Microsoft advises fixes for Spectre and Meltdown security flaws could cause noticeable performance hits
As tech companies rush to work around the 'Meltdown' and 'Spectre' chip flaws, a blog post from Microsoft suggests that the processor generation and age of the operating system will play a factor in terms of how much of an impact the fixes will have on system performance, at least from a Windows user's perspective.
The blog post from Terry Myerson, Executive Vice President of the Windows and Devices Group in Microsoft, describes the Meltdown and Spectre vulnerabilities and steps that can be taken by users and server administrators to secure their data from the exploits. At the same time, Myerson discusses the potential impact the fixes developed by Microsoft itself could have on a desktop, with the possibility of users ending up discovering their protected Windows PC may be slightly slower than before in some cases.
Acknowledging the existence of benchmarks attempting to survey performance losses from the fixes while also noting that many do not include both OS and silicon updates, Myerson confirms Microsoft is performing it's own benchmarks, which it plans to publish once complete.
"I also want to note that we are simultaneously working on further refining our work to tune performance," Myerson adds. While it is admitted that fixes for the Spectre Bounds Check Bypass and Meltdown's Rogue Data Cache Load have relatively minimal performance impact, Myseron warns the code to mitigate Spectre's Branch Target Injection vulnerability has more of an impact.
In Microsoft's testing so far, users of Windows 10 on 2016-era PCs running Skylake, Kabylake, or newer Intel architectures will be impacted the list, potentially seeing single digit slowdowns. Myerson doesn't expect the majority of users with these newer PCs to notice a change because these percentages are reflected in milliseconds.
Running Windows 10 on older desktops from 2015 and earlier, including Haswell-based processors, may have more significant slowdowns than those on newer PCs, with Myerson expecting some users will notice a decrease in system performance. The expectations change when this second group of PCs are running Windows 8 and Windows 7, with most users thought to see a hit to performance.
It is noted that for newer processors, including Skylake and later, Intel had reduced the performance penalty as it had refined the instructions used to disable branch speculation to be more specific to indirect branches. Windows 7 and Windows 8 are more heavily impacted compared to Windows 10 as they have more user-kernel transitions because of legacy design decisions, like rendering fonts in the kernel.
For Windows servers, Myerson notes there are signs of a more significant performance impact when admins enable the mitigations to isolate untrusted code within a Windows Server instance. Administrators are warned this is why they need to be careful and evaluate the risk of running untrusted code for every Windows Server instance they run, and to balance the tradeoff of security and performance for their needs.
"As you can tell, there is a lot to this topic of side-channel attack methods," writes Myerson in summary. "A new exploit like this requires our entire industry to work together to find the best possible solutions for our customers."
While Microsoft's findings do indicate patching Meltdown and Spectre can result in a noticeable slowdown of a desktop, the blog post only relates to Windows PCs. It is ultimately unclear how much of an impact such fixes will have for macOS users.
Apple has confirmed all processors on the Mac, iPhone, and iPad were potentially vulnerable to the attack vectors. The company has already made some progress to fix the issues in both macOS and iOS, and is expected to release more updates to combat the issues in the future.
Microsoft's own efforts has come under fire after customers complained about AMD-based PCs suddenly becoming unusable, after installing a related Windows security update.