Named CPU skyrockets for ActiveX objects in IE 5.5 browser

[JB]

>I'd need to see some evidence.

My testimony is evidence. Either you feel I am inept (testimony incorrect
through illusion) or a liar (testimony tainted with deception.) If either of
those were true, how would electronic "evidence" make a difference? I would
only post what I see and testify to. CPU close to 1%, CPU close to 60%.
Named.exe at 0%. Named.exe close to 60%. Quite a contrast by any measure.

There was one other person who posted a message saying he witnessed this
phenomenon on his computer, although he had ActiveX turned on in IE, which
is true for most people, so was going to check out the affect of turning it
off. I configured it to prompt me so I can only enable it for sites I trust.
Why? Originally Nimda. But there was a recent security alert for Macromedia
Flash requiring an immediate upgrade, so minimalist permissibility seems to
work.

Can someone please explain how posting snapshots of Windows Task Manager
will help get this problem resolved? Is there anyone out there that tested
these same conditions, and didn't have a problem? The front page of the WSJ
is accessible by anyone, and appears to invoke the problem 100% of the time
for me when I say yes to running ActiveX objects for that page, so all you
need is IE to complete the test. Configure it to prompt you before running
any ActiveX objects. Tools... Internet Options... Security... Custom
Level...

To test:

1> Go to WSJ.com.

2> Click "No" when it prompts you to run ActiveX objects on the page.  (If
it doesn't prompt you, you either don't have IE configured to prompt before
loading ActiveX objects, or the WSJ currently is not serving advertisements
requiring it on that page at that moment.  Try later if the latter is the
case.)

3> When page loads, check overall CPU usage and CPU usage of named.exe
(should be 0% if you have not publicized it. That's what it is for me.)

4> Refresh the page.

5> Say yes to ActiveX objects running.

6> Note the overall CPU usage and the CPU usage of named.exe. For me,
named.exe is around 60% of CPU, although I expect this will vary depending
on your CPU.

Tested on:  Windows 2000 with IE 5.5

NOTHING shows up in query log. You can leave the high CPU state of named.exe
indefinitely, and nothing will show up unless you have legitimate queries
that happen to occur at the same time. Since nothing is actually using BIND
on my computer, I only see entries if I do a HOST or some other query. My
browser and other activity does not appear to query BIND.

Could something be exploiting BIND? Or could this be a fluke? I'd like to
know what happens when others try this (to bolster the "evidence", to say
the least).

NOTE: Just now for the first time, when testing this on an NT box, I
discovered that the main page of WSJ does not always prompt you for ActiveX
objects. While I was able to immediately get this prompt while clicking on
an article, I know you have to be logged in to do that, so don't expect it
to be a viable test for peeps that don't have a subscription. If someone
else can find another web page that always tries to load ActiveX objects,
I'll test it out and let everyone know if it produced the problem here.
While WSJ's ActiveX objects have so far produced it 100% of the time, other
sites with ActiveX have not.  I'd have to try it to see if it invokes the
problem.  Dictionary.com seems to cause the problem when it happens to serve
up an advertisement using ActiveX, but doesn't always do this.


----- Original Message -----
From: "Danny Mayer" <mayer at gis.net>
To: "Erik Sliman" <erik at openstandards.net>; "Mark Damrose"
<mdamrose at elgin.cc.il.us>; <comp-protocols-dns-bind at isc.org>
Sent: Saturday, May 11, 2002 12:18 AM
Subject: Re: Named CPU skyrockets for ActiveX objects in IE 5.5 browser



At 07:40 PM 5/10/02, Erik Sliman wrote:
>The Application Log was retrieved with the event viewer.  Since then I
>update named.conf to create a log file.  It does the same thing to the text
>file, basically.  It creates an entry each time I do a query with HOST,
>showing that it is logging queries.  However, even when I reproduce the
>CPU/ActiveX/named problem, nothing else goes in the log.  It looks like
>whatever is running in the named.exe process does not get logged, and
>probably has nothing to do with DNS queries, but only when certain ActiveX
>controls are running, which WSJ uses 100% of the time, and other sites,
such
>as Dictionary.com, use some of the time, while others, like AltaVista.com,
>don't ever seem to invoke.
>
>Does the Windows port of BIND use ActiveX controls?

No. BIND uses straight ANSI C code.  There is no ActiveX, COM, DCOM
or other technologies involved.

>  Even if this is true,
>it still doesn't explain everything because:
>
>1> If BIND is not running, the overall CPU usage is much lower when the
>ActiveX controls run.
>2> If the web page is loaded with ActiveX controls, and THEN the named.exe
>service is started, the named.exe still picks up CPU enormously, taking it
>up near 60%.

I'd need to see some evidence.

>Both of these facts appears to reduce the likelyhood that the named.exe
>process is merely getting credit for the CPU usage of ActiveX controls that
>both it and IE are using.  The latter goes against the theory becuase you
>would think that, of the very least, it would be credited to the first COM
>client to load the object.  The first fact detracts from the theory because
>IE is not showing nearly the same CPU usage when run without BIND as BIND
>produces when the objects are loaded in IE.
>
>More than anything my curiosity is killing me.  This seems to indicate a
>possible hole, to say the least.  I know I had to upgrade Macromedia player
>recently because it's ActiveX object had a major security hole.  This could
>be another since BIND runs with a lot of authority.  This, of course, is
>part of the reason I have IE ask me whether or not I want to run an ActiveX
>object on a web page.  If I don't trust the site, I say no.  Of course, now
>I say no just to save CPU.

         Danny