Microsoft Details Performance Impact of Spectre and Meltdown Mitigations on Windows Systems

Microsoft's Windows chief Terry Myerson on Tuesday outlined how Spectre and Meltdown firmware updates may affect PC performance. From a blog post: With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don't expect most users to notice a change because these percentages are reflected in milliseconds.

With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance. With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.

Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel.

Really?

This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

This is a complete cop-out.

People will need to balance their security against their performance.

While this isn't MS's doing, it's Intel, MS is essentially side-stepping this and saying "bummer, dude, but you should decide if you need performance or security".

No wonder this patch borked some systems, it sounds like it's something they half implemented, rushed out the door, and then threw up their hands.

Re:Really?

What — exactly — do you expect Microsoft to do? They didn't make the hardware and they can't fix this in software. I believe the fact that they're offering the choice (on Server at least) of suffering the performance impact or not shows an extraordinary degree of pragmatism. I honestly can't imagine a better response; how would you have them change it?

Re:Really?

Actually, this is a software (more precisely, a compiler) problem. The problem is that the modern compilers
make it difficult for these modern CPUs since they don't clearly instruct the CPU on how to proceed.
So the CPU has to speculate (a.k.a. guess) what instruction it should do next. If the compilers produced
better code in a more organized fashion, then the CPUs wouldn't have to be guessing all of the time, amiright?

(Hey, you know this is the next step in the blame game - watch somebody make a serious thread of this.)

CAP === 'spells'

Re:Really?

This is too:
"Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel."

It's pretty fucking obvious that MS are trying to take advantage of the situation to get more users to finally switch over to Spyware 10 by fearmongering.

Well I'm sticking to my Windows 8.1 Pro and I won't be applying the kernel patch AND I will be totally safe. We have lived with this "flaw" for more than two decades without a single person noticing it or being affected by it. That isn't going to change. I don't run untrusted software, I use AV, antimalware/antispyware and I have two firewalls in place. I am 100% unconcerned about the Meltdown "flaw" and I 100% guarantee that I'll suffer zero ill affects from not downgrading my kernel.

Re:Really?

Yea, that's not why speculative exists at all.

Re:Really?

How dare Microsoft (and Linux) (and Apple) program these CPUs as specified by the manufacturers... What were they thinking!?

Re:Really?

[spire3661]

I expect them to give me a choice to install this patch or not.

Re:Really?

[ArtemaOne]

Makes a lot of sense to me. Imagine a classified or close network. Those often require physical access, and often those ports are managed, which means you need to be logged in, so it's not even an issue if it isn't internet accessible.

Re:Really?

[ArtemaOne]

8.1 was worse than 10 for sure. I could get if you were defending 7, as that was a sweet spot.

Re:Really?

[K.+S.+Kyosuke]

Hey, you know this is the next step in the blame game - watch somebody make a serious thread of this.

Too late; Itanium engineers did this two decades ago. ;)

Re:Really?

[EndlessNameless]

It's pretty fucking obvious that MS are trying to take advantage of the situation to get more users to finally switch over to Spyware 10 by fearmongering.

Not at all.

Since Vista, Microsoft has been on a very deliberate path of reducing dependencies, streamlining interfaces, and stripping legacy cruft within Windows. They have been modularizing the Windows kernel and kicking more functionality into user space for over a decade. This isn't news. I'm sure they're glad that it finally paid off though.

You are conflating the architectural improvements with the intrusive telemetry. They are two entirely different issues. In fact, I wouldn't be surprised if the people who argued in favor of the current kernel design turned around and argued against the always-on telemetry. (Everyone wants telemetry during development; it only becomes stupid when you force users to transmit it.)

Windows 10 with ad hoc measures to suppress telemetry is a much more secure operating system than Windows 7 or 8. If you value security and require Windows, that is where you should land. This is doubly true for enterprise users, as they can acquire Windows licenses which allow them to completely disable telemetry.

Re:Really?

Nope. Windows 10 is Windows 8.1 + spyware + bloatware + forced updates. Windows 8.1 is infinitely superior to Windows 10.

Re:Really?

[mysidia]

I expect them to give me a choice to install this patch or not.

I want a highly-visible ON/OFF switch in Control Panel.
For most servers it should default to OFF.

Re:Really?

[110010001000]

"JavaScript cannot other applications' memory as it's sandboxed in the browser."

So adorable!

Re:Really?

It sounds like you are talking more about instruction reordering (aka out-of-order execution). That's where the CPU looks at the instructions, sees that there is a delay on instruction #1 (ex: a memory read, or an FPU operation) that holds up instruction #2 but not instructions #3 and #4, and reorders the execution on the fly so that it can execute instructions #3 and #4 while it is waiting for #1 to continue. I seem to recall that 20+ years ago, intel's compilers were optimizing for stuff like this, but it was obviously processor dependent as different generations or brands of processors take differing numbers of clock cycles for each instruction. For that reason, you'd have to pick a specific processor to optimize your compile for, and as a result execution may be suboptimal on other processors. That's why processors starting with the Pentium Pro (and just about every intel processor since then...not sure about things like the atom or ARM chips) have hardware reordering. Because the hardware supports it now, I'm really not sure what the state of the art is in compiler code generation (do they still bother reordering or just not care anymore).

But regardless, instruction reordering is a different beast. What we are talking about with spectre is speculative execution. This is not reordering the instructions that are definitely coming next. Instead, this is guessing at which path a conditional jump will take and getting a head start on executing those instructions. For example, if you have something like:

if ([value in memory] = 1) then x = a+b else x = c+d.

The memory reference is slow, but until it completes, you have no idea what you should be calculating. So the processor has to load the value from memory, wait for that to complete, then execute the appropriate calculation and wait for it to complete. Speculative execution would instead start loading the value from memory, make an educated guess that the value will be 1, start executing a+b, then when the value from memory is finally loaded and compared to 1, either use the already precalculated a+b, or discard that and calculate c+d.

Re:Really?

[Ryanrule]

Hey, we hate Microsoft and any left wing thing here.

Re:Really?

[fahrbot-bot]

They didn't make the hardware and they can't fix this in software.

I imagine Intel actually can fix this with a chip firm/software update, but won't because they don't want the responsibility of dealing with anything that goes wrong across the many, many varied CPUs affected. (Just a very cynical guess though.)

Re:Really?

[Duhavid]

Yes, but Windows 8.1 is Windows 7 + rearranging the UI so you cant find anything + attempting to force you to use lame walled Garden apps ( aka Metro ) + lame home page "applets" ( aka Metro ) sucking all kinds of CPU and memory to tell you all kinds of things you cant see at the moment and really dont care that much about probably.

Windows 7 is infinitely superior to Windows 8.1

Re:Really?

[Duhavid]

""It's pretty fucking obvious that MS are trying to take advantage of the situation to get more users to finally switch over to Spyware 10 by fearmongering.""

"You are conflating the architectural improvements with the intrusive telemetry. They are two entirely different issues. In fact, I wouldn't be surprised if the people who argued in favor of the current kernel design turned around and argued against the always-on telemetry. "

Where does the poster conflate them? The post seemed to be complaining about the intrusive telemetry.
Microsoft could make the architectural improvements to 7 and/or 8x, or they could allow people to opt in/out of the telemetry in 10.
They don't do either, because they want you to take 10 on. With the telemetry.

Also, note, Microsoft elected to push patches for Meltdown and Spectre for windows 10 this week. The patches for Windows 7 and 8x are available, but you have to wait for them. The patches are available, have to have been tested, or they would not be available, but somehow, it is less important for Windows 7/8 users to have them? I could argue the reverse, there is more security for the larger portion of the user base for Windows 7 and 8 to get priority, as those systems would be running on older equipment. ( My understanding is that the older CPU's are more susceptible to these issues, so if someone has to wait, the newer systems should. )

I agree with the other post, Microsoft is using this to push people onto Window 10.

Re:Really?

[Joce640k]

We have lived with this "flaw" for more than two decades without a single person noticing it or being affected by it.

Sure, but in 2018 every bad person in the world suddenly knows about it (and how to use it).

Re:Really?

[Joce640k]

I expect them to give me a choice to install this patch or not.

Yep. "We expect most users to notice a decrease in system performance" is corporate-speak for "you're fucked if you install this".

Most users wouldn't notice a slowdown until after the 30th Internet explorer toolbar.

Re:Really?

[TheFakeTimCook]

Actually, this is a software (more precisely, a compiler) problem. The problem is that the modern compilers
make it difficult for these modern CPUs since they don't clearly instruct the CPU on how to proceed.
So the CPU has to speculate (a.k.a. guess) what instruction it should do next. If the compilers produced
better code in a more organized fashion, then the CPUs wouldn't have to be guessing all of the time, amiright?

(Hey, you know this is the next step in the blame game - watch somebody make a serious thread of this.)

CAP === 'spells'

Actually, no. You're NOT right.

Speculative branch prediction happens because there is NO WAY for ANYONE to know whether a Branch based on DATA will have to be taken or not. Otherwise, there wouldn't have to be CONDITIONAL branches AT ALL!

I see software development is NOT your forte, amirite? ;-)

Re:Really?

[ls671]

I just submitted a patch to gcc so it makes more predictable code.

The patch:
if you write x=x+100;

This will now translate into:
for (int i=0; i<100; i++) {
  x++;
}

It will then be easier for the CPU to guess the next instruction is x++

Alternatively, one may use the brainfuck programming language:
https://en.wikipedia.org/wiki/...

Re: Really?

[silverdirk]

Did you miss the part about FONT RENDERING IN THE KERNEL? Sounds like 8 does it in kernel, and 10 does it in userspace. Says to me that there are significant improvements in 10

Re: Really?

[dryeo]

WTF is any operating system doing rendering fonts in ring 0? This was one of the reasons for the MS and IBM divorce, MS wanting to run stuff (video drivers) in ring 0 for performance and IBM refusing for security.

Re:Really?

[jezwel]

If they could they would - this is a PR disaster larger than the FDIV & FOOF bugs of yesteryear.
The fix requires permanent disabling of performance enhancing functionality, and is required a lot faster than BIOS updates could bring - hence the OS inclusions.

It will take over a year before Intel has new silicon out that does not have this flaw baked into their CPUs.

Re:Really?

[toddestan]

Windows 8.1 is actually pretty good in some aspects. Noticeably faster and more stable than Windows 7 (and Windows 10 for that matter). It's also the last version of Windows without all the forced telemetry and forced updates. That makes it really the last version of Windows you can use without handing control over to Microsoft.

Of course, the huge flaw is the UI. Though there are some fixes for that (Classic Shell), and I never really minded it that much, though I agree it is still a step back.

The other thing to consider is Windows 7 currently has just over 2 years of support left. With Windows 8.1 you've got another 5 years to finish your migration to Linux.

Re:Really?

[thsths]

No, Microsoft is the victim of this bug, not the perpetrator. They just try to mitigate the impact. The fact that they give customers this option implies that the performance impact is huge.

Re:Really?

[WhoBeDaPlaya]

You might want to check the batteries in your sarcasm meter ;)

Re:Really?

[torkus]

Windows 7 is infinitely superior to Windows 8.1

I wish they just went and updated 7 with some of the new tech in 10. Leave the &$%# UI alone already.

Re:Really?

[ArtemaOne]

I'll agree that 8.1 fixed most of the stuff I hated that 8.0 introduced. I had given it up and gone back to 7 before its release initially, but I was running it again before 10 came out because I used all my licences for the free 10 upgrades, and was far more impressed than I expected.

Re:Really?

[Duhavid]

My take: Windows and Office, they are not adding enough value to the actual product to get us to fork over cash for a new version.
So, take the existing product, smash up the UI to make it different, add a few things you could have added ( and, really, are ) to the original product, spin up the hype machine ( new! improved! ) and hope to sell the snot out of it. Oh, and leverage any external events like this to push people onto the new product. Stop selling the old product, do all you can to force people to the new, like no security updates to the insecure product sold after some period. I can sympathize with some of it, supporting too many products is inefficient.

Re:Really?

[TheFakeTimCook]

You might want to check the batteries in your sarcasm meter ;)

Maybe.

Maybe just too many hours fending-off the Slashtard Haters...

Re:Really?

[Agripa]

What — exactly — do you expect Microsoft to do?

I expect them to not apply a performance sapping patch to my AMD system which does not require it.

Re:Really?

[zwarte+piet]

So why can't I get a 8.1 kernel on 7? (or xp)

Re:WHAT ABOUT AMD????

[JaredOfEuropa]

AMDs are bricked, didn't you read the earlier news?

Re:WHAT ABOUT AMD????

[barc0001]

*Some* AMDs are bricked, older chips.

Refund

So, how do I apply for a partial refund from Intel for my CPU?

Planned Obsolescence

[xxxJonBoyxxx]

>> With Windows XX on older silicon (2015-era PCs with Haswell or older CPU)...we expect...a decrease in system performance. (So plan to buy a new proc from our licensed PC distributors soon.)

Re:Planned Obsolescence

[freeze128]

With "Older" silicon, you can probably buy a faster CPU to put into your older motherboard. It's not really a "NEW" CPU, just a faster one to compensate for the performance hit.

Re:Planned Obsolescence

[dyfet]

Indeed...translation; "Intel fucked up, and we fucked it up even more in our crappy design decisions, but we are both going to make huge profits from selling everyone new hardware and software, so all is good."

Re:Planned Obsolescence

[link-error]

    Except Intel changes the socket format so frequently, I've almost always been forced to by a new motherboard... and new memory.

Re:Planned Obsolescence

[Dog-Cow]

Yes, that's older. It's how time works. Look into it when you have some.

Re:Planned Obsolescence

[Lothsahn]

Core 2 doesn't just run Ubuntu perfectly fast, it runs modern games perfectly fast.

My son's computer is a C2Q 9500 with Windows 10. There's no specific release date published on Intel's ARK, but C2Q 9550 released in Q1 2008 (10 years ago!), so it's at least that old. He plays Overwatch on it in Ultra Quality at a constant 60 FPS (limited by his display). That's a 10 year old computer (with a newer GPU) running games at full speed that you're "supposed" to buy multi-thousand dollar computer setup for. He got it on Craiglist for $50, plus a couple spare parts I had lying around and a $150 GPU.

CPU scaling has really slowed down--a 10 year difference used to be a world changer, and now 10 year old CPUs are fast enough.

Re:Planned Obsolescence

[Lothsahn]

Yes, you can do exactly that. My son upgraded from a C2Duo to a 2.8 GHZ C2Quad for $25. The extra two cores would more than compensate for the performance losses from these OS fixes.

Doesn't always work if you have a laptop (many CPUs are soldered in these days), and it does involve some cost on your own, especially if you don't do the work yourself.

Re:Planned Obsolescence

[jezwel]

I just did. My 4790k was released in 2014 and runs at 4GHz.
It took Intel 2 CPU generations to equal that single core speed (with only the 6700k in Aug 15), then the 7700k finally beat it (just) @ 4.2GHz a year ago - Jan '17.
The 7740X @ 4.3 followed in June '17 (and pulls 25% extra power to get that less than 10% increase...).
The 8 series tops out at 3.7Ghz.
They are all still running the 4 cores.

Sure it's "older". It's certainly no-where near obsolete.

Re:Planned Obsolescence

[toddestan]

That also assumes you can upgrade your CPU. My main computer runs an i7-3770K which I believe is the fastest CPU ever offered on Socket 1155. The other computer is also Socket 1155 and runs an i7-2600K. While that could be upgraded, the 2600K isn't really that much slower than the 3770K. I suppose I could overclock them as they are unlocked, though I haven't bothered because it hasn't seemed worth it.

Re:Planned Obsolescence

[thegarbz]

What's a GHz? Is that some irrelevant performance metric from the 90s?

In other news The Pentium 4 had more GHz than the competition. Ever wondered why it was laughed at?

Re:Planned Obsolescence

[Cederic]

Well, now that raw processor speed is suddenly more important, the GHz numbers could start being relevant again.

TFA is quite informative...

[FrankSchwab]

Kudos to Microsoft and Terry Myerson - great article with excellent details...

as long as you're running an Intel processor. Inquiring minds want to know where in the performance-hit list a Ryzen shows up. Does it have the " refined...instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation."?

Re:TFA is quite informative...

[DigitAl56K]

Kudos to Microsoft and Terry Myerson - great article with excellent details...

It's a well laid out article, but it's a shame they've shied away from posting any actual numbers, leaving us to guess what kind of impact they're talking about, and for everyone to have to run their own benchmarks. They could have said something like "typically xx-xx%, with workloads having heavy I/O most affected".

Sandy Bridge processors info

Or are they ancient and not worth reporting?

Re:Sandy Bridge processors info

[Hal_Porter]

Your performance will be fucked six ways to Sunday if your workload does a lot of user to kernel mode switches. Unless you fancy waiting for Intel to release fixed chips and then buying a new CPU and a new motherboard to put it in.

Ironically Intel forcing people to buy new motherboards to switch between very similar CPU generations coupled with the fact that any Intel CPU you buy now still has the bug means that its just as easy to buy an AMD CPU and motherboard than an Intel one.

Then again a new Intel chip has Process Context ID support which means the workaround for the bug is relatively low impact.

Re:Sandy Bridge processors info

[WaffleMonster]

Not worth supporting is more like it. It may sound like this is going to spell losses for Intel, and I'll grant that they've seen a momentary dip in stock prices, but you can bet good money that this will ultimately result in a rush on new Intel hardware to replace "bad" hardware. And people will just throw piles of cash at them, because reasons.

There is no new Intel hardware available for sale to replace "bad" hardware. There *IS* however new AMD hardware.

Re:Sandy Bridge processors info

[NettiWelho]

Not worth supporting is more like it. It may sound like this is going to spell losses for Intel, and I'll grant that they've seen a momentary dip in stock prices, but you can bet good money that this will ultimately result in a rush on new Intel hardware to replace "bad" hardware. And people will just throw piles of cash at them, because reasons.

Give it another week or two to settle, then buy Intel stock. Watch and see.

I am still on 2011 made i5-2500K and and with upgraded GPU new games still run at highest settings; If I have to upgrade both mobo and memory because of these shenanigans my next machine won't be an intel system, thats for certain

Still running at stock speeds thought, will try overclocking before buying anything new.

Re:Sandy Bridge processors info

Too bad Threadripper and Ryzen doesn't have hardware virtualization support. I'm not even sure they can cleanly run hyper-v or kvm.

That's false and I'm curious what led you to make such a blatantly incorrect claim. AMD has a history of supporting virtualisation features even on consumer chips, with no arbitrary gating of the features behind higher-priced SKUs, and they've continued that with Ryzen and TR.

I'm using an R7 1700 on an x370 board and have no problems at all running a GPU passthrough setup with KVM, just had to make sure IOMMU and SVM settings were enabled in the BIOS. (Turning off SVM effectively disables the virtualisation features, and turning off IOMMU support does what one would expect.) I believe Ryzen even has SR-IOV support, but I have no hardware to test with to be certain.

I've heard the TR IOMMU groups are weird, but that hasn't been an issue with my Ryzen chip. Only other problem was a long-standing kernel bug that surfaced with Ryzen's release, but that's 1) not a hardware fault; 2) fixed in new kernels; 3) only relevant for passthrough; and 4) it was only an occasional performance issue for GPU passthrough.

Time to upgrade

[postmortem]

Folks, your CPUs 2015 and older are obsolete ... how convenient for Wintel.. get that fancy new CPU and another copy of Windows 10, because what you have today is OEM version, so with a new CPU you'll need a new Windows copy.

Re:Time to upgrade

[FrankSchwab]

"Obsolete"? My home PC just blue screened from outrage at such a statement. Its Deneb processor from 2009 is just fine, thank you, and even ran DOOM 2016 acceptably (well, it did after I stole my son's video card).
Methinks your definition of Obsolete is different than mine...

Re:Time to upgrade

[postmortem]

Not *my* definition of obsolete, just a small dose of sarcasm. It is definition that intel + Microsoft are going to be pushing.

Re:Time to upgrade

[cogeek]

Methinks you don't understand sarcasm.... There really should be a font for that.

Re:Time to upgrade

[swb]

You can't talk about obsolete on Slashdot or you're inundated with people running Pentium I systems, ancient Nokia phones, etc. It's an audience that takes pride in wringing the last bits of life out of old hardware.

Re:Time to upgrade

[FrankSchwab]

you're right; I RTFA'ed, but didn't fully RTFC. I stopped after the first phrase. I hang my head in shame...

Re:Time to upgrade

[eclectro]

And your point is????

Re:Time to upgrade

[NettiWelho]

Folks, your CPUs 2015 and older are obsolete ... how convenient for Wintel.. get that fancy new CPU and another copy of Windows 10, because what you have today is OEM version, so with a new CPU you'll need a new Windows copy.

I am on windows 7 using a 2011 made i5-2500K and after upgrading GPU and switching to SSD the machines performance is still good enough to run things like PlayerUnknowns Battlegrounds on Ultra setting(GTA 5 is a bit choppy on ultra but runs buttery smooth on high).. And I haven't even overclocked the CPU yet.

I am yet to install the patches, but if the performance degrades beyond tolerable I'll first crank the OC to max, maybe try to find a deal on a faster socket 1155 processor as there are couple..

But if I have end up having to upgrade motherboard and memory because of these shenanigans then I will 100% buy my next CPU from someone else than Intel.

Re:Time to upgrade

[Lonewolf666]

how convenient for Wintel.. get that fancy new CPU and another copy of Windows 10, because what you have today is OEM version, so with a new CPU you'll need a new Windows copy.

And don't forget a new motherboard, because the CPU socket changed from Socket 1150 to Socket 1151 with Skylake.
Well, perhaps some people will actually throw away their computers and I can loot some memory from those. Not gonna touch the Intel CPUs though ;)

Re:Time to upgrade

[MachineShedFred]

Unfortunately, that font will be rendered in kernel space, because there have never been any security vulnerabilities in fonts...

Who the hell decided that was a good idea?

Re:Time to upgrade

[Wrath0fb0b]

You know they fixed that and now fonts are no longer rendered in the kernel. Or you would know that, if you RTFA.

Re:Time to upgrade

[Wrath0fb0b]

Spectre is actually applicable to Intel, AMD, and the various ARMs (Samsung, Qualcomm, ...)

You're thinking of Meltdown, that's Intel specific.

Re:Time to upgrade

[MachineShedFred]

I did know that. However, they still made the decision to do that at one point, and they didn't reverse that until the somewhat recent past.

So the question stands: Who the hell decided that was a good idea?

Re:How is 2015 old?

[dstyle5]

If you are using one of these "old" processors you haven't bought a new one and supported their good friends at Intel recently. Come on, get with the program, consumer. Also pick up a Pro or Enterprise version of Windows while you buying your new Intel processor, chum. ;)

Re:WHAT ABOUT AMD????

A tiny percentage of AMDs crash when they boot. It's not all AMDs. And none of them are bricked.

Re:WHAT ABOUT AMD????

[chispito]

AMDs are bricked, didn't you read the earlier news?

Except no PCs were bricked. An unspecified subset of computers needed the OS reinstalled.

Free speed upgrades for Appdoze 10!

[PingSpike]

That's the nice Windows 7 you got there. It'd be a real shame if something happened to its performance.

Re:Free speed upgrades for Appdoze 10!

[cogeek]

Winning!

Re:Free speed upgrades for Appdoze 10!

[maeltor]

Its Slashdot. I expect nothing less. When the OP's thread subject has the word "Appdoze" in it, you can basically discount it as bullshit hyperbole. I'm half shocked he didn't spell Microsoft with a $.

Re:Free speed upgrades for Appdoze 10!

[drinkypoo]

I can't believe you're donning your tinfoil hat in response to a bug that Microsoft had no control over.

When Microsoft released Windows NT 4.0, which as compared to NT 3.51 merged the Kernel and GDI memory spaces in the name of graphics performance, many of us complained. "Leave that kind of insecure cockamamie bullshit in the kiddie desktop OS, and leave our Server and Workstation OS with some privilege separation," we cried. But all unheeding, Microsoft proceeded apace down the path of compromising security in the name of gaming performance (literally!) and gee, look where we are now:

Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel.

It's right there in TFS, font rendering taking place in the kernel. That is epic bullshit, and it's exactly what I'm talking about when I bring up Microsoft merging formerly-separated memory spaces in NT4... and beyond.

I can't believe you're donning your tinfoil hat in response to a bug that Microsoft had no control over.

The correct answer when someone says "I think we need to render fonts in the kernel" is *SLAP*. Not "yes, let's do that." Microsoft doing font rendering in the kernel to improve performance is exactly like Intel checking to see whether access has been violated after execution to improve performance. It's obviously wrong, and it has led to security holes and ultimately is resulting in reduced performance. I almost can't believe that you're making excuses for Microsoft. But since I've seen fanboys and shills before, I can manage it.

Re:Free speed upgrades for Appdoze 10!

Or better yet, don't run EOL software.

Retard alert! Win7 has more than two years before EOL.

Re:Free speed upgrades for Appdoze 10!

[Wrath0fb0b]

Dude, they agreed with this conclusion and moved font rendering out of the kernel.

I can't imagine being your coworker if every time someone admits they made a mistake and correct it, you harp about how wrong they were in the first place. We get that you are Very Smart and were in fact right along along, being ungracious about it is not making you seem smarter, it's making you seem just as smart but more of a jerk.

Re:AMD

[GuB-42]

No mention of AMD but :

From TFA:

In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.

Spectre is Variant 1 and 2. Meltdown is Variant 3.

AMD original response is that there is a "near zero" risk of exploit for variant 2 and a "zero" risk for variant 3. Notice the difference.

And from a link page on the Microsoft website:

Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “speculative execution side-channel attacks” that affect many modern processors and operating systems, including Intel, AMD, and ARM.

So it is very likely that performance impacting mitigations are in place for AMD CPUs too. In fact, they are currently working with AMD on the issue, so it is probably too early to tell.

Re:security versus performance tradeoff

[bit+trollent]

I'm getting terrible performance in Grand Theft Auto 5 and other games. I shelled out big money for a 6 core Intel CPU specifically so it would last a long time.

I can't even play the games that used to run perfectly on the system with acceptable performance.

Anything short of a full recall that replaces my CPU with one that performs at the level I paid for is completely unacceptable. Intel will never recover from this if they screw their best customers.

Forced obsolescence!

It’s all a nefarious plot to force people to upgrade their old computers to the newest models!

Complexity unfortunately means Holes.

[foxalopex]

I don't think this is really that surprising. Modern CPU's are almost like mini-computers in themselves breaking down and reorganizing code on the fly internally. Fixing them means ugly workarounds which will usually cost a bit in performance. As time goes on, expect more of these issues rather than less. It's why most modern CPUs have a BIOS loaded table that makes workaround fixes in hardware although this problem is probably too big to fix there.

Re:Complexity unfortunately means Holes.

[Gilgaron]

I know I share many slashdotters reticence to try out some of the latest smart devices for fears of the security holes therein, I wonder if there will be a new interest in processors that just brute force everything through without any 'tricks' that could be exploited? I suppose that might be impossible to achieve and have compatibility with the rest of modern computing platforms; I don't know much about what instruction requirements might be needed to keep up with current Windows and Linux if these security flaws go all the way back to 1995...

Re:Complexity unfortunately means Holes.

[110010001000]

"Modern CPU's are almost like mini-computers"

Genius!

Re:Complexity unfortunately means Holes.

[Wrath0fb0b]

You could make it fully compatible with x86, no problem. That's not the issue at all.

The cost would be much more than 10% of performance. OOO and speculative execution would probably cost at least 50% of the performance (and, for mobile, this is perf/watt, which translates directly into usable battery life).

Think about it this way: the CPU hits a plain old branch. The branch has a condition variable that's in L3 or main memory. In your "brute force" model, the processor sits idle for 200-300 instructions while the operand is fetched. In the speculative execution model, it uses that (otherwise idle) time to precompute one of the branches. If it's wrong, the cost is a rollback to the branch point (10-16 instructions), it it's right, the win is 200-300 instructions (time that would have been idling around waiting). It's a huge improvement.

Re:Complexity unfortunately means Holes.

[Gilgaron]

Great explanation, hadn't thought about mobile impact with battery life...

Wow amazing coincedence

[Neuroelectronic]

PCID is only supported on newer cpus and just so happens speeds up the performance of isolating kernel tables in software, which is required to block this decades-old exploit. And now Linux is having tons of undocumented patches to support this as well.

Well, at least we have nothing to worry about and go back to working, knowing that there's no way that anyone could use our sensitive information to proxy nefarious activities.

Re:Wow amazing coincedence

[TheDarkMaster]

My CPU is a I7 4930K and it have the PCID (so says the HWiNFO64 and AIDA). But I think I will pass this "fix" if in the background his truly goal is to force me to buy a new desktop and force the use of Windows 10.

Re:Wow amazing coincedence

[sl3xd]

PCID is only supported on newer cpus

Having run across a nearly four-year old CPU having PCID (Haswell Xeon E3-1276), I'm less inclined to say that "newer" is entirely accurate; more that it was less common...

Re:Wow amazing coincedence

[ChoGGi]

PCID is supported on Westmere (2010) and up.

Re:Wow amazing coincedence

[ChoGGi]

Probably depends on your OS as well (I think Linux only added it in 4.14?).

Re:How is 2015 old?

[ripvlan]

I know! I'm with you. My 2 year old still needs diapers. As for my i7 quad-core from 2010 I might need to rethink upgrading... or putting that Registry key and preventing the update from downloading. It already is slow because it has a spinning HD.

But now I'm mad because "I have to" upgrade and pay them money for their mistake. However, proper CPUs don't exist yet. So I want to wait. And suffer in the meantime?

Grumble grumble.

Re:How is 2015 old?

[EvilSS]

I am sorry but how is 2015 called old? Most of 2015 was barely 2 years ago.

" older" is the word they used, not "old". Are you of the belief that something from 2015 is not older than something from 2017?

Re:Honest reasons why 'Windows 7' isn't good enoug

[GuB-42]

AFAIK, most of the issues people have with Windows 10 are about policies and the GUI. And on these aspects, is is reasonable to consider Windows 7 superior.

On the core technical aspects however, most people seem to agree that Windows 10, and even 8 are superior to 7.

Re:security versus performance tradeoff

[jwhyche]

I find that statement interesting. I was playing GTA 5 on a i7-6700K last night and didn't' notice any performance impact from the game. I was running over goats just as well as I always have been. Do you have any benchmarks you can provide, before and after?

Sounds like

[110010001000]

Sounds like this isn't a big issue after all. Good job by Microsoft and Intel with their timely fixes!

Re:Sounds like

[Wrath0fb0b]

Want to make it sound more impressive? Microsoft currently has 45 supported variants of Windows. They shipped patches for 41 of those versions.

Of course, it's crazy to support so many different variants. At the same time it's crazy to support Windows 7 for years after 10 comes out, but people will complain mightily if you EOL it and don't provide security patches.

And it's even more crazy that none of this was Microsoft's fault to begin with.

Re:Honest reasons why 'Windows 7' isn't good enoug

[Hylandr]

Windows 10 sucks (quantify that)

1. Keyloggers that send your keystrokes to Microsoft to serve targets ads in the OS. *cough* I mean 'Telemetry'.
2. Inability to control patches / updates
3. Reduced control over a system I *own*

There's a good start.

Re:Honest reasons why 'Windows 7' isn't good enoug

[TheDarkMaster]

Windows 10 is a nice kernel but with an GUI made by preschool children on top of it... Maybe I change my mind and switch to it when the interface be made by real professionals, until then I'll continue with Windows 7.

Re:Only here

[110010001000]

You are right. You can't expect Microsoft to fix their older operating systems that are under support. They just don't have the manpower or money. Everyone should just install Windows 10 (starts at only $119). And you also shouldn't expect Intel to fix their stuff either. It isn't like they have money to fix their stuff either. Just buy a new chip when it comes out. Problem solved.

Re:Honest reasons why 'Windows 7' isn't good enoug

[FrankSchwab]

>>> 3. Reduced control over a system I *own*
I find this the most fascinating part of modern computing - "Here, pay me $700 for this smartphone so I can see everything you do, know everyone you know, and sell that information to anyone who'll pay me a dime for it. And, no, you're not allowed to stop me, or to even find out what information I'm collecting". Windows 10 moved that smartphone concept down to the PC.
This whole concept of paying large amounts of money for something that isn't yours (because you're not allowed to make unauthorized changes to it) and that's going to be used to make money off you is so new, and so foreign, that I have trouble with it. Maybe I'm just too old.
I remember when I trusted Quicken to not upload my whole financial database to Intuit for their perusal - and that now I assume that it does. I remember when I refused to get a supermarket loyalty card because I didn't like them tracking my purchases - until they implemented punitive pricing measures that "encouraged" my compliance. I remember when the concept of a car that stored my accelerations and speed for 10 seconds prior to an accident seemed like a huge invasion of privacy - and yet I have a Tesla Model 3 on order that will be able to count how many times I picked my nose on the way into work, and will likely use that information to advertise nasal sprays to me on the central display screen.

Re:Honest reasons why 'Windows 7' isn't good enoug

[NettiWelho]

Stick with it just stop pretending to be experts, telling others Windows 10 sucks (quantify that) and encouraging NOVICES who would benefit from architecture improvements to stay away from it because YOU don't like it.

Windows 10 fails to run quite a bit of legacy software developed for windows platform that functions just fine on windows 7 and earlier, this includes some very simple software using nothing but windows libraries.

Windows 10 fails to routinely respect user choice in things like allowed update install and reboot times.

On windows 10 the user is not in control of the machine even if logged in as administrator.

If you look on Nvidia forums theres a +100 page complaint thread about performance issues appearing over 2017 windows updates and smaller thread on microsofts own forums where their employees have been regularly responding and requesting additional telemetry on the issue after each patch..

No similiar complaints about windows 7 despite 7 being still more popular and I guess running with older hardware on average as well..

As a matter of fact I have hard time figuring any advantages windows 10 has over 7 except the "get help"-program that actually connects you to a microsoft employee, an actual person, at any hour of the day by a hit of a button, which I guess does make it more user friendly for tech-illiterates by leaps and bounds

don't worry

[edxwelch]

The decrease is performance only happens if you manage to update the BIOS and there's fat chance of doing that on a Haswell motherboard! It'll have reached non-support EOL long ago.

Re:don't worry

[TechyImmigrant]

The decrease is performance only happens if you manage to update the BIOS and there's fat chance of doing that on a Haswell motherboard! It'll have reached non-support EOL long ago.

My Haswell laptop's BIOS & FW was updated this morning. This gave me a good excuse to get more coffee while not worrying about the paranoid fantasies of those that live in a world of imagined facts.

Re:don't worry

[edxwelch]

count yourself lucky then

Re:Honest reasons why 'Windows 7' isn't good enoug

[Hylandr]

And you let all these things happen.

Android phones can be re-imaged. Nobody forced anyone to use quicken or any software that uploaded everything to the could. I drive older cars not because I am broke but for how solid they are built, and they don't report shit.

If it's new, 'Free' has 'consequences'. For now, it's still my choice.

Re:How is 2015 old?

[KingMotley]

Actually, most of 2015 is closer to 3 years ago.

Re:How is 2015 old?

[KingMotley]

" older" is the word they used, not "old". Are you of the belief that something from 2015 is not older than something from 2017?

Of course not, it's just less new.

Re:Overall performance hit/gain

[EndlessNameless]

Probably. I assume any such reductions are already included in the overall performance metric.

Re:Honest reasons why 'Windows 7' isn't good enoug

[MachineShedFred]

Windows 8 was preschool children - it may as well have had the "tiles" outlined in crayon.

Windows 10 is at least 3rd grade UI.

Re:AMD

No. They are hoping to find some flaws in AMD CPUs. They are speculating that they can archive something, by doing something, So far the facts are that they have tried, and failed . AMD says "Good luck, our CPU doesn't work that way", and yet you believe people who make claims based on wishes, hopes and speculation.

Nothing is ever certain, but claiming AMD might be vulnerable at this juncture and measures need to be taken is FUD, plain and simple. Unless you're speaking for Intel, then I could see the need for measures to slow down AMD. But that would be inviting a tort suit.

Re:How is 2015 old?

[NettiWelho]

I know! I'm with you. My 2 year old still needs diapers. As for my i7 quad-core from 2010 I might need to rethink upgrading... or putting that Registry key and preventing the update from downloading. It already is slow because it has a spinning HD.

But now I'm mad because "I have to" upgrade and pay them money for their mistake. However, proper CPUs don't exist yet. So I want to wait. And suffer in the meantime?

Grumble grumble.

That mechanical drive of yours is a much bigger bottleneck than any of these patches will be if your system is otherwise well equipped. Also try overclocking before buying new anything.

Re:How is 2015 old?

[tigersha]

I have an "older" Broadwell 14 Core Xeon and that thing kicks the ass of 99% of any "newer" chips. Performance drop or not.

Re:Only here

[EndlessNameless]

You are right. You can't expect Microsoft to fix their older operating systems that are under support.

They are fixing them.

There are patches for Windows 7, 8, and 10. Because the kernel architecture has evolved over time, the performance deltas are different when patching each OS. Microsoft has been streamlining and modularizing the Windows kernel for a decade, so this performance difference should be expected.

E.g., Microsoft kicked font rendering out of the kernel going from Windows 7 to 8---this means fewer transitions between user and kernel execution when rendering web pages or Office documents. Since the patch penalizes transitions between user and kernel code, this has a direct impact on how badly the patch will affect the system's performance.

Bear in mind, this is only one relevant change. Microsoft makes a lot of changes under the hood with each release of Windows, and I expect there are quite a few more examples. The overall trend of kicking non-essential code out of the kernel (good idea in its own right) is working to their benefit here.

How to avoid the patch?

[fireman+sam]

I've got a Windows machine just for playing games. I don't have any sensitive information in the machine, nor do I really care if I have to reinstall at any point (slightly annoying). So, how can I say to Microsoft "Thanks for looking out for me, but I'd rather the extra performance"?

Note that the machine on which I game is from 2015 so the "fix" would have a noticeable slowdown. I've already turned off automatic updates, but this would likely be classes as an emergency update which ignores the settings.

Re:How to avoid the patch?

[fireman+sam]

Thanks.

I also saw another post that says to disable the update service, dosvc, and bits. So I've done that as well. A quick test showed that my games still work - so I might be safe.

Re:How to avoid the patch?

[Megane]

The thing about all this is: Why should I care?

Sure, this is a potentially big problem for people who run virtual server farms, but for my Windows game box (which runs Windows 7, and has had updates turned off since all that "gwx" bullshit), what is the point? Even if I did get it in malware (how? I don't do general web browsing on that computer, just one or two specific games, not even Steam, it's behind NAT, and I also disable a lot of useless services), they would do better to force ads on me... oh wait, but I'm not even web browsing.

And on my main computer, which is a MacBook Pro from 2012, running OS X from a few major versions back, even if they could get it working in javascript (browsers are likely to change their timing support to be less precise by default), that's a lot of work to try to find something I probably won't even have.

Add in the "herd immunity" of it being patched soon for most people, due to updates and normal computer replacement, and I can't see it being worth the effort to use on me, except in a very targeted attack. Only on something like a virtual server, where you can expect them to all be running the same OS and hardware, and with other people's private data, does it begin to get useful.

I haven't even heard of proof of concept beyond "oh look, I can dump a bunch of your RAM in a few hours!" Great, now do something interesting with it. With my RAM, and the oddball stuff I run, not that specific version of whatever you installed for the demo.

So I don't want the patch, because I don't care. It's a read-only attack, so it won't cause anybody to crash my computer, much less root it, and it is slow, too. It won't cause computation errors like the divide bug. And the attacker still has to know what to do with the data dump. The exploit sounds scary, but just how hard is it to exploit on a random computer? I'm going on the side of OS diversity and herd immunity.

Windows bricked itself on AMD CPUs

Windows bricked itself when running on some AMD CPUs.
GNU/Linux, for instance, did not brick itself.

Re:Only here

[110010001000]

I agree. Microsoft software gets better and better. Always upgrade to the newest!

Re:security versus performance tradeoff

[Aaden42]

so it would last a long time

Hate to break it to you, but that knocks you out of the running for "their best customers." Any small to medium business that refreshes machines every three years to stay within vendor support will buy more CPU's in a month than you'll buy in a lifetime. Intel manages to fleece gamers for some high-margin parts, but their real money is in the volume sales for mid-range plus Xeon's to business.

Re:Honest reasons why 'Windows 7' isn't good enoug

[EndlessNameless]

Windows 10 fails to run quite a bit of legacy software developed for windows platform that functions just fine on windows 7 and earlier, this includes some very simple software using nothing but windows libraries.

People complained about this a lot going from XP to Vista/7. The culprit, in most cases, was a better security model for the operating system which broke old applications. I am perfectly fine with this kind of change.

Windows 10 fails to routinely respect user choice in things like allowed update install and reboot times.

This is largely resolved in v1709. You set your active hours, and you can override it when prompted if you're outside the active hours.

Or, for an unsanctioned fix, disable the Windows Update service until you want to install updates.

If you look on Nvidia forums theres a +100 page complaint thread about performance issues appearing over 2017 windows updates

There were all kinds of performance issues with XP, Vista, and 7 in the first couple years after release. And I expect 8 got a free pass because hardly anybody used it. This is not new, and FWIW, I think Vista still holds the crown as the most broken OS.

As a matter of fact I have hard time figuring any advantages windows 10 has over 7

There's lots of little things, which you would probably find if you tried the OS instead of complaining about it. Pinning windows to any/all desktops is the one thing I couldn't live without if I were considering going back to 7/8.

Notice a change

[enriquevagu]

we don't expect most users to notice a change because these percentages are reflected in milliseconds.

Most users don't even notice that percentages are dimensionless, so it makes no sense to translate them to milliseconds.Yes, I understand that he pretends to mean that the penalty for each instance of the problem only causes a delay of milliseconds, but still, the performance drop is there and many consecutive penalties aggregate into a noticeable slowdown.

Apart from this joke, this is a good move from MS.

Re:Hysterical reply much?

[TechyImmigrant]

I bet your fun at partys.

I bet you're a hoot at grammar conferences.

Re:Honest reasons why 'Windows 7' isn't good enoug

[NettiWelho]

This is largely resolved in v1709. You set your active hours, and you can override it when prompted if you're outside the active hours.

Or, for an unsanctioned fix, disable the Windows Update service until you want to install updates.

I use windows 10 on my work laptop and in the up to date version I have installed on the option to change the active hours have been completely removed, futhermore microsofts own update prevention tool that lets you select individual updates doesn't work, at all, in my experience; If I let microsoft update the graphics drivers it completely breaks any gaming performance whatsoever, it also does the same every time theres a large patch and I have to remove all graphics drivers using DDU then reboot and hope windows hasn't started installing drivers against all settings so I can do clean install myself that will result in functional computer.

Re:AMD

[sl3xd]

AMD original response is that there is a "near zero" risk of exploit for variant 2 and a "zero" risk for variant 3

Claims about "near zero" or "zero" risk of exploit are traditional CYA effluent, after all...

Even AMD has claimed (for a different CPU errata) that problems "would not occur during normal desktop usage and we've never encountered it during our testing." The claim was funny, as all you had to do was fire up a VM... or the right benchmark... It didn't speak well to AMD's testing at the time.

I haven't noticed any slowdowns

[jonwil]

I am running a Skylake Core i5-6500 with 8GB RAM and a 250GB Samsung SSD with Windows 7 Home Premium and I have the patch installed and haven't observed any slowdowns.

Just kicked of a full compile (in VS 2017) of a large (~2100 files) project I have here and I saw no noticeable slowdowns compared to how fast the thing compiled before the patch. And such a thing would be highly I/O bound (reading all the input source files and things, writing out compiled obj and other files, reading toolchain binaries etc) and likely making a lot of kernel-user transitions.

I have no games on here that are demanding enough to show any observable difference between old and new so I cant test those.

Re:I haven't noticed any slowdowns

[JohnStock]

To be honest, unless you've ran benchmarks that produce figures for comparison, would you be able to perceive a 5% slowdown anyway?

Re:security versus performance tradeoff

[AmiMoJo]

Here's a real world example of the performance loss from the patch:

https://www.epicgames.com/fort...

Looks like about 60% for that server workload. My guess is that Microsoft made it optional on server versions of Windows after seeing similar numbers.

Re:Honest reasons why 'Windows 7' isn't good enoug

[green1]

That used to be the case, but it's completely changed now. Now you pay big money, and you are still the product being sold. In fact there's absolutely no way to not be the product being sold with most new products these days. I miss the days when you could say that only the free services were selling you as the product, now you have to assume that every service does that. No matter how expensive.

Re:Only here

[ET3D]

Windows 10 was a free update!

font rendering in the kernel?

[sad_]

how do they come up with these idiotic ideas?

Re:How is 2015 old?

[EvilSS]

I have an "older" Broadwell 14 Core Xeon and that thing kicks the ass of 99% of any "newer" chips. Performance drop or not.

But I bet it's still older than chips made in 2017

Re:WHAT ABOUT AMD????

[barc0001]

Q2 2012 release? Yeah pretty old. Then again I'm typing this from a 2017 Ryzen so I might be biased.

ClearLinux

[NewYork]

What is the impact of Spectre on ClearLinux?

Didn't MS stop updates for Win7+newer CPUs?

[lpq]

Didn't MS put in code to disable Windows updates for Win7 users if they upgraded their CPU to a newer CPU?

I wonder if this policy will change?

Hmmm....