Jump to content


Photo

Regarding The Service


  • This topic is locked This topic is locked
8 replies to this topic

#1 LS Tobias

LS Tobias

    Advanced Member

  • Members
  • PipPipPip
  • 702 posts

Posted 14 June 2007 - 10:27 AM

There has been a lot of commotion regarding the service part of Ad-Aware 2007 - this is an attempt to answer the most common questions you have posted in these forums.

Something that is worth pointing out from the onset is that of the two parts that make up Ad-Aware 2007 - aawservice.exe and Ad-Aware 2007.exe - it is the service that is the very heart of the application. It carries out the scans and removals of infections - Ad-Aware 2007.exe is only a Graphical User Interface that allows the user to control the functionality of the service.

The reasons for using a service-based approach for Ad-Aware 2007 are many. A service implementation allows for modularity and scalability in the implementation. Using a service also gives the engine the elevated rights on the system, which is an absolute necessity in order to cope with the malware of today. An added bonus is that the service operates with these elevated rights even when you are logged in as a normal user which gives you an enhanced protection against malware simply because that they are forced to execute in user mode.

As for the use of system resources, we can understand that the average freeware user thinks that the memory consumption is a bit high, considering that they get no real-time protection. We are working on ways of reducing the resource consumption of the service when it is not in use. We do not yet have a date for when such an update will be available, but we will announce it these forums.

Regards, Tobias

#2 Cartigan

Cartigan

    Member

  • Members
  • PipPip
  • 24 posts

Posted 14 June 2007 - 10:57 PM

Are we allowed to reply here?

If so, what is the reasoning for it being required to boot on start up? The programming detects if it is disabled and refuses to start.
In addition, the program will start the service if it is stopped. Why is the service not opening and closing with the program since it is obviously able to work like that?
If it isn't real-time protection and is supposedly the "heart" of the program, why is it separate from the program and implemented in a very suspicious and territorial fashion?

#3 AM088

AM088

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 15 June 2007 - 12:13 AM

Are we allowed to reply here?

If you couldn't, they would have locked the topic and you'd know :mellow:

In addition, the program will start the service if it is stopped. Why is the service not opening and closing with the program since it is obviously able to work like that?

It can't always work like that. If the user does not have an administrative account, the Ad-Aware will not have enough privileges to start the service.

If it isn't real-time protection and is supposedly the "heart" of the program, why is it separate from the program and implemented in a very suspicious and territorial fashion?

This is because the service will have the same high privileges whether the Ad-Aware is run by the admin or a limited user.

Edited by AM088, 15 June 2007 - 12:16 AM.


#4 Oldfrog

Oldfrog

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 121 posts

Posted 15 June 2007 - 01:14 AM

This is because the service will have the same high privileges whether the Ad-Aware is run by the admin or a limited user.

Which, since it runs as NT AUTHORITY/SYSTEM, means that it has some permissions that are higher even than an Administrator.
MS MVP Windows Security 2006-2008

#5 2harts4ever

2harts4ever

    Advanced Member

  • Members
  • PipPipPip
  • 68 posts

Posted 15 June 2007 - 03:20 AM

Hi LS Tobias and all,

I appreciate the informative update on the commotion being caused by the service part of Ad-Aware 2007.

It makes more sense now that you have explained it. :D

However, I do hope Lavasoft can 'slim down' the 'heavy' memory consumption in the very near future as you are reporting. :o

Thanks and regards,

2harts4ever :o :D

#6 polygon

polygon

    Advanced Member

  • Members
  • PipPipPip
  • 50 posts

Posted 15 June 2007 - 06:27 PM

I am willing to await an update that will hopefully reduce the memory consumption somewhat, fortunately having quite a large memory installed in my system means it is not a big problem for me although i do understand other users being very upset by the behaviour of this new improved program, as for the program itself i think it runs very well once installed and protects at least up to the level of ad-aware se, i can only think that perhaps some users have made errors during instalation of ad-aware 2007 and these errors have caused problems for them since.

#7 Oldfrog

Oldfrog

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 121 posts

Posted 15 June 2007 - 07:20 PM

I am willing to await an update that will hopefully reduce the memory consumption somewhat

None of us likes to see a big chunk of RAM being apparently wasted, but I am not convinced that the memory usage in the free version really matters.

I have been running some tests on a² Antimalware and just observed some interesting behavior. After a reboot the a2service.exe (identical in purpose to aawservice.exe) was sitting idle with a working memory set of ~33,000 K. I kicked in a Virtual PC Session which required one third of my system RAM. The working set for a2service.exe immediately dropped to 138 K. The virtual size remained the same indicating that it was swapped out of RAM and into the pagefile.

I would expect to see similar behavior from aawservice.exe while using the Personal (free) version with the GUI closed. If no CPU cycles are being used then I don't believe that it will attempt to hold that RAM.
MS MVP Windows Security 2006-2008

#8 Bill_Bright

Bill_Bright

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 16 June 2007 - 05:13 AM

Thanks for the explanation Tobias, but sadly, you failed to address the MOST common question many people have. You justified the use of the service aawservice.exe. That's not the issue! I have no problem with Lavasoft electing to use a service. I don't even care (too much) that it uses way too many resources, when I am using it. What no one has successfully explained to me is why the service MUST remain running after I exit Ad-Aware 2007 - free or otherwise?

Since the program has the rights to add and/or start the service, and set it to automatic (which is not needed either!), I don't buy that it does not have the rights to stop it. Since I am easily able to use the services applet to stop the service myself, with no apparent side effect other than 20 - 30Mb of freed up resources, the service is obviously not needed when Ad-Aware 2007 is not running. So the question, and frustration factor remains, why is the service left running when no longer needed - even after a reboot, especially when, for the free version, no real-time scanning capability exists?

In regards to Ad-Aware 2007 "Free" being "free", I personally think it is wrong to look a gift horse in the mouth. But I expect to at least get my money's worth - that is, I don't necessarily expect the world, or a fully functional uncrippled program for nothing, but I don't expect a free program to have a crippling influence when not running either. And this does! I feel sorry for folks on a budget with limited technical skills and only 512Mb of RAM who are just trying to create a safe computing environment for their families. That's over 5% wasted resources (and that matters, IMO) and they won't have a clue how to recover it. I sincerely hope Lavasoft is working this issue hard. Most folks could live with a couple hundred Kbs, but not 20 - 30 Mb.

#9 Oldfrog

Oldfrog

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 121 posts

Posted 16 June 2007 - 06:39 PM

Since the program has the rights to add and/or start the service, and set it to automatic (which is not needed either!), I don't buy that it does not have the rights to stop it.

The program has no rights whatsoever, but inherits permissions from the owner of the process. Yes, as a member of the Administrators group a user can start, stop, and install programs/processes. However, if the service is not previously running a Limited User will be unable to start the service meaning that they can't perform a scan. They would likewise be unable to stop the service after scanning.
MS MVP Windows Security 2006-2008




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users