Windows 7 takes biggest performance hit from emergency Meltdown, Spectre updates

Credit to Author: Gregg Keizer| Date: Thu, 11 Jan 2018 05:09:00 -0800

Microsoft said Tuesday that Windows 7 PCs would run slower after receiving and installing the crash updates designed to stymie attacks that leverage the recently-disclosed vulnerabilities in virtually every in-use microprocessor.

But for Windows 10, a Microsoft executive said, “We don’t expect most users to notice a change because these [slowdown] percentages are reflected in milliseconds.”

The contrast, general though it was, came from Terry Myerson, who leads the company’s Windows group.

“With Windows 10 on newer silicon (2016-era PCs with Skylake, Kaby Lake or newer CPU), benchmarks show single-digit slowdowns,” Myerson wrote in a Tuesday post to a Microsoft blog. Skylake and Kaby Lake were the codenames for the Intel processors launched in 2015 and 2016, respectively. The bulk of new personal computers sold in 2016 and 2017 were equipped with Skylake or Kaby Lake CPUs (central processor units).

On older silicon, say, 2013’s Haswell, Windows 10 took a hit after last week’s updates were deployed. “Some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance,” Myerson said.

Customers running Windows 7 and Windows 8.1 on Haswell-powered PCs or older should expect to “notice a decrease in system performance,” Myerson added.

As soon as the Meltdown and Spectre vulnerabilities were revealed, experts said that operating system mitigations would ding performance. It was simply a matter of the bugs themselves, for they existed in techniques that processors used to increase performance. Stifling the flaws, or at least making it more difficult for attackers to exploit them, meant halting those speed-boosting practices, dubbed speculative execution.

“It is possible that a patch could disable speculative execution or prevent speculative memory reads, but this would bring a significant performance penalty, “wrote the independent and academic researchers who spelled out the flaws in great detail.

Myerson said the difference between Windows 10 and Windows 7 is due to newer processors and the OS’s own design, the two combining to favor the former. “Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel,” Myerson asserted.

Still, the contrast between the old (Windows 7, still the most popular version) and the new (Windows 10) was in keeping with Microsoft’s tradition of touting the bright and shiny while disparaging the dull and dusty.

Left unsaid was Microsoft’s part in putting Windows 7 into its least-favored status in post-Spectre performance. In 2016, the company relegated Windows 7 to a second-class role when it announced that it was shortening support for the 2009 OS on then-new Skylake processors. Microsoft later caved, saying it would support Windows 7 through the January 2020 end-of-support date for some Skylake-powered PCs. But it refused to bend on another decision: to support only Windows 10 on Kaby Lake and later.

Enterprises should immediately start testing the updates for performance issues, urged one patch expert. “Corporations need to be cautious, and thoroughly test before rolling this out,” said Chris Goettl, product manager with client security and management vendor Ivanti, in an interview. Some workloads will be more likely to suffer slowdowns post-patching, while others – like most office workers – will be hard pressed to notice any difference.

Goettl singled out areas such as storage, high network utilization and virtualization as likely to be impacted by slower performance after the updates were applied. “It’s going to vary,” Goettl said. “How will they affect access to storage, or how much of an impact will there be on cloud platforms, such as Office 365? Environments at the bleeding edge, performance wise, might degrade the most. Each [organization] must determine how much through testing.”

Myerson did not cite benchmark data when he made his assertions about how the updates will affect the different silicon and OS platforms, but promised Microsoft would. “We will publish data on benchmark performance in the weeks ahead,” he said.

http://www.computerworld.com/category/security/index.rss