While Intel continues to play down the slowing effect the patches for Meltdown and Spectre can have on machines using their CPUs, Microsoft has finally shared some – though still not definite – indicators of the possible outcomes.
After pointing out that, along with a Windows update, a silicon microcode update will also be needed in order to mitigate Variant 2 of the Spectre attack (branch target injection), Terry Myerson, Executive Vice President of the Windows and Devices Group, said that many of the benchmarks published so far do not include both OS and silicon updates.
“We’re performing our own sets of benchmarks and will publish them when complete, but I also want to note that we are simultaneously working on further refining our work to tune performance,” he said.
“In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.”
As was probably expected by many, the older the CPUs, the more impact the patches will have on performance.
At the moment it seems that machines running Windows Server will take the biggest hit.
“Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance,” Myerson noted, and advised administrators to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for their environment.
Only Windows 10 users with machines with newer chips (2016-era PCs with Skylake, Kabylake or newer CPU) won’t witness a noticeable slowdown. Some Windows 10 users on older silicon (2015-era PCs with Haswell or older CPU) can expect to notice a decrease in system performance.
Windows 7 and 8 users, whether they run it on machines with old or new silicon, are the ones who will most certainly experience a slowdown.
“Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel,” Myerson explained.
“For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation.”