Microsoft predicts performance impact of Spectre and Meltdown fixes

The continued response to the challenges presented by the Meltdown and Spectre speculative execution vulnerabilities has been somewhat overshadowed by all of the shiny new hardware on display in Las Vegas this week, but technology companies are still working to sort out the matter. Terry Myerson, the Executive VP of Microsoft's Windows and Devices Group wrote a blog post about Redmond's response to the vulnerabilities with a prediction of what users of new and old Intel CPUs can expect in terms of performance impact after the patches.

Microsoft expects that most users of Windows 10 on Skylake and newer CPUs won't notice the small reduction in performance that will come with the microcode and software patches. The company says those running Windows 10 on PCs with Haswell and older chips will see more significant slowdowns in benchmarks and that "some users" will notice the loss in speed.

The picture is less rosy when it comes to those running anything other than the latest desktop version of Windows. Microsoft thinks "most users" will notice a decrease in system performance on 2015 and older machines running Windows 7 or Windows 8 or 8.1. Worse still, Windows Server shows "a more significant performance impact" on machines old and new alike, especially in IO-intensive applications. Mitigations to isolate untrusted code on Windows Server systems carry a burden. Microsoft says admins will need to carefully evaluate the risk of untrusted code on each individual Windows Server instance to maintain a balance between speed and security.

The blog post splits Spectre into two variants. Microsoft says that the first, Bounds Check Bypass, can be mitigated with compiler and other software changes that Microsoft has already made available. Redmond says users will need changes to Windows code and a silicon microcode update to protect systems from the second variant, the Branch Target Injection exploit. Meanwhile, Meltdown's Rogue Data Cache Load vulnerability can be avoided by isolating kernel and user mode page tables, which it has already patched into most supported editions of Windows. Overall, the company says patches are in place on 41 of 45 supported Windows editions.

Comments closed
    • HERETIC
    • 2 years ago

    With all the focus on Intel,wer’e not hearing how much this affects NV.

    Just received a e-mail-
    “After installing NV390.65 and KB4056892 had to lower settings to high to maintain
    55+frames in AC Origins.”(3570K@4.2-1070-W10)
    Had they been installed separately we might have had a answer.

    My sympathy to Jeff and the team who have had a HUGE workload this year,all that
    bench-marking now needing to be re-done………………………….

    • DPete27
    • 2 years ago

    Can I opt out of this patch?

      • Chrispy_
      • 2 years ago

      A good question actually.

      What’s the risk exposure vs the guaranteed performance degradation?

      It could be that we’re amputating one leg from every human on the planet because there’s a 1-in-500,000 chance that people with two legs die horribly. It could be that everyone still in possession of both their legs suddenly explodes, instantly killing everyone around them.

      Sometimes (not usually) the risk is better than the mitigation steps, and these mitigation steps sound pretty horrible if you’re on Haswell or older.

        • DPete27
        • 2 years ago

        From my limited research, the odds may be even less that either of these two bugs would affect the average user. Especially since Spectre apparently can’t be completely fixed via software patch.

          • Ryu Connor
          • 2 years ago

          No need to opt-out of the patch. Microsoft let’s you disable or enable the protection the patch provides with registry tweaks.

          I’ll put up a video in the forums showing how to do it tonight.

    • setaG_lliB
    • 2 years ago

    So does this OS update require the BIOS and CPU microcode to be updated in order to be effective? According to Microsoft, my Ivy-E @ 4.6GHz running Win7 should be Much Slower now, but it is running just as fast as it was before the update. Even disk intensive workloads don’t appear to be running into any sort of CPU bottleneck. I ripped a couple of (my own) blu-rays yesterday and did a standard M2TS to MKV remux on an 850 Pro SSD. As always, it created the ~30GB output file in about 2 minutes.

    I also have an old 32-bit Yonah iMac with Windows 7 and it too didn’t slow down one bit after the update.

      • smilingcrow
      • 2 years ago

      “I ripped a couple of (my own) blu-rays yesterday and did a standard M2TS to MKV remux on an 850 Pro SSD. As always, it created the ~30GB output file in about 2 minutes.”

      The slowdown will be more for random I/O than sequential.

        • patrioteagle07
        • 2 years ago

        NVME will also be hit harder… Big block low iop sequential not a problem… small block high iops… feel the burn.

    • blitzy
    • 2 years ago

    Seems like a major PITA to tell if your system is patched / secured

    [url<]https://www.windowscentral.com/how-check-if-your-pc-still-vulnerable-meltdown-and-spectre-exploits[/url<]

      • TwoEars
      • 2 years ago

      It’s actually a pretty easy process, but I can see a lot less tech savy users being completely clueless about all this. What’s a bios? Huh?

    • smilingcrow
    • 2 years ago

    It’s still too vague for me as I’d like to know what to expect with Skylake and later running Windows 8.1 specifically. The implication is clearly there but would prefer some hard data.
    Maybe the patches for 7 and 8.1 are ‘sponsored’ by Apple?

      • patrioteagle07
      • 2 years ago

      It is highly workload dependent. Early patches were worse and caused a scare… nothing like 0.5% to 50% impact to cause a frenzy… RHEL patches show the worst case scenario to be 8-18% on certain database workloads. I would imagine that is 8% on current gen hardware and 18% on older.

      [url<]https://www.servethehome.com/red-hat-outlines-meltdown-spectre-patch-performance-impacts/[/url<] Guessing under 1-5% for most windows 10 users is fairly safe... and it generally takes around a 10% change for it to be felt. That said I wouldn't be surprised if windows was releasing optimization patches at the same time to offset the losses.

    • Ninjitsu
    • 2 years ago

    I think I got the patch on Win 7 + Ivy Bridge, can’t say i’ve felt a difference in performance.

    • GrimDanfango
    • 2 years ago

    [quote<]The picture is less rosy when it comes to those running anything other than the latest desktop version of Windows. Microsoft thinks "most users" will notice a decrease in system performance on 2015 and older machines running Windows 7 or Windows 8 or 8.1.[/quote<] Microsoft just can't pass up an opportunity to twist *anything* into "you really really REALLY should upgrade to Windows 10 did we mention you should upgrade to Windows 10?!" these days. We get it... you want the world to stop hanging on to your older, less invasive offerings and embrace the future, and you'll be damn sure to retroactively cripple those older OSes any way you can to force the issue. Can you at least shut up about it now?

      • K-L-Waster
      • 2 years ago

      From the blog article:

      [quote<]Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel. [/quote<] Not retroactive crippling -- originally existing crippling that is just more prominent now.

        • GrimDanfango
        • 2 years ago

        Eh, fair enough. I suppose I am just being melodramatic for effect 😛

        Deserved downthumbs I guess.

          • w76
          • 2 years ago

          The real shame is the linux desktop world seems utterly incapable of capitalizing on any of Win10s failures. I keep rooting for them though, I think they’re on the right track with containerized apps like the flatpak implementation. Their long-standing approach has been too clever by half, and prone to not being user friendly, since the start.

          Maybe, one day…

            • GrimDanfango
            • 2 years ago

            I’m not sure Windows 10 really has many failings… it’s technically solid, a good step in UI from Windows 8 (If not from Win 7), and from a business point of view, it capitalizes entirely on the vast majority’s trained complete apathy for anything relating to personal privacy rights.

            What *could* the Linux world do to capitalize on that? When half the world will gleefully invite Amazon Alexa into their lives as a glittering wonder of modern technology, but wouldn’t care to even know the word “Linux” unless it was piped into their subconscious by a relentless targeted ad campaign… there’s not much the free software movement can do without fundamentally compromising the whole point of the free software movement. I fear Linux is doomed specifically because of what it does right.

            At this point I can’t say I care much what other people do… the main things I resent are Microsoft continuing to hold half my games library to ransom, and the sheer unrestrained, unavoidable audaciousness of their Win 10 push, which as a marketing campaign feels constantly like it crosses over from someone grimly but pragmatically hammering the last nail in society’s coffin, to them gloating about it like a Bond villain stroking their cat.

            Besides that, I’m just slightly wary of the day when they manage to convince society at large that the only people who use Linux are people with something to hide – if you don’t have anything to hide, why wouldn’t you just use Windows like a normal, non-suspicious, law-abiding member of society?
            Perhaps I’ll be dead and buried before it gets that far. Then again, that’s already what it can feel like sometimes whenever you dare to post in a forum thread asking a dev to consider making a Linux port of a game… and it seems like recently the gaming community is a pretty good early barometer for whatever caustic new direction society at large will take in the next 5-10 years.

            Hmm, I feel like that was a fairly good rant… probably not the best idea to attach it to a thread that I started with such a rubbish opening post, in response to a largely unrelated topic 😛 Oh well, let the downthumbs fly…

            • moog
            • 2 years ago

            Speaking as a long time dev at Microsoft, I love Linux.

            • NTMBK
            • 2 years ago

            You just made The List.

            • GrimDanfango
            • 2 years ago

            Interesting. So, as someone who “sees how the sausage gets made” – would you say it’s not as bad as my sensationalist ramblings… or worse? 😛

            • ermo
            • 2 years ago

            Why?

            • Kretschmer
            • 2 years ago

            Linux on the desktop is a solution looking for a problem.

            It was a solution looking for a problem in 2003, when I first heard about the “movement.” It is a solution looking for a problem 15 years later. It will be a solution looking for a problem in 2033.

            Average users don’t care about the technical underpinnings of an OS. They just want to use familiar operating principles with familiar applications.

            • GrimDanfango
            • 2 years ago

            What sets Linux apart isn’t really the technical underpinnings – Windows has thoroughly solid technical underpinnings.
            Many desktop Linux distributions also work with largely familiar operating principles to anyone who has used Windows, and have many familiar applications, especially for basic home users who are mostly interested in web browser-based applications.

            What Linux has going for it is that it is open, free, and non-intrusive. In those regards, it’s only a solution in search of a problem *if* you don’t consider matters of freedom and privacy to be a problem worth addressing… and that’s the problem – most people don’t.

            I think where most people misjudge Linux is in thinking the people involved are desperately trying to vie for market share and failing. Linux on the whole is perfectly successful at what it sets out to achieve, which is to provide a viable alternative to the minority of people who don’t want to contribute to the ruthless, capitalism-driven conventional software market.

            Linux will never be a big part of that market, because it would stop being Linux the moment it did. See Android…

            • Growler
            • 2 years ago

            But 2018 is the Year of Linux on the Desktop! Or, more specifically, the 20th Anniversary Year of Linux on the Desktop.

          • Flying Fox
          • 2 years ago

          Well, I’m sure they won’t be unhappy about that little side effect if it makes more people to migrate to 10.

        • willmore
        • 2 years ago

        But Microsofts tests show Win7 getting faster after the patch.

    • elmopuddy
    • 2 years ago

    If I understand correctly, this slowdown is from the “bandaid”, but will go away once BIOS and or firmware of the machine is patched?

      • MrDweezil
      • 2 years ago

      Somehow I suspect there’s no BIOS update coming for my ivy bridge board.

        • Lemonsquare
        • 2 years ago

        There won’t be any BIOS update for my Z87/Haswell based board from Asus either, and there hasn’t been in years. I’ve no doubt this applies to some newer platforms as well. Motherboards are like Android phones basically, you’re lucky if you get 2 years of security updates even on flagship models.

          • DancinJack
          • 2 years ago

          I mean, I get why they wouldn’t updated a Z87 board, but my Z170 has been keep VERY up to date by Asus. I’ve been quite happy. Original update on their support site is from 09/01/2015 (Sept) all the way through 11/22/2017. Multiple updates each year. /shrug

      • xeridea
      • 2 years ago

      Meltdown (major Intel flaw) is there forever. No bios update can fix it. Software bandaid is the only fix. Many Intel CPUs require additionally a bios update for Meltdown and Spectre mitigation. New CPU silicon is only real fix, and Intel is pretending they did nothing wrong, and nothing is broken, so good luck with that.

      AMD is not affected by meltdown (they do not perform speculative execution if it requires jumping from user to kernel privilege). They are affected by 1 of 2 Spectre variants. I think ARM is more vulnerable than AMD, haven’t looked into it as much.

        • Concupiscence
        • 2 years ago

        Upvoted, though I’ll add that a permutation of Meltdown also affects at least one line of ARM chips. That’s the one where patching is going to hurt performance for I/O-intensive applications – virtualization and lots of server duty will be negatively affected. Spectre’s well-named, since it’s a fundamental problem that casts a chill shadow across [i<]very[/i<] wide swathes of hardware manufactured in the last decade plus.

      • ddarko
      • 2 years ago

      If anything, it’s the opposite – Microsoft says the exploit patch that needs both a Windows and microcode update has the performance impact while the exploits patched through Windows only may have minimal impact. Per the blog:

      [quote<]In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.[/quote<] I have a Haswell Devil's Canyon/Z97 system running Windows 10 that's not even 3 years old and it falls into the category of "some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance."

    • tay
    • 2 years ago

    If these are as good as their predictions on file copy or install times, they should keep them to themselves.

      • derFunkenstein
      • 2 years ago

      “Microsoft time” strikes again

      • K-L-Waster
      • 2 years ago

      I don’t know whether to laugh or slam my head on my desk. Hmm, guess they’re not mutually exclusive…

      • Wirko
      • 2 years ago

      “You may need to restart your computer after installing this update.”

      “Microsoft probability” strikes again, MAY == 100% SURE

        • cygnus1
        • 2 years ago

        I don’t mess around with that. Unless it explicitly says no reboot required, and ideally explains why not or is obvious why not, it’s going to get rebooted. Some older AMD hardware is blocked for other reasons, but that’s a different story.

        [url<]https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices[/url<]

    • Concupiscence
    • 2 years ago

    Is there any word yet on whether Meltdown is being patched unilaterally across AMD and Intel systems?

      • xeridea
      • 2 years ago

      I have read Linux fix for Meltdown is disabled on AMD, but I don’t know if there is any word of Windows. Maybe someone will also benchmark AMD to see.

        • Concupiscence
        • 2 years ago

        Yep, the kernel team wasn’t ambiguous. I can’t find the quote at the moment, but they essentially said, “if AMD is so confident that Meltdown won’t affect them, then we’ll leave it disabled by default on their hardware.” Spectre affects just about everyone, but mitigating it involves less of a performance hit. Benchmarks would be good.

      • RdVi
      • 2 years ago

      Wanting to know this also. I have two old AMD systems at work running win 7 (Phenom 2 and Kaveri) that I have no reason to replace and would prefer not to incur a performance hit on them…

        • cygnus1
        • 2 years ago

        MS is not discriminating hardware, they’re patching across the board. Leaving it to users to disable if they’re confident they’re not affected.

    • derFunkenstein
    • 2 years ago

    Since Broadwell is more-or-less a die shrink of Haswell, is it safe to assume that 5th-generation processors will perform more like 4th gen than 6th?

      • Concupiscence
      • 2 years ago

      Yes, I would say that’s a safe assumption.

    • Kretschmer
    • 2 years ago

    Prediction: most of the people complaining about these vulnerabilities won’t be able to tell any difference between pre-patch and post-patch performance.

      • DancinJack
      • 2 years ago

      Desktop users? yeah probably. People that interact with webservers and other heavily I/O dependent stuff? they will notice.

        • Kretschmer
        • 2 years ago

        Hence the “most.”

          • DancinJack
          • 2 years ago

          I guess that depends on your circle of interaction. I’ve seen a lot of professionals unhappy about it in the past few days. I haven’t seen a ton of regular joe schmo desktop users upset. /shrug

Pin It on Pinterest

Share This