Meltdown and Spectre software patches will have various performance impacts on Microsoft Windows 10 and Windows Server systems, the company confirmed today. So far, the performance hits don't sound alarming for Windows 10 running on newer hardware, but Microsoft raised some warning signals about the fixes potentially triggering Windows Server performance hits.
In a blog, Microsoft cautioned that benchmarks so far do not include both OS and silicon updates. Terry Myerson, executive VP, Windows and Devices Group, wrote:
"We’re performing our own sets of benchmarks and will publish them when complete, but I also want to note that we are simultaneously working on further refining our work to tune performance. In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact."
Summarizing Microsoft's findings so far, Myerson wrote:
- With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
- With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
- With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
- Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.
Intel's First Statements: Understated?
Microsoft's statement comes as scores of hardware and software companies race to introduce fixes for the Meltdown and Spectre issues. Intel has come under fire for initially downplaying the issues, insisting that early reports about performance hits were either wrong or overstated. Perhaps in an a subtle admission that communication and strategy changes are needed, Intel is creating a cybersecurity unit to more closely manage such issues.
You can find an ongoing list of multi-vendor Meltdown and Spectre fixes here.