07 May 2023

Microsoft takes 5 years to fix Defender 'bug' should be in the courts

Microsoft not only should be in the courts for anti competitive behaviour but also fined for it.

Microsoft has (deliberately) not addressed a piece of code that was killing Firefox performance.

MANY people may have thought that Mozilla's Firefox product was inferior in quality to the alternative Microsoft product or that the programmers were lazy or incompetent.

The truth was that Microsoft was (deliberately) sabotaging Mozilla's product.

Too many calls to the Windows kernel were stealing Firefox's thunder.


Why it matters: Microsoft has released a crucial bug-fixing update to its Windows Defender antimalware application. Its arrival means that some unlucky Firefox users should now get a much smoother and better-performing experience while browsing the web.

Update (April 11): The Mozilla developer who worked on fixing this performance issue and reported it to Microsoft added the following on a Reddit thread, clarifying the nature of the bugfix:

"The impact of this fix is that on all computers that rely on Microsoft Defender's Real-time Protection feature (which is enabled by default in Windows), MsMpEng.exe will consume much less CPU than before when monitoring the dynamic behavior of any program through ETW (Event Tracing for Windows)."

"For Firefox this is particularly impactful because Firefox (not Defender!) relies a lot on VirtualProtect - which is monitored by MsMpEng.exe through ETW. We expect that on all these computers, MsMpEng.exe will consume around 75% less CPU than it did before when it is monitoring Firefox."

For more than five years, the security protection provided by Microsoft Defender was negatively affecting Firefox users during their web browsing sessions. The Antimalware Service Executable component of Defender (MsMpEng.exe) was acting strange, showing a high CPU usage when Firefox was running at the same time.

Users were complaining that Defender was stressing the CPU while the Mozilla browser became laggy and unresponsive. The issue was first reported 5 years ago, and it was seemingly a Firefox exclusive as it was sparing Edge and other third-party browsers like Chrome.

In March 2023, Mozilla developers were able to finally discover the source of the issue: Firefox relies and executes a very high number of calls to the OS kernel's VirtualProtect function while tracing Windows events (ETW). VirtualProtect is a function to change the "protection on a region of committed pages in the virtual address space of the calling process," Microsoft explains, and Defender was doing a lot of "useless computations" upon each event while Firefox was generating a lot of ETW events.


This was an "explosive" combination that was using five times the CPU power with Firefox compared to other browsers, the Mozilla developers said. The open-source foundation worked with Microsoft to solve the issue for good, and Redmond finally delivered with a recent update for Defender's antimalware engine (1.1.20200.2).

After testing the bugfix for a while, the solution was delivered to the stable channel with updated Defender anti-malware definitions on April 4 (mpengine.dll version 1.1.20200.4) and the bug was finally closed.

Mozilla developers said that the Defender update would provide a massive ~75% improvement in CPU usage from MsMpEng.exe while browsing the web with Firefox. With the fix, Defender's Real-time Protection feature - which is enabled by default in Windows - will consume less CPU than before when monitoring the dynamic behavior of any program through ETW.

Microsoft is also bringing the update to now obsolete Windows 7 and Windows 8.1 systems, as Firefox will keep supporting the two operating systems "at least" until 2024. Furthermore, Mozilla engineers said that the "latest discoveries" made while analyzing the weird Defender bug would help Firefox "go even further down in CPU usage," with all other antivirus software and not just Defender this time.

No comments: