neowin.net

I have seen more and more users recommend installing this "Patch" to solve other users problems and it is getting very annoying. I would have to say 99% of the people who have installed this patch have no idea what it actually does and they are passing along false information to other users here on neowin potentially opening up major security flaws in something Microsoft changed to slow down the spread of viruses.

It is a misconception that installing this "Patch" will speed up any type of internet connection. This patch DID NOT change the amount of connections you can have open at once, only the amount of INCOMPLETE connections that can be attempted per second.

Unless you are receiving 4226 errors in your event log (to see what this looks like, go here) this "Patch" will do absolutely nothing for your connection. If you are seeing these errors you should find out what is causing them instead of patching the TCP/IP file and going on with your business.

Microsoft did this for a reason. It was not to hinder your user experience but to try and slow down the spread of viruses.



This post has been edited by Frank: Jan 7 2005, 15:41

it does work, eMule had speeds of no more than 20kb and when i patched i've been seeing 60-100kb
ares lite has been faster too

i have 70 some, 4226 errors in my event viewer...

I'm pinning this due to the massive ammounts of misinformation floating around about this so called "patch". Frank is certainly right about this, and anyone who has a decent understanding of the TCP/IP stack knows he's right. SP2 does not limit network connections for any applications without good reason. The only time it would limit such connections is when those attempted connections are targeted at invalid hosts.

Viruses/worms (including Blaster and others) attempted to create network connections to random IP addresses, without caring if there was a machine at the other end or not. This is why Microsoft's article says programs such as port scanners (which often flood the network with invalid packets) may work somewhat slower. Had this functionality been in effect when blaster was released, the spreading of the worm would be drastically slower than it was.

Note that the article says such packets are put in a queue. Any invalid packets are not simply discarded; they will be sent out onto the network, but only at a manageable rate. No packets will be dropped due to this new behavior in Windows.

Pinned

thx Fowen..uh i mean frank i thought i always smelled BS when i seen info about this "patch"

Good idea.


Yes, if you constantly get these errors, chances are you actually have some software installed that try to do bad things. It only tries to limit extremely fast newly established connections, where the destination hasn't had time to answer yet. For legitimate software, under normal circumstances it shouldn't affect your connection speed noticeably.

It needs to be emphasised that the SP2 fix is for connection rate limits not connection limits, and no connections are dropped, even when this is triggered. They're simply put in a queue, which XP handles pretty darn quickly of getting emptied (by establishing the queued connections) anyway. This feature is just there so basically simultaneous connections won't happen.

What's the implications for, say, a BitTorrent user? Well, for one thing, it shouldn't be triggered as you're using it. Not even if you have, say, three prallell BT downloads going on. I know I had no trouble, and each of them was for popular files with a lot of sources. Sure, I did have these reports in the event log, but only as I started up the downloads, since then it tries to establish a lot of connections basically at once, and these are partial since the hosts haven't had chances to reply yet. So they're queued. I can imagine what you lose here is a few seconds. SP2 has not limited my BT upload or download transfer speeds, I can still get over 5 Megabits per second when I'm on a popular torrent. And this limit is still not triggered. So if your connection is struggling at lower rates, I can't imagine it being for this reason.

This post has been edited by Jugalator: Jan 7 2005, 07:27

NO! Don't "patch" your system files, find out what's causing those events Such information is far more useful, because you can stop it from happening, possibly improving performance of the application, and alerting the author of such software to a bug in their code. Don't you see, allowing the connections to continue at full speed is only a cheap workaround that does nothing to solve the problem!

Yeah, I modified the post already

I meant, it's the only reason to patch, but never said that this should only be a reason in very rare cases. (I'm not even sure what these reasons would be, in case it's not about a worm trying to spread)

I had a hunch about this tweak being all wrong. I used it once because I do some downloading from Kazaa. It isn"t so much that tcip errors show up when "downloading" stuff, for me. They show up when I leave my Search function set to continually search out common keywords where a bazillion files show up.

I'll give you an example. If you download from Kazaa, don't download anything for awhile, just search for "DVD" with "video" selected. Then, come back a few hours later and check your Event Viewer for tcip errors.

I'm not saying to apply this tweak...I don't used it...I'm just telling you what happens to me, and telling you why and when it happens to me.

What anti virus are you running? Have you updated the dat files recently?

The first thing I would do even if you have a up to date virus scanning program is to go to http://housecall.antivirus.com and run a full scan on your PC.

I have 20 of those errors

should i worry

the only p2p app i use is limewire but that doesent cause it because i ran it with the event manager open and no error was generated

Did you refresh the log?
This patch isn't even made by MS, should be your first clue that it's not what you "think" it was intended for. When it first came out, I looked it over. Wasn't hard to figure out I didn't want or need it. I have cured the errors I was getting, which wasn't many or very often.

There are legit applications out there that need to initiate many TCP SYN connections which have an unknown probability of getting answered. So why are people arguing that no one should change this limitation? Obviously mom and pop aren't going to need this patch to check their email, and it will help limit the spread of viruses. However Microsoft could have avoided this problem by not creating a virus-prone operating system in the first place. If you run p2p applications then by all means a user should have the ability to change this setting. Unfortunately Microsoft decided to hardcode the limit of half-open connections so people have to rely on a shady third party executable (which I am sure has been decompiled and analyzed by now).

Yes. If you don't know where you are coming from I would be worried. I would first run the free online virus scan at http://housecall.antivirus.com like I suggested to travis.cd.

Would you please point out some of these third party applications? These applications have to send out 10 unanswered connections a second in order for this limitation to take affect.

I never said no one should patch there system, I am sure some people (a very small percentage of who has patched) needs this limit removed. I am not telling them to not patch, I am trying to get the point across that if you think it is going to speed up your KaZaa or Bittorrent connection your are wrong, and by spreading this information your are just reversing a security measure that Microsoft put into place to slow down the spread of Viruses.

My brother has run KaZaa, Ares, and Bittorrent and he is running a machine with Windows XP SP2 and he has never received a 4226 error. I run Bittorrents every once in a while and I have not received an 4226 error on that machine.