LinkedIn Sourceforge Twitter

Vincent's Blog

Pleasure in the job puts perfection in the work (Aristote)

Activity of an idle PC Windows10 versus OpenBSD

Posted on 2020-12-12 18:38:00 from Vincent in OpenBSD

It's funny to see what does an idle machine. In this blog I compare which websites contacts my OpenBSD laptop with a Windows 10 laptop. I do know very few things of W10, so you can consider it as stock installation. You can see it as a newbie setup.


Introduction

I'm often amazed by all the mysterious behavior of my Windows machine. I'm totally incompetent with this type of Operating System and I'll not go deep into his configuration.

So let's see how this W10 machine will react against my OpenBSD desktop. In both cases I'll let open the same applications.

Both machines must use my own DNS server to go to internet. So, I'll compare the logs of my DNS in both cases.

The setup

On my home network, an OpenBSD serve is serving as dhcp & dns server and as firewall. This machine will become the default gateway to go to internet.

I'll let the both machines runs the same among of time: 45 hours

On OpenBSD, I'm using OpenBSD-6.8 with Openbox and Tint2 for the graphical user interface.

My windows Machine is running Wndows10-1904 with bitdefender as antivirus. For my daily job, I need to use Citrix client. You will see it in the results.

Applications running will be:
- Chrome with 2 tabs: linkedin.com and gmail.com
- thunderbird

The machine will just be rebooted before the test and will not be used, I just keep it running.

Both machines are lenovo T460

Results

Global connections

It's not a surprise that W10 is more using internet. 5375 connections against 1047 on OpenBSD.

Antivirus

We see that the W10 anti virus is using regularly Internet. Even if we remove this type of connections, W10 is using 2x more Internet than OpenBSD

Google

We see that W10 is much more interacting with google servers than OpenBSD. A more deep analysis would be interesting. Anyhow, I can show the top most url used by W10:

play.google.com.    440
mail.google.com.    275
safebrowsing.googleapis.com.    93
clientservices.googleapis.com.  91
0.client-channel.google.com.    45
mail-ads.google.com.    45

On OpenBSD the top google connections are:

mtalk.google.com.   188
play.google.com.    86
update.googleapis.com.  36
www.googleapis.com. 26

home.lan

Interestingly, W10 is looking for several machines on my home lan. Here after those names and their occurrences:

wpad.home.lan.  319
_ldap._tcp.dc._msdcs.home.lan.  2
lpgwmxrst.home.lan. 1
leyswydcvc.home.lan.    1
smlmiux.home.lan.   1
fzyotbnefb.home.lan.    1
eqnyycgfw.home.lan. 1
qumutqusdzayk.home.lan. 1

What is that ?

OpenBSD is not requesting such home.lan

Intel

Apparently W10 is connecting to Intel web sites. But it's not for what I though:

gameplay.intel.com. 2
gameplayapi.intel.com.  2

Linkedin.com

Amazingly, OpenBSD is connecting more frequently than W10. Strange
Could be linked to the activity on my account. More news, more refresh, or something like that.

On the W10, the requests were:

www.linkedin.com.   195
realtime.www.linkedin.com.  38

On OpenBSD, there were:

www.linkedin.com.   419
play.google.com.    96
realtime.www.linkedin.com.  78
media-exp1.licdn.com.   2
static-exp3.licdn.com.  2

Thunderbird

We see that on W10 thunderbird is checking more frequently the mail's server. Maybe due to a parameter
In both cases, it reports some data to mozilla.

blocklists.settings.services.mozilla.com.   4
firefox.settings.services.mozilla.com.  4
prod.balrog.prod.cloudops.mozgcp.net.   4
aus.thunderbird.net.    2

Microsoft

As expected, W10 is connecting a lot with Microsoft servers. I don't know what are those sites. I list some of them here under:

v10.events.data.microsoft.com.  140
settings-win.data.microsoft.com.    106
spclient.wg.spotify.com.    91
tile-service.weather.microsoft.com. 91
ctldl.windowsupdate.com.    68
notifications.4team.biz.    45
watson.telemetry.microsoft.com. 45
ws.4team.biz.   45
arc.msn.com.    37
ris.api.iris.microsoft.com. 32
login.live.com. 16
tsfe.trafficshaping.dsp.mp.microsoft.com.   15
v20.events.data.microsoft.com.  15
www.bing.com.   15
fe3cr.delivery.mp.microsoft.com.    13
slscr.update.microsoft.com. 10

Conclusion

Like expected W10 is connecting to several unsolicited servers.
This is not a new info, but at least, in my specific case, I have a better idea on which servers.

With OpenBSD no bad surprises, it does what we expect.



27, 23
displayed: 11451
Comments:

1. From Richard Dern on Sun Dec 13 11:31:54 2020

Hello, Requests to *.home.lan are coming from Chrome browser. https://unix.stackexchange.com/questions/363512/chrome-dns-requests-with-random-dns-names-malware

2. From Martin on Sun Dec 13 13:01:06 2020

Did you also check connections to IPs without consulting a DNS server?

3. From Sam on Sun Dec 13 17:20:26 2020

"no bad surprises"? I guess it depends how you classify the LinkedIn connection... not many bad surprises, maybe...

4. From Tim on Sun Dec 13 18:41:45 2020

It sounds like he doesn't classify LinkedIn as a bad surprise. He called it strange which is not necessarily negative. It's too bad he didn't post the specific URLs his OpenBSD machine connected to...

5. From Vincent on Sun Dec 13 22:29:46 2020

Thanks Richard for the link. I'll check it because I'm interested to understand why it occurs on W10 and not on OpenBSD.

6. From Vincent on Sun Dec 13 22:31:10 2020

@Martin. No I did not check the direct IP connections. Maybe I will do it in a next check.

7. From Vincent on Sun Dec 13 22:35:15 2020

@Sam. In both cases chrome was open with Gmail and linked.com in 2 tabs. In both cases, linkedin is open with my account. So, same parameters. I just discovered that on OpenBSD it reach www.linkedin.com much more frequently.

8. From Vincent on Sun Dec 13 22:37:00 2020

@Tim, I will add urls in the text.

9. From thfr on Mon Dec 14 15:31:28 2020

In case you are using Windows 10 for Citrix - you can run Citrix Workspace chromium App on OpenBSD. Just install it from the chromium apps/extension. Works well for my work purposes.




What is the second letter of the word Python?