Windows 8: Mail, Calender, and People using 400GB of network bandwidth!!

old skool

[H]ard|Gawd
Joined
Apr 5, 2000
Messages
1,694
Has anyone ever seen this? Didn't find much info on the googles, so I wonder if this is a new issue?

This explains why my network has been so crappy lately. Another reason to hate Windows 8. Thanks Microsoft!

(The only fix I know of is remove the Mail, Calendar and People app. Which is probably not a bad idea anyway but still what a joke!! gg Microsoft)

Mail_Calendar_People.jpg



UPDATE: Problem Solved.
I emptied out all the messages that had build up in the junk e-mail folder and viola suddenly mail, calendar and people stopped downloading messages.

Let me explain. I have an e-mail service provided by my website provider that I use for my primary e-mail, and primarily use Windows Mail for Desktop as my e-mail client. (I still use the Win8 Mail App for the laptop, phone and tablet). All my e-mail clients are configured for IMAP so that all of my e-mail is synchronized across all of my devices.

Well, for some reason, I've had this long standing problem Windows Mail (for Desktop) and the junk e-mail folder on the e-mail server. What would happen is every time I synchronized e-mail, I would get a popup saying Windows Mail had determined some of it was probably junk mail and moved it to the junk folder. But when I try to click and view the message, it would disappear from the list as if deleted and then re-appear again moments later. It was an annoying bug but harmless as far as I knew. It basically meant I wasn't able to read junk mail or delete it. No biggie, right?

Boy was I wrong.

I just checked my e-mail quota on the server. I had more than 3,000 duplicate e-mails in the junk e-mail folder that hadn't been cleaned because the same 8 or 9 items that Windows Mail had tried to move to the junk folder had been duplicated hundreds of times!! Clearly this is a bug!! (My guess is the Windows Mail inadvertently duplicated the message every time it synchronized messages)

At this point I can only presume that my Win8 Mail App was continuously downloading the messages from the junk folder though I have no way to confirm. My best evidence is that I watched-- in real time-- the "Communications Service" went from 3 mbps to 0.0 mbps when I purged all the messages from the junk folder (on the server side) and it has been there ever since..

So anyway there you have it. It was in fact "real traffic" over the network due to a bug with regards to the interaction of Windows mail and the mail provider and Win8 mail. As a long term solution I've configured the desktop mail application to use POP3 and delete messages after 30 days and think that should work.
 
Last edited:
Well, what kind of account do you have set up? If you are using say, POP3, and you have a lot of big attachments, it will download all of them.
 
Has anyone ever seen this? Didn't find much info on the googles, so I wonder if this is a new issue?

This explains why my network has been so crappy lately. Another reason to hate Windows 8. Thanks Microsoft!

(The only fix I know of is remove the Mail, Calendar and People app. Which is probably not a bad idea anyway but still what a joke!! gg Microsoft)
Way to fly off the handle. You're placing blame without knowing what you're talking about...

That column in the task manager shows ALL network traffic, including loopback traffic that never actually leaves your PC. What you're seeing is the apps exchanging data with the OS and/or other apps, not actual network traffic. You're freaking out over nothing.

Edit: Also, mine only shows 8mb of usage for that collection of apps at-present. That means this non-problem isn't even a universal non-problem :rolleyes:
 
Way to fly off the handle. You're placing blame without knowing what you're talking about...

That column in the task manager shows ALL network traffic, including loopback traffic that never actually leaves your PC. What you're seeing is the apps exchanging data with the OS and/or other apps, not actual network traffic. You're freaking out over nothing.

Edit: Also, mine only shows 8mb of usage for that collection of apps at-present. That means this non-problem isn't even a universal non-problem :rolleyes:

Its also showing the stats since 11/7/2014. Which in my mind, 400 MB or email in a month is easy to do, especially looking at my inbox of 200+ emails per day, and annoying people sending me 4-6 MB screenshots embedded in an email.
 
Its also showing the stats since 11/7/2014. Which in my mind, 400 MB or email in a month is easy to do, especially looking at my inbox of 200+ emails per day, and annoying people sending me 4-6 MB screenshots embedded in an email.

No kidding...compared to his Netflix usage that is nothing. Removing those apps is clearly over reaction.
 
Nobody should have e-mail on a windows machine lol. Remove them asap.
 
400 gigabytes, not megabytes. 3 orders of magnitude difference there. I noticed this problem when my network was pegged at 3.0 mbps for several hours straight. The problem went away as soon as I uninstalled and reinstalled the app. It's a bug.
 
No kidding...compared to his Netflix usage that is nothing. Removing those apps is clearly over reaction.

Okay, so you think when e-mail is downloading 13 GB per day (that's more than 500 MB per hour) and ruining network performance for everybody in the house, removing it is "clearly an over-reaction?"

Do you have another suggestion I could try if it happens again?
 
Way to fly off the handle. You're placing blame without knowing what you're talking about...

That column in the task manager shows ALL network traffic, including loopback traffic that never actually leaves your PC. What you're seeing is the apps exchanging data with the OS and/or other apps, not actual network traffic. You're freaking out over nothing.

Edit: Also, mine only shows 8mb of usage for that collection of apps at-present. That means this non-problem isn't even a universal non-problem :rolleyes:

Oh yes, that was the literal definition flying off the handle. Thank you for contributing to this thread. I apologize-- as you noted, having only 50,000 times more network traffic than yourself is not even reason for concern, let alone "freaking out."

On the a side note I hope nobody craps on my thread with useful tips that might help the next person because that wouldn't be in the spirit of the hard forum.
 
Okay, so you think when e-mail is downloading 13 GB per day (that's more than 500 MB per hour) and ruining network performance for everybody in the house, removing it is "clearly an over-reaction?"

Do you have another suggestion I could try if it happens again?

Yikes I read that number wrong! Are you sure its not malware/rootkit that is spamming the entire Internet?
 
Yikes I read that number wrong! Are you sure its not malware/rootkit that is spamming the entire Internet?


Not sure; the network was pegged on the downstream (receive) which tells me my hard drives weren't being downloaded to Iran, at least. Also, if it were genuine malware, I would expect the problem to persist after removing the mail app.

My main concern is identifying a fix so the next person who searches for it finds something. Google was actually not very helpful on this bug and I suspect its rare enough that Microsoft hasn't been made aware of it... Perhaps the prudent thing to do is report the bug, lol!! :cool:
 
Dude really, using windows e-mail is like playing russian roulette. Just uninstall the thing before you have 12 sorts of infections.
 
Oh yes, that was the literal definition flying off the handle. Thank you for contributing to this thread. I apologize-- as you noted, having only 50,000 times more network traffic than yourself is not even reason for concern, let alone "freaking out."
Read what I said, you don't have 50,000 times more traffic. Much of the number you're seeing is loopback traffic, which uses the IPv6 stack, but doesn't actually generate any traffic on your network whatsoever. You are under-reading and over-reacting.

You're also viewing a much larger range of dates than the default, as another poster pointed out.

Dude really, using windows e-mail is like playing russian roulette. Just uninstall the thing before you have 12 sorts of infections.
This is the modern app (meaning it's a sandboxed WinRT-API application), it's not really susceptible to viruses like a desktop application would be.

Even if a virus managed to auto-execute right from your inbox, any virus that targets the email client itself would be trapped inside of the Mail app's IsolatedStorage folder, unable to access the rest of the system in any way.
 
Last edited:
This is the modern app (meaning it's a sandboxed WinRT-API application), it's not really susceptible to viruses like a desktop application would be.

Even if a virus managed to auto-execute right from your inbox, any virus that targets the email client itself would be trapped inside of the Mail app's IsolatedStorage folder, unable to access the rest of the system in any way.

The track record of Windows and e-mail is so horrible that I will never trust it again. And neither should you. It's just a horrible idea to open your computer to e-mail links and attachments when you are in the crossights of a few million hackers.
 
The track record of Windows and e-mail is so horrible that I will never trust it again. And neither should you. It's just a horrible idea to open your computer to e-mail links and attachments when you are in the crossights of a few million hackers.
Again, WinRT API applications are isolated, sandboxed, and all code must carry a valid signature from Microsoft before it can execute. It's incredibly difficult to escape the sandbox, as everyone over on XDA developers will attest to (they've had no real success generating a jailbreak for the OS, as of yet).

The only way to get a virus from the modern Windows Mail application is if you save an attachment onto the host filesystem and then manually execute it in some way (and then it has to get past UAC and SmartScreen). You can't be pwned simply by viewing an email.

And THAT wouldn't even work on Windows Phone or Windows RT, which have OS-wide signature enforcement enabled, even on the desktop.
 
Read what I said, you don't have 50,000 times more traffic. Much of the number you're seeing is loopback traffic, which uses the IPv6 stack, but doesn't actually generate any traffic on your network whatsoever. You are under-reading and over-reacting.

You're also viewing a much larger range of dates than the default, as another poster pointed out.


This is the modern app (meaning it's a sandboxed WinRT-API application), it's not really susceptible to viruses like a desktop application would be.

Even if a virus managed to auto-execute right from your inbox, any virus that targets the email client itself would be trapped inside of the Mail app's IsolatedStorage folder, unable to access the rest of the system in any way.


Yes I read what you said; it uses loopback. I don't even know what means so I don't have a lot of options to be able to verify if what you said is true (in my case, specifically).

I logged into my Time Warner Cable account to view my internet network usage details for previous months. I was able to confirm that November was the highest month out of the 5 months data is available. We were out of vacation for the 1st week of that month so it does suggest the data transfer is occurring over the network.

Not a network guy, so I don't know how to positively confirm if you're saying is true. But here is my question to you: How do you know for certain that the data is going over loopback? And wouldn't my other Windows 8 PC's show similar statistics? What would cause the app to peg the internal "loopback" node at 3mbps per second, anyway?

It seems like we could be having a useful conversation about trying to diagnose the problem but you'd rather be all hand wavy about it. Why?

(Not being rude; just asking a direct question)
 
Yes I read what you said; it uses loopback. I don't even know what means so I don't have a lot of options to be able to verify if what you said is true (in my case, specifically).
If you'd read what I said, you'd have an pretty good idea what loopback connections are...

They're connections your PC is making to itself. It's not uncommon for inter-app communication to take place through the IPv6 stack. This shows up as "network traffic" even though none of the data being exchanged actually leaves your machine.

Not a network guy, so I don't know how to positively confirm if you're saying is true. But here is my question to you: How do you know for certain that the data is going over loopback?
Go ahead and install Fiddler if you want to be dead-sure. It will let you monitor all network traffic going in and out of your PC on whatever network interface you tell it to.

You can even have it monitor the Mail app specifically.

And wouldn't my other Windows 8 PC's show similar statistics? What would cause the app to peg the internal "loopback" node at 3mbps per second, anyway?
Syncing all the user profile pictures from the People app to the Mail app for the first time could do that rather easily. There are many scenarios where the apps might exchange large amounts of data.

It seems like we could be having a useful conversation about trying to diagnose the problem but you'd rather be all hand wavy about it. Why?
We are having a useful conversation, and I'm throwing out plenty of relevant information that explains exactly what you're seeing.

The explanation just so-happens to point to this being a total non-issue.
 
Problem solved; I emptied out all the messages that had build up in the junk e-mail folder and viola suddenly mail, calendar and people stopped downloading messages.

Let me explain. I have an e-mail service provided by my website provider that I use for my primary e-mail, and primarily use Windows Mail for Desktop as my e-mail client. (I still use the Win8 Mail App for the laptop, phone and tablet). All my e-mail clients are configured for IMAP so that all of my e-mail is synchronized across all of my devices.

Well, for some reason, I've encountered this long standing problem between Windows Mail (for Desktop) and the junk e-mail folder on the e-mail server. What would happen is every time I synchronized e-mail, I would get a popup saying Windows Mail had determined some of it was probably junk mail and moved it to the junk folder. But when I try to click and view the message, it would disappear from the list as if deleted and then re-appear again moments later. It was an annoying bug but harmless as far as I knew. It basically meant I wasn't able to read junk mail or delete it. No biggie, right?

Boy was I wrong.

I just checked my e-mail quota on the server. I had more than 3,000 duplicate e-mails in the junk e-mail folder that hadn't been cleaned because the same 8 or 9 items that Windows Mail had tried to move to the junk folder had been duplicated hundreds of times!! Clearly this is a bug!! (My guess is the Windows Mail inadvertently duplicated the message every time it synchronized messages)

At this point I can only presume that my Win8 Mail App was continuously downloading the messages from the junk folder though I have no way to confirm. My best evidence is that I watched-- in real time-- the "Communications Service" went from 3 mbps to 0.0 mbps when I purged all the messages from the junk folder (on the server side) and it has been there ever since..

So anyway there you have it. It was in fact "real traffic" over the network due to a bug with regards to the interaction of Windows mail and the mail provider and Win8 mail. As a long term solution I've configured the desktop mail application to use POP3 and delete messages after 30 days and think that should work.

I doubt anyone who crapped on my thread will apologize. I don't care. I just hope my research helps some other poor soul who encounters this bug to solve this problem.
 
Last edited:
Again, WinRT API applications are isolated, sandboxed, and all code must carry a valid signature from Microsoft before it can execute. It's incredibly difficult to escape the sandbox, as everyone over on XDA developers will attest to (they've had no real success generating a jailbreak for the OS, as of yet).

The only way to get a virus from the modern Windows Mail application is if you save an attachment onto the host filesystem and then manually execute it in some way (and then it has to get past UAC and SmartScreen). You can't be pwned simply by viewing an email.

And THAT wouldn't even work on Windows Phone or Windows RT, which have OS-wide signature enforcement enabled, even on the desktop.

In theory all is fine and dandy but in practice hackers always seem to find a way to bypass protections. Even if the mail app itself is isolated they can use a third party viewer to escalate the attack most likely. Historically looking there has always been huge gaping holes in Windows security and the worst thing is, they get exploited. I use only linux and OSX for anything web related simply because even that I know even they have security holes, they're much less likely to be targeted.

If I had to use a windows machine for e-mail I would certainly use a cloud based e-mail service that stores and pre-emtively virus scans attachments for me before even presenting the link to download it (and you can then choose if you want to even get the crap on your drive or not).
 
In theory all is fine and dandy but in practice hackers always seem to find a way to bypass protections. Even if the mail app itself is isolated they can use a third party viewer to escalate the attack most likely. Historically looking there has always been huge gaping holes in Windows security and the worst thing is, they get exploited. I use only linux and OSX for anything web related simply because even that I know even they have security holes, they're much less likely to be targeted.

If I had to use a windows machine for e-mail I would certainly use a cloud based e-mail service that stores and pre-emtively virus scans attachments for me before even presenting the link to download it (and you can then choose if you want to even get the crap on your drive or not).

Or just stop opening everything sent to your email, done.
 
In theory all is fine and dandy but in practice hackers always seem to find a way to bypass protections. Even if the mail app itself is isolated they can use a third party viewer to escalate the attack most likely.
Like I said, in practice, nobody has managed to accomplish this. People have been trying to break out of Microsoft's new sandbox implementation for YEARS (since it was first implemented in Windows Phone in 2009).

So far, no luck. Windows Phone and Windows RT remain secure from auto-escalation attacks and exploits. The WinRT environment is hard-coded, top to bottom, to reject the execution of any code that has not been signed by Microsoft.

If you know of an exploit, the guys over at XDA Developers would love to hear about it.

Historically looking there has always been huge gaping holes in Windows security and the worst thing is, they get exploited.
Which is why the WinRT API runs side-by-side with (not on top of) Win32. It's a totally new infrastructure with updated security.

Microsoft effectively fixed Windows security issues with the release of WinRT. If you live entirely within apps running on the new API, you're about as safe as can be.

I use only linux and OSX for anything web related simply because even that I know even they have security holes, they're much less likely to be targeted.
Couldn't this same argument be made for Windows RT?

If I had to use a windows machine for e-mail I would certainly use a cloud based e-mail service that stores and pre-emtively virus scans attachments for me before even presenting the link to download it (and you can then choose if you want to even get the crap on your drive or not).
Outlook.com does exactly what you describe.

But, as I said, as long as you don't save an attachment to the host filesystem, you're safe. Even if you do save an attachment to the host filesystem, you'd have to be trying rather hard to get infected.
 
Last edited:
Like I said, in practice, nobody has managed to accomplish this. People have been trying to break out of Microsoft's new sandbox implementation for YEARS (since it was first implemented in Windows Phone in 2009).

So far, no luck. Windows Phone and Windows RT remain secure from auto-escalation attacks and exploits. The WinRT environment is hard-coded, top to bottom, to reject the execution of any code that has not been signed by Microsoft.

If you know of an exploit, the guys over at XDA Developers would love to hear about it.

You mean there are no known exploits yet. I would be completely surprised if this was the first time a Microsoft product doesn't get owned.

Which is why the WinRT API runs side-by-side with (not on top of) Win32. It's a totally new infrastructure with updated security.

Microsoft effectively fixed Windows security issues with the release of WinRT. If you live entirely within apps running on the new API, you're about as safe as can be.

That remains to be seen.

Couldn't this same argument be made for Windows RT?

Yep up to the moment when it was built in the main attack vector known to mankind :) This is why I'm actually worried about with the new Ubuntu phones. That might attract criminals into coding new attacks on linux. Few people seem to realize it but a smart phone is like a multimedia credit card open for attack. If and when a malicious app gets the ability to call toll numbers you're going to lose your money. Luckily for the android people that got hit with the background toll number calling attacks, the phone companies seem to have eaten the damages and suppressed the media coverage in fear of scandal.

Outlook.com does exactly what you describe.

And if I had to use Windows for e-mail that's what I would probably use. I would not want to load any e-mail locally to the computer.

But, as I said, as long as you don't save an attachment to the host filesystem, you're safe. Even if you do save an attachment to the host filesystem, you'd have to be trying rather hard to get infected.

Does this mean that if you open an attachment using the modern mail app, also the third party code runs in the sandbox? This is the main difference between a windows phone and Windows computer - you have flash you have java you have a gazillion ISVs that may open up attack vectors that were not present in the phone environment. So the sandbox may not be as safe as its been on the phone side.
 
You mean there are no known exploits yet. I would be completely surprised if this was the first time a Microsoft product doesn't get owned.
Yup, no know exploits yet. People have been hammering on it since 2009 trying to create a proper "jailbreak" for Windows Phone so we can run fully unsigned software.

Also... that's why you said you used OSX and Linux, because "I know even they have security holes, they're much less likely to be targeted."

Same thinking could be applied to WinRT applications.

That remains to be seen.
No, it has been seen. Windows Phone 8 and Windows RT have signature-enforcement enable system-wide, and neither OS has any malware.

What, exactly, are you waiting to see?

And if I had to use Windows for e-mail that's what I would probably use. I would not want to load any e-mail locally to the computer.
You'd trust a Win32 web browser, running on your desktop, with access to the host file system, able to run known-shit plugins like Flash and Java... you'd trust that NOT to get popped by a drive-by exploit from an email preview-pane?

But you don't trust the WinRT API based Mail application, which is effectively stuck in its own virtual machine?

I don't follow your reasoning.

if you open an attachment using the modern mail app, also the third party code runs in the sandbox?
3rd party code is unable to execute without a valid signature from Microsoft. Even if it did find some way to execute, any attempt to modify the Mail app leads to a broken signature, causing the sandbox to kill itself as suddenly the contents are not recognized as a valid executable by the task host.

This is the main difference between a windows phone and Windows computer
No, you're not getting it. Modern apps (WinRT API apps) are the same on Windows Phone and Windows 8.

Same security model, same code signature enforcement, same sandboxing / virtualization. With the introduction of the universal app model, both Windows Phone 8 and Windows 8 run exactly the same app with a different GUI on-top.

you have flash you have java you have a gazillion ISVs that may open up attack vectors that were not present in the phone environment.
Like I said, none of that applies to Modern WinRT API applications. A WinRT application cannot install Java, cannot install Flash, and cannot access the Win32 versions of either.

It's pointless to attempt building a dynamic recompiler within WinRT because the resulting code wont execute.

So the sandbox may not be as safe as its been on the phone side.
The sandbox on the desktop is identical to the sandbox on the phone, and just as safe. Escaping the sandbox is incredibly difficult, and no malware yet has done it.
 
Last edited:
Yup, no know exploits yet. People have been hammering on it since 2009 trying to create a proper "jailbreak" for Windows Phone so we can run fully unsigned software.

Also... that's why you said you used OSX and Linux, because "I know even they have security holes, they're much less likely to be targeted."

Same thinking could be applied to WinRT applications.

Not anymore as they're integrated to Win8.

No, it has been seen. Windows Phone 8 and Windows RT have signature-enforcement enable system-wide, and neither OS has any malware.

What, exactly, are you waiting to see?

Eeeek! Wrong! In the very limited ecosystem of the phone things may be fine and dandy but on the open wilderness of Windows desktop all bets are off!

You'd trust a Win32 web browser, running on your desktop, with access to the host file system, able to run known-shit plugins like Flash and Java... you'd trust that NOT to get popped by a drive-by exploit from an email preview-pane?

But you don't trust the WinRT API based Mail application, which is effectively stuck in its own virtual machine?

I don't follow your reasoning.

First of all I never allow any scripts or flash or java to run on my browser and block all ads - even when I'm browsing with linux! Second the online e-mail apps do not open previews but offer a download link instead. Third the proper e-mail online providers run a virus scan on server side to everything before it even offers it for your viewing. That's about a gazillion times safer than haivng a pop3 server push different attack payloads to your local harddrive and have your local application preview them!


3rd party code is unable to execute without a valid signature from Microsoft. Even if it did find some way to execute, any attempt to modify the Mail app leads to a broken signature, causing the sandbox to kill itself as suddenly the contents are not recognized as a valid executable by the task host.

Office products are signed by Microsoft yet they're one of the most common targets of attack. Your logic fails to compute there.

No, you're not getting it. Modern apps (WinRT API apps) are the same on Windows Phone and Windows 8.

Same security model, same code signature enforcement, same sandboxing / virtualization. With the introduction of the universal app model, both Windows Phone 8 and Windows 8 run exactly the same app with a different GUI on-top.

Sure but what about the Powerpoint used to open that e-mail attachment? Is that shared also with the phone? What about zip files, media files, possibly another JPG vulnerability etc. historically quite possible sources of infection?

Like I said, none of that applies to Modern WinRT API applications. A WinRT application cannot install Java, cannot install Flash, and cannot access the Win32 versions of either.

So what you're saying that you can't do anything but read text using the RT mail? Ok. Then it's safe.

It's pointless to attempt building a dynamic recompiler within WinRT because the resulting code wont execute.

The sandbox on the desktop is identical to the sandbox on the phone, and just as safe. Escaping the sandbox is incredibly difficult, and no malware yet has done it.

Correction: Nobody currently knows it to have been done. Generally people find out when the deepest black hats have reaped the benefits and decide to sell it to script kiddies.
 
Back
Top