Comment by nullindividual
2 years ago
NTFS is perfectly fine at handling small files and performs on-par with other modern file systems.
The issue is Defender in sync mode/other AV/other file system filters.
DevDrive as noted by default uses an async scanning technique as well as ReFS. ReFS will suffer the exact same performance issues with Defender (or other AV/other file system filters) doing its thing when running in sync mode, which it does by default for ReFS-formatted drives in Windows Server.
https://news.ycombinator.com/item?id=26737521
> Except for CloseHandle(). These calls were often taking 1-10+ milliseconds to complete.
> While I didn't realize it at the time, the cause for this was/is Windows Defender. Windows Defender (and other anti-virus / scanning software) typically work on Windows by installing what's called a filesystem filter driver.
This doesn't take away from your point that _it is slow_, but the reasons are not due to the file system in use.
>The issue is Defender in sync mode/other AV/other file system filters.
I've had folders take a full minute to open on an SSD.
It got to the point where I went to open the folder, it started loading. I needed the file quickly, so I searched for it online, found it, and opened it before windows finished loading that folder for me.
After exempting that folder from Windows Defender the folder loads instantly. For the life of me I cannot understand why Defender blocks Explorer.
Probably because Explorer hosts shell hooks which can potentially execute arbitrary code.
Just one example: File icons or thumbnails can be dynamically generated by shell extensions based on the file contents. A maliciously crafted file could potentially exploit a vulnerability in such a shell extension.
> For the life of me I cannot understand why Defender blocks Explorer.
I suppose if you wanted to find out, you could use dtrace/ETW.
Explorer has other things going on, though, including other apps that hook into it (shell extensions, like Adobe Reader, TortiseGit/SVN, and so on) which can certainly cause performance issues.
Technically, they're because of the filesystem in use: it's providing the APIs these garbage-ware utilize... which causes the performance issues ( ◠ ‿ ・ ) —
File system filter drives apply to all (RW) file systems on Windows. It's not exclusive to NTFS or ReFS.
Windows has an extensible model. It's a different approach from most (all?) other OSes. It offers a different set of features.
Sure, AV could perhaps be done in a different manner that would be more effective/faster, I can't comment on that as I lack the insight required -- only MSFTies that work on kernel code could respond in any authoritative way.
I was of the understanding that these sync APIs are only available on Windows filesystems, so a fat32 formatted filesystem wouldn't suffer the same performance impact, which is why windows provides "virtual drives" for performance on their cloud instances that give you extra performance... Precisely by formatting them with a filesystem that doesn't support these sync/blocking Apis.
But I'm not particularly knowledgeable either on this topic, just a (forced) consumer of the operating system with the occasional reading on the side
3 replies →
I don't know if async, AV, NTFS, or what, but some years ago we could demonstrate reliably that running a "big" maven compile on a lot of .java files was faster in Linux than Windows.
The kicker... Linux was running inside a VirtualBox VM inside the very same Windows host.
This could also be some variance in the `javac` command between OS's, granted.
Doesn't it (Windows VFS layer) also lack the equivalent of dentry cache, making all metadata lookups slow?
The MFT describes resident (in-MFT) metadata about files, or non-resident (external to the MFT, but the MFT has a pointer) if the metadata does not fit within the MFT. The MFT itself is a database; Windows makes use of file system caching, be it in-memory or another caching mechanism, like on-device disk cache.
So why is it still pretty slow for file operations on DevDrive (no filters, async antivirus)? I found the performance improvement not that significant.
1 reply →