* Start up your computer
* Install the appropriate drivers from Nvidia and AMD
* Check and install the appropriate version of PhysX (see the list)
* Download the appropriate version of the tweak (Windows 7, 32- or 64-bit)
* Extract the files from the RAR archive
* Run the tweak as Administrator (right-click the file and choose “Run as Administrator”)
* Reboot your computer

Switching modes via the CMD file:

* The relevant files are in the subdirectory
* Run the desired function as Administrator

ThatĘs it. You can now test PhysX with GPU-Z or Fluidmark. Enjoy running PhysX and AMD Radeon cards at the same time! Even if the overhead and additional power requirements are somewhat disturbing, it's quite worth it.

Important Notice

Every time you install a new version of the graphics driver or PhysX, you will have to apply the tweak again. Only the currently-tested version is compatible. We take no responsibility for any overload of components or the future operation of the tweak. This is a guide, not a recommendation.

Test Sequence and Combinations

We start by combining our test subjects and benchmarking them in the following configurations:

* AMD main graphics card + GPU PhysX (Nvidia card)
* Nvidia main graphics card + GPU PhysX (Nvidia card)
* A single graphics card running GPU-based PhysX
* CPU-based PhysX

Instead of using the games Metro 2033 and Cryostasis for benchmarks, we opted for the recently-published Mafia II. Its ratio of graphics to physics is quite balanced, and it allows us to make a direct reference to a current game so our recommendations are more relevant.
Windows 7 Ultimate x64
Mafia 2 via Steam
Updated 08.09.2010

Below is the chart we created using the different combinations of graphics cards and manufacturers:

As expected, using a dedicated graphics card for PhysX makes a difference. Pairing it with a high-end model from each camp results in a rather even playfield. The GeForce GTX 480 can neither pull ahead much from the Radeon HD 5870, nor really make the GeForce GTX 460 and Radeon HD 5850 eat its dust. All of the GPU + GPU combinations are significantly faster than using just a single Nvidia card for both graphics and PhysX.

The single cards are already dangerously close to the lower limits of playability. The chart shows the average frame rates, but obviously the difference will be seen most clearly in minimum frame rate numbers. Most of the time you will be walking around, and the frame rates will be the same regardless of whether you are using a dedicated PhysX card or not. But as soon as something happens that requires physics calculations, that's where the difference lies. Since this happens only briefly and occasionally, we chose to show you the overall picture instead.

How much do you need?

Generally, faster is better. Of course, it would be nonsense to use a GeForce GTX 480 as a dedicated PhysX card. Even using a rather expensive GeForce GTX 285 could hardly be called economically sensible. But let's take a look at our Mafia II benchmarks.

Again, we chose this game because of its very good compromise between physics and traditional graphical effects. Cryostasis uses a disproportionate amount of PhysX. Conversely, Metro 2033 is too heavy on graphics to make a good gauge of PhysX-based performance.

Looking at the graph, you can see very clearly that a card slower than a GeForce GT 240 or 9600 GT makes little sense, even if it should be able to support PhysX in theory. Using a GeForce 8400 GS is actually 15% slower than using a single GeForce GTX 480, which is extremely counterproductive. We therefore left those results out of the chart.

What PCIe slot is good enough?

A popular question centers on how fast the PCIe slot for the PhysX card needs to be. We used a motherboard with PCIe slots of different speeds, measuring speed simply by moving the PhysX card around between them.

Clearly, a faster card is slightly bottlenecked by a x4 slot compared to the other two. The difference between x8 and x16 is so marginal that it can be disregarded. A GeForce GT 220 is too slow to notice any difference, as would be a GeForce GT 240 and a 9600 GT. Even the GeForce GTX 285 doesn't suffer that badly. A x4 slot seems to be OK, though a x8 slot is the safer bet for faster cards.


In the end, it comes down to cost. Spending $80 on a used GeForce GTS 250 will bring your computer with a Radeon HD 5870 to the same level of PhysX performance as a single GeForce GTX 480 card. However, the combined cost of these two cards is higher than the single GTX 480. Real added value is obtained only by using an additional GeForce GTX 260 or better. This is where costs get out of hand and scare everyone but true enthusiasts away. We would only recommend adding an additional card if you already have a spare lying around due to a recent upgrade, for example. Then the effort might be worthwhile, even if the extra idle power consumption might gnaw at your consciousness.

CPU-Based PhysX summary

To summarize the headlines of the last few months and summarize the test results, we can conclude the following:

* The CPU-based PhysX mode mostly uses only the older x87 instruction set instead of SSE2.
* Testing other compilations in the Bullet benchmark shows only a maximum performance increase of 10% to 20% when using SSE2.
* The optimization performance gains would thus only be marginal in a purely single-core application.
* Contrary to many reports, CPU-based PhysX supports multi-threading.
* There are scenarios in which PhysX is better on the CPU than the GPU.
* A game like Metro 2033 shows that CPU-based PhysX could be quite competitive.

Then why is the performance picture so dreary right now?

* With CPU-based PhysX, the game developers are largely responsible for fixing thread allocation and management, while GPU-based PhysX handles this automatically.
* This is a time and money issue for the game developers.
* The current situation is also architected to help promote GPU-based PhysX over CPU-based PhysX.
* With SSE2 optimizations and good threading management for the CPU, modern quad-core processors would be highly competitive compared to GPU PhysX. Predictably, NvidiaĘs interest in this is lackluster.

The AMD graphics card + Nvidia graphics card (as dedicated PhysX card) hybrid mode

Here, too, our verdict is a bit more moderate compared to the recent hype. We conclude the following:


One can claim that using the additional card results in a huge performance gain if PhysX was previously running on the CPU instead of the GPU. In such cases, the performance of a Radeon HD 5870 with a dedicated PhysX card is far superior to a single GeForce GTX 480. Even if you combine the GTX 480 with the same dedicated PhysX card, the lead of the GTX 480 is very small. The GPU-based PhysX solution is possible for all AMD users if the dedicated Nvidia PhysX-capable board is powerful enough. Mafia II shows that there are times when even a single GeForce GTX 480 reaches its limits and that “real” PhysX with highly-playable frame rates is only possible with a dedicated PhysX card.


On the other hand, we have the fact that Nvidia incorporates strategic barriers in its drivers to prevent these combinations and performance gains if non-Nvidia cards are installed as primary graphics solutions.

It's good that the community does not take this lying down, but instead continues to produce pragmatic countermeasures. But there are more pressing drawbacks. In addition to the high costs of buying an extra card, we have added power consumption. If you use an older card, this is disturbingly noticeable, even in idle mode or normal desktop operation. Everyone will have to decide just how much money an enthusiast project like this is worth. It works, and it's fun. But whether it makes sense for you is something only you can decide for yourself.

Cyberthieves Still Rely On Human Foot Soldiers

Posted by Johann, 11 Dec 2010, 07:20 AM

Overall in the last two years, the FBI has opened 390 cases against schemes that prey on businesses that process payments electronically. But records reveal that low-level human foot soldiers are indispensable in such schemes, walking into a bank, in full view of surveillance cameras and leaving copies of personal identification documents.
Sitting at a computer Relevant Products/Services somewhere overseas in January 2009, computer hackers went phishing Relevant Products/Services.

Within minutes of casting their electronic bait they caught what they were looking for: A small Michigan company where an employee unwittingly clicked on an official-looking e-mail Relevant Products/Services that secretly gave cyberthieves the keys to the firm's bank account.

Before company executives knew what was happening, Experi-Metal Inc., a suburban Detroit manufacturing company, was broke. Its $560,000 bank balance had been electronically scattered into bank accounts in Russia, Estonia, Scotland, Finland and around the U.S.

In August, the Catholic Diocese in Des Moines, Iowa, lost about $680,000 over two days. Officials there are not sure how hackers got into their accounts, but "they took all they could" before the bank noticed what was going on, according to Jason Kurth, diocese vice chancellor.

The diocese and the Detroit company were among dozens of individuals, businesses and municipalities around the U.S y victimized by one of the largest cybertheft rings the FBI has uncovered.

In September, the bureau and its counterparts in Ukraine, the Netherlands and Britain took down the ring they first got wind of in May 2009 when a financial services firm tipped the bureau's Omaha, Nebraska, office Relevant Products/Services to suspicious transactions. Since then, the FBI's Operation Trident Breach has uncovered losses of $14 million and counting.

Overall in the last two years, the FBI has opened 390 cases against schemes that prey on businesses that process payments electronically through the Automated Clearinghouse, which handles 3,000 transactions every five seconds. In these cases, bureau agents have uncovered attempted thefts totaling $220 million and actual losses of $70 million.

But the court records of Operation Trident Breach reveal a surprise: For all the high-tech tools and tactics employed in these computer crimes, platoons of low-level human foot soldiers, known as "money mules," are the indispensable cogs in the cybercriminals' money machine.

A dozen FBI criminal complaints filed in New York provide an inside look at how this cybertheft ring worked:

Operating from Eastern Europe and other overseas locations, the thieves used malicious software, known as malware, to infect the computers of unsuspecting users in the United States by e-mail. The malware-infected e-mails were written to look like they came from a company manager or colleague who might send an e-mail message to everyone in a company, such as the head of human resources.

When the e-mail recipient clicked on an embedded link to a Web site or opened an attachment, a Trojan horse virus called Zeus installed itself and gathered usernames, passwords and financial account numbers typed by the victims on their own computers. The hackers then used this information Relevant Products/Services to move the victims' money electronically into bank accounts set up in the United States by the money mules.

The money mules set up shell bank accounts to receive the money. Then they withdrew the funds from the shells accounts in amounts they thought were small enough to elude detection by banks and law enforcement. In some cases, the cyberthieves bombarded telephone numbers attached to the targeted accounts with calls to block the company from calling to verify the transactions.

The mules sent most of the stolen funds overseas electronically to accounts controlled by the ring leaders; the mules usually kept 8 to 10 percent as their cut.

For instance, the FBI said money belonging to one TD Ameritrade customer Relevant Products/Services landed in the bank account of a fake company, the Venetian Development Construction Service Corp., which was registered at an unmarked, two-story brick building in Brooklyn. The sole name on the construction company's account was that of one of the money mules. Eventually some of the money wound up in accounts in Singapore and Cyprus and some walked out the bank's door in the pockets of mules. TD Ameritrade spokeswoman Kim Hillyer said the company has reimbursed customers who lost money

Just like in the illegal drug trade, the ring leaders overseas reaped the big profits but relied on the mules to do the risky, dirty work.

For each shell account, a mule had to walk into a bank, in full view of surveillance cameras and leave copies of personal identification documents. The ring leaders hid behind computer screens overseas.

Operation Trident Breach found many mules are Eastern Europeans who came to the U.S. on student visas.

Geforce Gtx 460m Sli: Mobile Gaming Value From Avadirect?

Posted by Johann, 11 Dec 2010, 07:18 AM

NvidiaĘs GeForce GTX 480M may hold the mobile performance crown, but GF100 is certainly not the most practical solution when it comes to power and heat. Today we see how its newer, smaller sibling stands up to the same tasks, aided by SLI support.
Power and heat have long been the biggest obstacles to achieving smoking-fast performance on a portable device, as the larger enclosures needed to support high-performance hardware often leaves them less than mobile. ItĘs no small wonder that we had big concerns when Nvidia re-purposed its power-hungry GF100 GPU as a notebook component.

The fastest “portable” GPU ever produced, the GeForce GTX 480M was already beaten by a CrossFire'd pair of Mobility Radeon HD 5870 modules when it was launched. Most extra-large notebooks couldnĘt support an SLI'd pair of GeForce GTX 480M modules, and the one notebook that does support these still has some power problems in such a demanding configuration. Price was another barrier for many customers, since big pieces of silicon cost big money.

A bit of additional refinement on its desktop 400-series allowed Nvidia to re-evaluate its portfolio in an effort to find a new, more energy-efficient Radeon HD 5870-killer.

That new product, the GeForce GTX 460M, should fit into the majority of chassis that formerly hosted such big-ticket parts as its competitorĘs flagship, as well as its previous mobile performance star, the GTX 285M, in dual-GPU configurations.

Before we go into the new GPUĘs specifics, letĘs take a quick look at the system we received to host NvidiaĘs latest SLI-capable modules.
AVADirect X7200 Component List
Platform Intel LGA 1366, X58 Express/ICH10R, MXM-III Discrete Graphics
CPU Intel Core i7-950 (Bloomfield), Four Cores, 3.06-3.33 GHz, 4.8 GT/s QPI, 8 MB Shared L3 Cache, 45 nm, 130 W
RAM Kingston 6 GB (3x 2GB) DDR3-1066 SODIMM, CL7, 1.5 V, Non-ECC
Graphics Dual Nvidia GeForce GTX 460M, 675 MHz, 1.5 GB GDDR5-2500, in SLI
Display 17.3" Glossy LED Back-lit TFT, 1920x1080
Webcam 3.0 Megapixel
Audio Integrated HD Audio
Security Built-in Fingerprint Reader
Hard Drive 1 Crucial C300 CTFDDAC256MAG 256 GB SSD, MLC, SATA 3Gb/s
Hard Drive 2 Seagate Momentus XT ST95005620AS 500 GB, 32 MB Cache, SATA 3Gb/s, 7200 RPM
Optical Drive Lite-On DS-4E1S 4x Blu-ray Reader/8x DVD Writer Combo Drive
Media Drive 9-in-1 Flash Media Interface
Wireless LAN Intel Ultimate-N 6300, IEEE 802.11a/b/g/n, 11/54/450 Mb/s
Wireless PAN Optional (not installed)
Gigabit Network JMicron PCIe 10/100/1000 Mb/s Ethernet
IEEE-1394 Texas Instruments PCIe IEEE-1394 (400 Mb/s)
Telephony Not Available
Peripheral Interfaces
USB 3 x USB 2.0, 2 x USB 3.0
Expansion Card Not Available
HDD 1 x eSATA 3Gb/s
Audio Headphone, Microphone, Line-In, Digital Out Jacks
Video 1 x Dual-Link DVI-I w/VGA Adapter, 1x HDMI
Power & Weight
AC Adapter 300 W Power Brick, 100-240 V AC to 15 V DC
Battery 14.8 V, 5300 mAh (78.44 Wh) Single
Weight Notebook 13.4 lbs, AC Adapter 3.6 lbs, Total 17.0 pounds
Operating System Microsoft Windows 7 Professional 64-bit Edition, OEM
Warranty 1-Year Full (Add $140 for 2-years, $274.40 for 3-years)
Price $3,142

While the desktop-based CPU in AVADirectĘs X7200 build left us with a few questions about which of our previously-tested notebooks might make this a fair comparison, its $3142 price will at least allow a performance-per-dollar analysis.

With a die size less than half that of the GeForce GTX 480M, the GTX 460MĘs 1.5 GB memory configuration could leave some users confused about its origins. A little poking around with GPU-Z helps shed some light on the internals.

Like the mobile parts that came before it, Nvidia sources its GTX 460M GPU from the desktop lineup, in this case the now-familiar GF106 previously found on the GeForce GTS 450. But how did the desktop card end up with 1.0 GB memory if capacities are limited to bus width multiplied by exponents of two?
Desktop vs Mobile GeForce Graphics
Desktop GeForce GTX 460 Desktop GeForce GTS 450 GeForce GTX 460M
Transistors 1.95 billion 1.17 billion 1.17 billion
Engine Clock 675 MHz 783 MHz 675 MHz
Processors 336 192 192
Texture Units 56 32 32
ROP Units 32 16 24
Compute Performance 907 GFLOPS 601 GFLOPS 518 GFLOPS
DRAM Type 1.0 GB GDDR5-3600 1.0 GB GDDR5-3206 1.5 GB GDDR5-2500
DRAM Interface 256-bits 128-bits 192-bits
Memory Bandwidth 115.2 GB/s 57.7 GB/s 60.0 GB/s
Module TDP 160W 106W 65W

The desktop GeForce GTS 450 has been handicapped by Nvidia, in spite of what we were told at launch. The back-end was formerly limited to 16 ROP units and a 128-bit interface. The memory capacity difference now makes sense, because 128 x 8 equals 1024, and 192 x 8 equals 1536.

The added ROP units make it appear as though the GeForce GTX 460M might be a little more powerful than the desktop GeForce GTS 450, but a lower clock speed on an identical number of stream processors more than makes up the difference. The GTX 460M ends up short of the GTS 450, in spite of its extra bandwidth. But thatĘs probably fine with Nvidia since the desktop part often performs on par with the super-expensive GeForce GTX 480M.

Aside from what appears to be a huge performance deficit compared to the desktop GeForce GTX 460, the best reference point for GTX 460M performance could be the GTX 480M. With twice the memory bandwidth and twice the die size, Nvidia's GTX 480M undoubtedly costs more to manufacture than the GTX 460M. We checked the prices of two major vendors to find out how much a single-card to dual-card upgrade costs, in an effort to determine the cost-per-card built into each notebook.
Mobile Graphics Module Prices (Upgrade from Single to Dual GPU)
GeForce GTX 480M Mobility Radeon HD 5870 GeForce GTX 460M
Die Size 529 mm≤ 170 mm≤ 238 mm≤
Memory 2 GB GDDR5-2400 1 GB GDDR5-4000 1.5 GB GDDR5-2500
Module Price $588 $382 $213

Before we even begin testing, the smaller part looks like it could provide a huge value benefit. The GeForce GTX 460M costs less than half the price of a GTX 480M, though higher yields on the smaller part could potentially account for the difference.

With the exception of its desktop background, AVADirectĘs sample looks like many of the other Clevo-based X7200 enclosures we've tested, complete with its 1920x1080 LED back-lit screen, black-anodized aluminum palm rest, lighted touchpad, fingerprint reader, and three-megapixel Webcam.

Images from our previous review show the two USB 3.0 and three USB 2.0 ports, HDMI and DVI video outputs, eSATA and networking jacks identical to the product weĘre reviewing today.

AVADirect uses the same 300 W power brick, a part that exceeds its namesake in both size and weight.

The real difference is on the inside, where we find AVADirectĘs build with a Core i7-950 desktop processor and two GeForce GTX 460M mobile graphics modules.

Because this notebook has a Blu-ray combo drive, AVADirect includes CyberLink's BD Solution in addition to two driver disks and an OEM version of Windows 7.

A drop from the previous six-core to four-core processor meant we couldnĘt use the performance data from our last X7200-based review, and were instead forced to try to find the fastest previously-tested four-core models in todayĘs comparison. ThatĘs unfortunate, since its Core i7-950 desktop processor has a higher non-Turbo Boost clock than the Core i7-940XM mobile processor used in EurocomĘs X8100. Of course, any performance gained by using a desktop processor will turn into energy lost in our efficiency comparison.
Test System Configuration
AVADirect X7200 CPU Intel Core i7-950 (Bloomfield), LGA 1366, 3.06-3.33 GHz, 8MB Shared L3 Cache
AVADirect X7200 RAM 3 x Kingston KVR1333D3S9/2G (3 x 2 GB)
DDR3-1333 at DDR3-1066 CAS 7-7-7-20, 6 GB Total
AVADirect X7200
Graphics 2 x Nvidia GeForce GTX 460M 1.5 GB
675 MHz GPU Core, GDDR5-2500
Mobile Driver Version 259.51, Patched 260.99
AVADirect X7200
Hard Drive Crucial C300 CTFDDAC256MAG SSD
256 GB, SATA 6Gb/s
Alienware M17x CPU Intel Core i7-920XM (Clarksfield) PGA988, 2.00-3.20 GHz, 8 MB Shared L3 Cache
Alienware M17x RAM 2 x Kingston KHX1333C7S3K2/4G (2 x 2 GB)
DDR3-1333 CAS 9-9-9-24, 4 GB Total
Alienware M17x
Graphics 2 x AMD Mobility Radeon HD 5870 1 GB, CrossFire
700 MHz GPU, GDDR5-4000
Mobile Driver Version 8.692.2-100203a1-095371C-Dell
Alienware M17x
Hard Drive Corsair CSSD-V128GB2-BRKT SSD
128 GB, SATA 3Gb/s
Eurocom X8100 CPU Intel Core i7-940XM (Clarksfield) PGA988, 2.13-3.33 GHz, 8 MB Shared L3 Cache
Eurocom X8100 RAM 2 x Kingston KHX1333C7S3K2/4G (2 x 2 GB)
DDR3-1333 CAS 7-7-7-20 4 GB Total
Eurocom X8100
Graphics Nvidia GeForce GTX 480M 2 GB
425 MHz GPU Core, GDDR5-2400
Mobile Driver Version 257.07
Eurocom X8100
Hard Drive Corsair CSSD-V128GB2-BRKT SSD
128 GB, SATA 3Gb/s
Sound Integrated HD Audio
Network Integrated Gigabit Networking
OS Microsoft Windows 7 64-bit

Two GeForce GTX 460M modules cost less than a single GTX 480M, so thatĘs the most logical Nvidia GPU match-up. AlienwareĘs super-performing M17x takes up arms for AMDĘs Radeon series, its dual Mobility Radeon HD 5870 modules in CrossFire mode.

Also notice that the X7200 was tested twice, using the as-delivered 259.51 graphics drivers and specially-patched 260.99 “Verde” versions. The 259.51 driver often crashed when the cards dropped out of 3D mode at the end of a game test, and we found that the 260.99 drivers fixed it. The only problem for notebook buyers is, the public 260.99 drivers would not install without a little prep work.

Because Nvidia has not yet validated ClevoĘs cards, the public driver INFs donĘt list the cardĘs ID. We found three methods to enable “Verde” driver installations on AVADirectĘs Clevo notebook.

The easiest method is to patch the public driverĘs NVAM.INF file, finding the lines that refer to the GTX 460M device ID “0DD1” and replacing the ID of one card with that of another. We found six instances of this code, representing three cards on two different driver models. Replacing both instances of the first card listed (20401043) with the ID of our card (72001558) allowed the drivers to install without a hitch, including the Nvidia HDMI audio drivers. Because the installer removes all HD audio codec drivers before updating NvidiaĘs audio drivers, the Realtek driver must also be reinstalled.

Nvidia used a different method in its own 260.99 preview driver for AsusĘ G73Jw notebook, adding the lines %NVIDIA_DEV.0DD1.02% = Section017, PCI\VEN_10DE&DEV_0DD1&SUBSYS_71001558 and %NVIDIA_DEV.0DD1.02% = Section018, PCI\VEN_10DE&DEV_0DD1&SUBSYS_71001558 to the appropriate places in NVCV.INF. We tried changing AsusĘ customized driver to match our card (72001558), and the graphics drivers installed without updating the Nvidia audio drivers.

Users who know a little bit more about INF structure can do to the public driver what Nvidia did to the Asus driver, adding %NVIDIA_DEV.0DD1.02% = Section017, PCI\VEN_10DE&DEV_0DD1&SUBSYS_72001558 and %NVIDIA_DEV.0DD1.02% = Section018, PCI\VEN_10DE&DEV_0DD1&SUBSYS_72001558 to the appropriate places in NVCV.INF. The results are identical to using the modified Asus driver, and we tested all three methods to make sure they worked.

In all three cases, the 260.99 driver fixed the stability problem previously found in the 259.51 driver. Nvidia tells us to expect an official update in early December that will make manual driver hacks unnecessary for its unified software package.
Benchmark Configuration
3D Games
Call of Duty: Modern Warfare 2 Campaign, Act III, Second Sun (45 sec. FRAPS)
Test Set 1: Highest Settings, No AA
Test Set 2: Highest Settings, 4x AA
Crysis Patch 1.2.1, DirectX 10, 64-bit executable, benchmark tool
Test Set 1: High Quality, No AA
Test Set 2: Very High Quality, 4x AA
DiRT 2 Run with -benchmark example_benchmark.xml
Test Set 1: High Quality Preset, No AA
Test Set 2: Ultra Quality Preset, 4x AA
S.T.A.L.K.E.R.: Call Of Pripyat Call Of Pripyat Benchmark version
Test Set 1: High Preset, DX11 EFDL, No AA
Test Set 2: Ultra Preset, DX11 EFDL, 4x MSAA
Audio/Video Encoding
iTunes Version: x64
Audio CD (Terminator II SE), 53 min
Default format AAC
HandBrake 0.9.4 Version 0.9.4, convert first .vob file from The Last Samurai (1 GB) to .mp4, High Profile
TMPGEnc 4.0 XPress Version:
Import File: Terminator 2 SE DVD (5 Minutes)
Resolution: 720x576 (PAL) 16:9
DivX Codec 6.9.1 Encoding mode: Insane Quality
Enhanced multi-threading enabled using SSE4
Quarter-pixel search
Xvid 1.2.2 Display encoding status = off
MainConcept Reference 1.6.1 MPEG2 to MPEG2 (H.264), MainConcept H.264/AVC Codec, 28 sec HDTV 1920x1080 (MPEG-2), Audio: MPEG-2 (44.1 KHz, 2 Channel, 16-Bit, 224 Kb/s), Mode: PAL (25 FPS)
Adobe Photoshop CS4 Version: 11.0 x64, Filter 15.7 MB TIF Image
Radial Blur, Shape Blur, Median, Polar Coordinates
Autodesk 3ds Max 2010 Version: 11.0 x64, Rendering Dragon Image at 1920x1080 (HDTV)
Grisoft AVG Anti-Virus 9.0 Version: 9.0.663, Virus base: 270.14.1/2407, Benchmark: Scan 334 MB Folder of ZIP/RAR compressed files
WinRAR 3.90 Version x64 3.90, Dictionary = 4,096 KB, Benchmark: THG-Workload (334 MB)
7-Zip Version 4.65: Format=Zip, Compression=Ultra, Method=Deflate, Dictionary Size=32 KB, Word Size=128, Threads=8
Benchmark: THG-Workload (334 MB)
Synthetic Benchmarks and Settings
3DMark Vantage Version: 1.0.1, GPU and CPU scores
PCMark Vantage Version: x64, System, Productivity, Hard Disk Drive benchmarks
SiSoftware Sandra 2010 Version 2010.1.16.11, CPU Test = CPU Arithmetic / MultiMedia, Memory Test = Bandwidth Benchmark

DiRT 2 loves the GeForce GTX 460M SLI configuration using its “High” quality preset, and increasing to “Ultra” quality with 4x MSAA barely diminishes that lead.

The Call of Pripyat Benchmark shows the GTX 460M in a slight lead once again, making this a clean sweep for Nvidia. Reflecting our previous experience in going from 258 to 260 series drivers on desktop systems, the notebook “Verde” drivers see their sole big gain here.

The Ultra quality preset and 4x MSAA further spreads the performance differences, with a reduction in frame rates that force us to reconsider the minimum frame rates to assure playability. The 460M SLI configuration is playable under both driver versions with a minimum of 21 FPS, while the others couldnĘt reach our recommended lowest minimum of 20 FPS.

In other words, you really do need the 460M SLI configuration simply to play this game at its highest details.

3DMark shows similar results for the GeForce GTX 460M SLI and Mobility Radeon HD 5870 CrossFire configurations, with the Nvidia solution leading on average. We looked through our test notes for the GPU scores and found them consistent with the overall scores in spite of different processors.

AVADirectĘs PCMark score dropped slightly during every run, resulting in a lower score during the later “Verde” driver test. As with many end users, AVADirect relies on MicrosoftĘs AHCI drivers rather than IntelĘs. We tried IntelĘs drivers and got a higher score, but kept the original score for consistency's sake.

IntelĘs desktop processors have a higher non-Turbo Boost frequency, allowing the X7200 to take a clear lead in the eight-thread Sandra Arithmetic benchmark.

The higher clock speed keeps AVADirectĘs desktop-based notebook in the lead through SandraĘs Multimedia tests.

Triple-channel mode helps the X7200 in Sandra's Memory Bandwidth test, but its motherboardĘs inability to set non-reference memory speeds kept its DDR3-1333 running in DDR3-1066 mode.

The use of a desktop processor is certain to hurt the X7200Ęs power consumption, though increased performance could help its efficiency.

A single graphics card helps the X8100/GeForce GTX 480M combination place first in power consumption, while a desktop processor hurts the X7200 by more than many people might have thought. LetĘs see how these stack up in performance.

Using the CrossFire-equipped M17x as our high-end graphics baseline, we see that the single-GPU GeForce GTX 480M falls far behind, while the dual-GPU GeForce GTX 460M SLI setup surges ahead. Remember that, at the beginning of this article, we pointed out that the computational power of the 480M exceeds that of the 460M by only 15%, so this outcome is no surprise.

Dividing performance by power gives us an efficiency baseline of 100%. Since no electronic device is 100% efficient, we subtracted the baseline from all scores to focus only on the efficiency difference. The Core i7-940XMĘs low 55 W TDP puts the X8100 in the lead here, while the Core i7-950Ęs super-high 130 W TDP drops AVADirectĘs X7200 to the bottom of our efficiency chart. The processors have such vastly different power specifications that any reasonably-accurate assessment of graphics efficiency is impossible.

The X8100Ęs lower energy use is also seen in its superior battery life, which makes any of these notebooks capable of doing a few “notebook things” on-the-go. Of course youĘll need a wall outlet for high-end games, but any of these gaming notebooks is still at least 300% more portable than a similarly-capable desktop gaming system.

AVADirectĘs GeForce GTX 460M SLI-based machine presented us with a great opportunity to compare the latest mobile GPUs, as well as a bit of a testing dilemma. While its Core i7-950 processor was matched by the previously-tested Core i7-940XM in lightly-threaded applications like games, its multi-threaded application performance makes it a beast in encoding and productivity tests.

Yet, we were most interested in how well its new GPU configuration would perform, so we accepted the configuration, even in light of its mismatched host processor. Shortly afterward, someone (Ed.: I'm guilty) suggested comparing it based on price-per-performance in a chart that looks like this:

The problem with the above chart is that it doesnĘt account for features, such as the X8100Ęs larger 18.4” display and HDMI pass-through device (with added screen-grabbing capability). It doesnĘt even account for smaller improvements, such as AlienwareĘs enhanced-resolution 1920x1200 display. And it certainly doesnĘt account for the thinner design, lower heat, and longer battery life of its mobile CPU-based competitors. In fact, notebook CPUs cost more than the desktop part used to improve the X7200Ęs performance at the expense of cooler thickness, heat, battery life, and power supply weight.

Thus, we have two conclusions, and the first one is in regards to GPU alacrity. At less than half the cost and armed with most of the performance of Nvidia's GeForce GTX 480M, the GTX 460M becomes our preferred notebook GPU at this time. A pair of these easily smashes the performance of AMDĘs fastest CrossFire-based solution. So take two now, and then call the doctor in the morning if you find yourself suddenly addicted to gaming at full detail levels on a laptop.

Second, the X7200Ęs use of a desktop processor sets it up as a value leader, but only if you donĘt value having a notebook thatĘs less than 2.8” thick or less than 17 pounds heavy, with adapter. Had we been building our own GeForce GTX 460M SLI-equipped notebook, weĘd have likely picked the X8100 chassis for its lower weight, lower power use, and larger screen.

But weĘre not notebook builders; thatĘs AVADirectĘs job, and the company focused on providing the most performance for the money. This is the point where AVADirect gets our kudos for topping the above chart, and weĘre sure its builders are willing to assist any buyer in reaching their ultimate portability and performance goals.

Do Virus Scanners Slow Down Your System?

Posted by Johann, 11 Dec 2010, 07:18 AM

Does the presence of a virus scanner guarantee reduced performance, or does it have a negligible impact? We test 10 different products to see if youĘre unknowingly suffering with security software.
Remember the days of Windows 98, when CPUs ran at triple-digit MHz speeds and slogged along with less than a gigabyte of RAM? Installing a resident program like a virus scanner often meant committing performance suicide. And heaven forbid a scheduled scan start up while you were actually at your desk. Productivity could literally grind to a halt. At least thatĘs how I remember things through the fog of time.

Today's personal computers are much more powerful than they were a few years ago, so perhaps the notion that an anti-virus application will still have a debilitating effect on performance is obsolete. Still, folks who began using computers after multi-core CPUs and gigabytes of RAM became the norm have likely never used a PC without a virus scanner installed. They'd have no way to relate to the days of running lean and mean to keep speed manageable. Now we have resources to spare. Cores sit idle, waiting for a task to execute, while low prices on memory make 6 GB and 8 GB kits affordable for even mainstream users.

We should make this perfectly clear: while itĘs undeniable that an active virus scan can cause a heavy performance burden, what weĘre really curious about is whether or not performance is affected when a system scan is not running. Does it take longer to open files when you have a resident virus scanner installed? Does the presence of the software tax CPU resources while youĘre running other programs? What kind of tasks are most affected by security products, if any?

When faced with these sorts of questions, itĘs only natural that weĘd run some tests to unearth the real answers—this is TomĘs Hardware, after all. So letĘs look a little deeper into quantifying the anti-virus conundrum.

What Does A Virus Scanner Do?

Before we begin our tests, we should at least consider how virus scanners work so that we can see if the results are in sync with our expectations.

There are two main mechanisms that most virus scanners use in order to keep your system safe: file checking and behavior monitoring.

File checking is by far the most prevalent technique. The idea is simple: the virus scanner examines the files on your PC for known threats, a threat being a signature of code that is associated with a particular virus. Because new viruses are being released all the time, most virus scanners will periodically download updates containing the new threat signatures.

How could file checking affect performance? Typically, a virus scanner will examine files for threat signatures every time a file is written, opened, closed, or emailed, or when a virus scan occurs. It thus makes sense to predict that applications accessing files on a regular basis might be slowed down by anti-virus software. Conversely, programs that don't involve a lot of file access might then remain relatively unaffected by the presence of a virus scanner.

Behavior monitoring is the second technology that anti-virus software employs to identify threats. This is a pre-emptive strategy to deal with viruses that have not yet been identified or added to the threat-signature dictionary. The virus scanner monitors the system for suspicious behavior, such as the alteration of executable files. This virus-prevention technique probably has very little effect on system performance, since suspicious behavior is probably somewhat rare.

That should be enough of a top-down overview to get us started. Let's get on with the tests!

We begin by selecting the security software to test. We're curious to find out if Internet security suites might contain bloatware that could slow down a system more than a simple anti-virus program would, so we've included not only virus scanners, but also complete Internet security suites offered by noteworthy developers. This means weĘre testing AVG Anti-Virus 9.0, AVG Internet Security 9.0, Kaspersky Anti-Virus 2011, Kaspersky Internet Security 2011, McAfee VirusScan Plus, McAfee Internet Security, Norton AntiVirus 2010, Norton Internet Security 2010, Trend Micro Titanium AntiVirus+, and Trend Micro Titanium Internet Security.

Where benchmarks are concerned, weĘve assembled a suite of tests to exercise most aspects of PC performance, from gaming to office work. WeĘre testing raw application performance and also the time it takes for the system to respond to boot and to program launch requests. In order to do this, weĘve even developed some custom benchmarks, courtesy of our own Andrew Ku.

While we're running the benchmarks on an Athlon II X4 645, we'll be disabling two of the CPU cores for the majority of benchmarks. As a result, most of the benchmarks reflect the performance users can expect from a budget dual-core CPU. On page seven we run more benchmarks with only a single CPU core enabled, and also with all four CPU cores enabled, to see if the performance burden changes based on the number of execution cores available to the system.

With all this in mind, here are the particulars for our test system and benchmarks:
Test System
Motherboard Asus M4A785TD-V EVO
Socket AM3, AMD 785G, BIOS 0410
Processor Athlon II X4 645
3.1 GHz, Quad-Core CPU
Multiplier set to 3.0 GHz
Single- and quad-cores enabled for CPU core comparison on page 7
CPU Cooler
Cooler Master Hyper TX3
Memory Crucial DDR3-1333
Dual-Channel 2 x 2048 MB, 669 MHz,
CAS 9-9-9-24-1T
Graphics Radeon HD 5830 Reference
1 GB GDDR5, 800 MHz GPU, 1000 MHz Memory
Hard Drive Western Digital Caviar Black 1000 MB
7200 RPM, 32 MB Cache SATA 3Gb/s
Software and Drivers
Operating System
Microsoft Windows 7 x64
DirectX Version
DirectX 11
Graphics Drivers AMD Catalyst 10.9

And here's a list of the benchmarks:
Benchmark Configuration
3D Games
Crysis Patch 1.2.1, DirectX 10, 64-bit executable, benchmark tool
High Quality, No AA
Audio/Video Encoding
TMPGEnc 4.0 Express Version:
Import File: "Terminator 2" SE DVD (5 Minutes)
Resolution: 720x576 (PAL) 16:9
Xvid 1.2.2 Display encoding status = off
WinRAR 3.90 Version x64 3.90, Dictionary = 4096 KB, Benchmark: THG-Workload (334 MB)
Synthetic Benchmarks
PCMark Vantage Version: x64, All Benchmarks
SiSoftware Sandra 2010 Version 2010.1.16.11, CPU Test = CPU Arithmetic

We should preface the following CPU and game benchmarks by saying we really don't expect security software to have an effect on them. Anti-virus software typically activates on the creation, opening, closing, or emailing of files, and none of the following tasks are focused on any of these activities. Regardless, we make no assumptions and perform the following tests to check our theory.

We start things off with a synthetic CPU benchmark to see whether or not these products will cause performance differences compared to a computer without any security software installed. As you can see, the presence of this software appears to cause no tangible impact on raw processing performance.

Now letĘs see what happens in a real-world encoding application.

Encoding a video with the Xvid codec definitely stresses the processor—in fact, it stresses the whole platform. Nevertheless, thereĘs no real performance difference to see here.

We benchmarked Crysis to see if any of these security software products would affect game performance. Happily, it does not appear to have any impact whatsoever.

The following benchmarks involve hard drive and file access, which a virus scanner could theoretically affect.

The results are close across the board with our first file access benchmark, the PCMark hard drive test score. It has been our experience that PCMark results have a larger margin of error than what weĘd prefer, so we wonĘt draw any specific conclusions from this close result.

Moving to a real-world benchmark that involves compressing 334 MB of files, our WinRAR test doesnĘt expose any obvious weaknesses in file system performance.

It can be difficult to define and measure the general responsiveness of a PC, yet the productivity and communications benchmarks that are part of the PCMark Vantage suite are probably well-suited for this test.

The PCMark Vantage communications benchmark includes a combination of tests that cover common tasks like data encryption, compression, Web page rendering, and Windows Mail searches. Past experience with PCMark shows that the margin of error can be a little larger than what weĘd like it to be and the score with no security software running is actually lower than some results when virus scanners and Internet security suites are running. We consequently canĘt draw any conclusions from these results, but can see that there isnĘt a large difference when any of these products are used.

The productivity benchmark suite includes common tasks like starting applications, editing documents in WordPad, and searching contacts using Windows Search. There is a multitasking portion of this benchmark that runs three simultaneous tasks, including a Windows Contact search and Windows Mail message rules and renders numerous Web pages in Internet Explorer. Finally, this bench includes a number of hard disk stressing tasks, such as a Windows Defender scan and a boot timer.

As you can see, there are definitely some strong trends here that suggest this benchmark is affected by security software to varying degrees, but Kaspersky and Trend Micro products appear to suffer a large performance penalty.

LetĘs dig deeper into the PCMark productivity benchmark specifically to see exactly what tasks are running slower when antivirus software installed:

Very interesting. First, letĘs look at the productivity tasks that are not affected by the presence of these scanners. All of the hard disk-intensive tasks, such as Windows Vista startup, Windows Defender, and application loading, perform no differently with or without security software installed. This result supports our previous hard drive test results that also demonstrate little or no performance penalties due to a resident virus scanner. Aside from this, text editing a Word document also shows no performance differential.

On the other hand, a Windows Contacts search operation demonstrates a sizable performance penalty when Kaspersky or Trend Micro security software is installed. Note that the Productivity 4 Windows Contacts search occurs during multitasking, but both results are similar. The other operation that appears to be affected by the presence of security software is Web page rendering, also recorded during multi-tasking operations.

On a final note, we should mention that we left one of the PCMark productivity benchmarks out of the above chart. The Productivity 4 Windows Mail copying benchmark provides very inconsistent results in our testing, reporting anywhere between one and six operations per second.

It is our intention to benchmark the boot time with these different security solutions installed, and we spent a lot of time testing this using GreenVantageĘs WinBootInfo utility. Unfortunately, the results we recorded show a huge variance from 30 to 60 seconds, even when taken one after the other, and weĘre not comfortable releasing these results even after averaging multiple iterations. What we will say is that all of the averages we recorded are between 32 and 46 seconds. With boot times ranging from 30 to 60 seconds, there probably isnĘt any significant conclusion to draw.

The response time benchmarks we demonstrate below are much more consistent. We open a document in Word and a LAN-hosted Web page in Firefox. HereĘs how long it takes, on average, to open these files the first time after a fresh boot into Windows:

While we do experience significant variance between minimum and maximum load times for each security software package, with six iterations averaged, we see some clear trends across Firefox and Word. Most notably, AVG, McAfee, and Trend Micro products seem to take a little longer to open files than their competitors. McAfee Internet Security, specifically, has a longer wait time to launch the test Web page.

Speaking of McAfee, with this product installed, we notice a colossal lag to launch the timer application we developed to record benchmark results. When I say colossal, I mean it takes the better part of 10 seconds to launch the tiny program—an application that executes instantly with any other anti-virus program we tested. The reason for this appears to be that McAfeeĘs real-time scanning method is based on checking against known application signatures. Since McAfee obviously canĘt have signatures for custom-made applications, it will thoroughly scan the application in question before launch. It does seem to take longer than it should to accomplish this task. WeĘre asking McAfee about this and hope to have an answer before publication—otherwise, we will follow up in a future article.

Back to the results, though. The bar graphs do make it appear that there is a large variance on first load, but weĘre talking about a two to five-and-a-half second spread to open Firefox and a three-to-six-second spread to open a Word document. It sounds worse than it feels, as those extra few seconds donĘt seem all that obvious. Admittedly, thatĘs a subjective argument.

What is objective is that the same application loads much faster the second time it is launched during a Windows session:

The difference in application launch speeds is reduced to less than a second between competing security software solutions on subsequent runs of the same program. This is a short enough time span that it's difficult to notice any change at all during real-world use.

We think itĘs important to address one of the variables missing from our previous tests, and that is hardware. As weĘve seen up until this point, most applications donĘt seem to show a notable difference in performance, regardless of whether security software is installed or not. But all of the tests have also been run on a dual-core CPU, too. Will the results change on a single- or quad-core processor?

We would expect the raw performance to drop slightly in multithreaded applications. But we're curious about the effect security software has on single-core performance, too. While we donĘt have time to run the entire benchmark suite for different processor setups, we run all three CPU options with AVG AntiVirus 9, AVG Internet Security 9, and without any security software installed for a quick test:

While the number of available execution cores can certainly affect the raw results, when it comes to comparing performance on the basis of available compute resources, the only metric that shows a significant performance drop associated with a single-core processor running security software is the time it takes to load Internet pages on the first run. Aside from that, security software doesnĘt seem to have an adverse affect on single-core PCs. This is a surprising result, as we expected security software to take advantage of threading. ItĘs possible that our test scenarios donĘt give the software an ideal opportunity to do so, but itĘs a surprising result nonetheless.

As mentioned on the first page, I came into this story idea aware that I had a prejudiced expectation. Although IĘd never actually tested it for myself, I was under the impression that the presence of a resident virus scanner would have an adverse effect on system performance.

IĘm very happy to report that my preconceptions have no place in todayĘs PC world, as even single-core processors are able to demonstrate comparable performance with or without modern security software installed. This is true not only for basic virus scanners, but also for comprehensive security suites.

Having said that, itĘs also true that the presence of security software isnĘt undetectable in all circumstances. We do see an increase in application launch times with a virus scanner installed, but the only significant wait time is a couple seconds added on the first launch of a program. Subsequent launches appear to be cached, and the wait time is almost imperceptible.

The only benchmark that shows a notable performance decrease with a virus scanner installed is PCMarkĘs productivity suite. Even here the performance hit is only notable with two of the 10 tested security products, and in this case, an increase in Windows Contacts search times is the main cause. While I canĘt speak for everyone I know, I do not spend a significant amount of time searching Windows Contacts, so for me this isnĘt much of an issue.

While these results are encouraging, a couple of questions need to be answered. As we mentioned at the beginning, weĘve limited our testing to performance with the virus scanner installed. However, what is the performance hit during an actual virus scan? This is something we hope to examine in a follow-up review in the near future.

However, for the time being, weĘve learned that a user can confidently install a virus scanner or Internet security suite without being too concerned about performance consequences. It appears that typical tasks we undertake when using our PCs will not be notably slowed by the security software on which we rely. In the end, IĘm pleased to admit that my expectation of a decrease in general PC performance when a virus scanner is installed was incorrect and obsolete.

Entries on 10-December 10

Registry Hacks

Posted by Johann, 10 Dec 2010, 11:05 AM

WeĘre big fans of hacking the Windows Registry around here, and weĘve got one of the biggest collections of registry hacks youĘll find.

ItĘs important to note that you should never hack the registry if you donĘt know what youĘre doing, because your computer will light on fire and some squirrels may be injured. Also, you should create a System Restore point before doing so. Otherwise, keep reading.

Keyboard Ninja: Kill Windows with the Blue Screen of Death in 3 Keystrokes

Have you ever wanted to show off your keyboard ninja skills by taking down Windows with just a couple of keystrokes? All you have to do is add one registry key, and then you can impress your friends… or use it to convince people to switch to Linux.

This isnĘt a bug, itĘs a “feature” in Windows that is designed to let users trigger a crash dump for testing purposes. ThereĘs even a whole Microsoft KB article on the subject.

To enable this feature, open up regedit and then browse down to one of these keys, depending on your keyboard type:

USB Keyboard


PS/2 Keyboard


Now right-click on the right-hand pane and add a new DWORD key named CrashOnCtrlScroll, giving it a value of 1.

Reboot your computer, and when it starts back up you can trigger the Blue Screen of Death by using the following keyboard shortcut:

Hold down Right Ctrl and hit Scroll Lock twice

To remove this “feature” you can just delete the registry key and then restart your computer again.

Please note that following this article WILL crash your computer… really isnĘt very useful, but itĘs lots of fun =)

Stupid Geek Tricks: Enable the Secret "How-To Geek" Mode in Windows 7

We havenĘt told anybody before, but Windows has a hidden “How-To Geek Mode” that you can enable which gives you access to every Control Panel tool on a single page—and weĘve documented the secret method for you here.

Update: Do not use this on Vista. If you did, you can use Ctrl+Shift+Esc to start task manager, File \ Run and open a command prompt with cmd.exe, and then use the rmdir command to get rid of the folder.

To activate the secret How-To Geek mode, right-click on the desktop, choose New –> Folder, and then give it this name:

How-To Geek.{ED7BA470-8E54-465E-825C-99712043E01C}

Once youĘve done so, youĘll have activated the secret mode, and the icon will change…

Double-click on the icon, and now you can use the How-To Geek mode, which lists out every single Control Panel tool on a single page.

At this point you might notice why this is a stupid geek trick—itĘs much easier to use the default Control Panel than navigating through a massive list, and anybody that really calls themselves a geek will be using the Start Menu or Control Panel search box anyway.

In case you were wondering, this is the same as that silly “God Mode” trick that everybody else is writing about. For more on why itĘs pointless, see Ed BottĘs post on the subject.

Alright, So ItĘs Not Really a Secret How-To Geek Mode

Sadly, this is nothing more than a stupid geek trick using a technique that isnĘt widely known—Windows uses GUIDs (Globally Unique Identifiers) behind the scenes for every single object, component, etc. And when you create a new folder with an extension that is a GUID recognized by Windows, itĘs going to launch whatever is listed in the registry for that GUID.

You can see for yourself by heading into regedit.exe and searching for {ED7BA470-8E54-465E-825C-99712043E01C} under the HKCR \ CLSID section. YouĘll see on the right-hand pane that itĘs the “All Tasks” view of the Control Panel, which you canĘt normally see from the UI.

You can use this same technique for other Windows objects by doing some digging around in the registry… for instance, if you were to search under HKCR \ CLSID for “Recycle Bin”, youĘd eventually come across the right key—the one on the left-hand side here:

So if you created a folder with the name “The Geek Knows Deleted Files.{645FF040-5081-101B-9F08-00AA002F954E}”, youĘd end up with this icon, clearly from the Recycle Bin.

And itĘs even a fully functional Recycle Bin… just right-click and youĘll see the menu:

So hereĘs the quick list of the ones I felt like digging up, but IĘm sure thereĘs more things you can launch if you really felt like it.

Recycle Bin: {645FF040-5081-101B-9F08-00AA002F954E}

My Computer: {20D04FE0-3AEA-1069-A2D8-08002B30309D}

Network Connections: {7007ACC7-3202-11D1-AAD2-00805FC1270E}

User Accounts: {60632754-c523-4b62-b45c-4172da012619}

Libraries: {031E4825-7B94-4dc3-B131-E946B44C8DD5}

To use any of them, simply create a new folder with the syntax AnyTextHere.{GUID}

Create Shortcuts to GUIDs

Since the GUID points to a Windows object launched by Windows Explorer, you can also create shortcuts and launch them directly from explorer.exe instead of creating the folder. For instance, if you wanted to create a shortcut to My Computer, you could paste in the following as the location for a new shortcut:

explorer ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

And just like that, youĘd have a shortcut to My Computer, which you can customize with a different icon, and a shortcut key if you so choose.

Yeah, itĘs a stupid geek trick, but itĘs always fun to learn new things.

Note: The Control PanelĘs All Items hack and the Libraries hack will probably only work in Windows 7. The others should work in any version of Windows.

What Is Loic?

Posted by Johann, 10 Dec 2010, 10:32 AM

LOIC ("Low Orbit Ion Cannon") is an application developed by 4Chan-affiliated hackers designed to—when used en masse by thousands of anonymous users—launch Distributed Denial of Service (DDoS) attacks on websites. Like and, for instance.

The idea behind LOIC is that it can allow you to participate in attacks even if you've no clue how to hack. Just download a copy of LOIC (available for Windows, Mac, and Linux!), punch in the target information like a URL or an IP address and zap.

The Windows version of LOIC has a "Hivemind" feature that lets you point your copy at an Internet Relay Chat server, allowing someone else—say, the Anon Admins behind Operation Payback, the campaign that is currently striking out against Visa, Mastercard, and other financial organizations in retaliation for their decision to stop doing business with Wikileaks—to control at what site all connected LOIC clients are aimed. And because it takes thousands of LOICs all pointed at a single site to make a real impact, letting a central administrator press the big button of website destruction makes the whole network more effective.

2 Pages V   1 2 >