The recently disclosed Meltdown and Spectre security vulnerabilities are serious and there’s no good excuse for not applying all available software updates to help minimize the risk of malware stealing your personal data from your phone, tablet, or PC. But improved security comes at a cost: because the updates change the way an operating system interacts with a processor in some situations, it can slow down performance.
The impact on performance varies from not much to quite a bit depending on the hardware and software you’re using and the type of tasks you’re trying to complete.
Now Microsoft has provided some more details about the performance impact of its Windows security updates. For the most part if you’ve got a computer released in 2016 or later, Microsoft says you probably won’t see much difference in performance after applying the update. But if you have an older machine, then you probably will see a noticeable slowdown.
The company says Windows 10 PCs with Intel Skylake, Kaby Lake, or newer processors do show performance slow-downs in the single digits… but since we’re talking about milliseconds, most people won’t actually notice a perceptible change.
But if you’ve got Window 7, 8, or 10 running on a computer with an Intel Haswell or older processor, Microsoft says you’ll probably notice that your computer feels slower sometimes.
The biggest impact Microsoft has measured so far is in Windows Server installations running tasks that require reading and writing a lot of data.
Interestingly Microsoft hasn’t said anything about the performance impact on computers with AMD processors. Then again, the company just halted the rollout of security updates to some AMD-powered machines because it was resulting in users being unable to boot their PCs. So I guess that’s a pretty big performance hit.
Microsoft always says that. Of course they want you to ditch your old PC and pay for a new one. They just want your money.
So MS’ fixes cause more performance issues for Windows than the kernel fixes forLinux? I guess we’ll find out when MS defines what’s “noticeable”, “more significant”, etc. mean when numbers are released later.
Were the Linux benchmarks only on more recent CPUs? MS’ blog mentions the slowdowns are more significant on older CPUs.
Public feedback is starting to roll in, and we’ll get more clarity on this over time. At this point, a reasonable generalization is that “end-user computing” isn’t substantively impacted, although cloud-computing and server- or I/O-related uses have notable slowdowns. The 30% figure wasn’t a hyperbole, but actually more of a median number. Given that Intel is the current dominant supplier for cloud-computing vendors, sales will likely take a substantial hit, and margins will drop from the inevitable discounts there. Yes, Intel stock will be impacted.
Some points:
. A flaw of this magnitude will inevitably draw PR management. Every vendor (Microsoft/Google/Intel/AMD) would want to put the best possible spin on its respective products. It’s naive to take info from these vendors at face value, without corroboration from independent and trustworthy sources.
. There are indeed better sources available to inform and educate on this particular issue. One is Anandtech, which has an excellent piece thus far, and is well-positioned to provide continuing coverage on this ongoing situation. The other is The Register (UK), which was among the first to break the story. I’m sure there are other worthy rags, but these are the old standbys I turn to for anything chip-related.
. AMD Ryzen has made some waves last year for nearing Intel’s performance. I’ll be keeping a close eye on its future benchmarks w/o the Meltdown penalty vs Intel’s. Yes, it is a viable near-term option for those who opt for a new PC.
So maybe the performance difference from a 4.5GHz Core i7-2600k to a 5.0GHz Core i7-7700k will increase?
Its around 30-35% now…. maybe that will go higher?
What about older 3.8GHz Core i7’s (first-gen)… which are another 20-25% slower.
The Core2Quads are outdated though….
From Microsoft:
> Because Windows clients interact with untrusted code in many ways, including browsing webpages with advertisements […] malicious JavaScript deployed through a webpage or advertisement could access information.
Securing the browser seems to be the most important first step.
Also, I wonder how much untrusted 3rd-party code gets funneled in via apps and the OSes themselves (login screens, start menu, etc). Things are already pretty bad in the App department – especially on Android devices.