Jump to content

Windows 8.1 - Patch Performance Findings, Not Surpisingly The Latest Patches are Costly!


Recommended Posts

Posted

I can't say, Jody.  I would suggest that either holding back at (I believe) the December 2017 level or bringing your system fully up to date are the most viable alternatives.  Based on what I've read some of the Meltdown mitigations changed the entire way the operating system is built from sources, so I don't think this is a mix/match type of situation.

I have always kept my critical systems up to date, and have been blessed or lucky to have good, stable operation, but a best case slowdown equivalent to the difference between my computer and one I could have bought for $1,000 less was simply something I couldn't accept.

I wish I could say there was a margin for error here, but I've been through the trial of the latest updates in Win 8.1 not once but twice, (and also with a Windows 7 system) and I really, really measured carefully.

-Noel

 

P.S., in response to dencorso's note, I found this nice post which identifies the DISM command that can be helpful for removing historically layered telemetry updates:

https://www.askwoody.com/2016/how-to-permanently-remove-kb2952664-and-maybe-speed-up-your-machine-in-the-proceess/


Posted

Right @NoelC, but you also installed the March 2018 update which contained the Spectre/Mentldown mitigations, and you disabled the mitigations with a third party tool of some sort.  so I wonder if their being present in the system still causes an issue.  Whereas, I plan to skip that month's security only update completely, installing only IE, Flash and .NET patches.

For Vista, I skipped the mitigations from Server 2008, but I wonder if something is slowing my system, or if it's just an anecdotal impression I get.  Hard to say.

 

Posted

The key to me seems to be that the updates are cumulative, so having installed some kind of post-December Spectre/Meltdown mitigations seems inevitable.  On the other hand, just installing specific updates, e.g., IE patches, could avoid the kernel changes.  But even then, the IE patches do update quite a few modules...

I wish I could be more confident in a way to move forward that's reasonable.

-Noel

  • 1 month later...
Posted

Well more creedence to @NoelC's theory that something has gone wrong with these updates.  I have noticed on Vista (on which I was using Server 2008 updates), that I get a BSOD on logout from my desktop session.  Restarting the system works fine.  I only get these BSODs upon clicking Log Off.

Now it appears that a number of people on Windows 7 have received this issue.  It seems to start around the March area, so could updates be responsible.

I have noticed it in the last month or so.

:(

 

Posted (edited)

Wow!  I wonder what the equivalent is in Server 2008 (as in SP2 - not R2)

EDIT:  Just to clarify - nothing turns up in Google.  Just the fix for Windows 7 and Server 2008 R2 (which is KB4099467)

Edited by Jody Thornton
Posted (edited)

@Chronius:

Good Sleuthing.  It's from March alright. Uninstalling it.  Hang tight!

UPDATE !!!!

It worked!  Bang On @Chronius.  You sir are the bomb.

Wow!  I guess there really is no sense installing updates past December 2017.  It matters none whether it's Vista, Windows 7 or even Windows 8 and 8.1.

@NoelC- I just put you here so you'd see this.  It seems your advice stands!

 

Edited by Jody Thornton
  • 2 weeks later...
Posted (edited)
On 9/7/2018 at 7:01 AM, Jody Thornton said:

Wow!  I wonder what the equivalent is in Server 2008 (as in SP2 - not R2)

EDIT:  Just to clarify - nothing turns up in Google.  Just the fix for Windows 7 and Server 2008 R2 (which is KB4099467)

check if you have the KB4090450 security update installed - that was made for Server 2008 SP2 (and was the official "Spectre" patch released mid-March 2018).  remove it, reboot and see what happens

Edited by erpdude8
Posted

We are supposed to all want Microsoft's patches without thinking.  They work hard to create this mentality, in order to herd users ever more effectively.

Fortunately (they would say unfortunately) I actually DO think, as do you (or you wouldn't be here reading).  I think about these so-called "vulnerabilities" - some of which have never been seen in the wild - and what I can do about them.  Knowing how things work is better than not knowing.

  • I am most certainly NOT helpless in the digital world.
  • I don't run software "from the wild" without vetting it.
  • I have surrounded myself with a network environment that practically and substantially reduces the risk I'll visit a web site that will try to infect me or take data from me, while at the same time shunning the "run-of-the-mill" approaches that provide only marginal security.
  • I resist "cloud" software that wants to update itself all the time.  I don't want the "latest", I want the "most stable" that does what I need.
  • My systems run for months 24/7 without faults, however hard I use them.
  • Unlike most folks, I actually measure performance objectively, and can tell when the OS or application efficiency changes.
  • I always realize there are tradeoffs - security is never a purely "more security is better" thing.
  • I haven't had malware turn up on a MalwareBytes scan - ever, so I guess what I'm doing is effective.  That said, I always look for ways to improve.
  • Possibly most importantly:  I never allow myself to get a false sense of security.  If I do something stupid, and one of the things I've set up protects me, I still beat myself up over doing something stupid and strive not to do it again.

If you look at the pricing of high-end systems - say, workstation prices at Dell - depending on how close to the top end the hardware is, you can see that computer systems delivering even just 10% more compute performance can cost literally thousands of dollars more.  Why would I want to intentionally turn my system now, to mitigate vulnerabilities for which there are no known exploits yet, into a system that performs as poorly as the ones I passed up when I chose to pay top dollar?

I simply don't subscribe to the sentiment "you WILL become infected if you don't patch to the very latest OS code", because Microsoft is not the company they used to be.  It is no longer as high on their priority list to deliver a good, serious computing experience.

  • There is no guarantee that a patch from Microsoft delivers better code than what it's replacing.  Time has shown that they can (and do) deliver instability and even new vulnerabilities.  I always try to gauge the tradeoffs.  And let's not forget that they've let much of their testing organization go.
  • It's clear Microsoft wants to bring everyone under their control (which invariably involves updating to their latest software) and they're using every trick in the book to get you off your old system where they do not yet have that control.
  • They do not care whether your existing system/hardware works worse for what you need it for; you're not paying them to keep it.  You WOULD, however, be paying them if you replace it.
  • Microsoft software, even the very mature versions, is nowhere near optimized as well as it could be.  There's no reason we have to expect it to get less efficient as newer versions are released.  It should steadily be going the other way.  For example, I've seen with my own eyes that their latest compilers are delivering faster and faster instruction sequences for the very same source code.  Why aren't their OS patches/releases speeding up the system?  It appears for every 10% improvement they make, they layer on 20% more junk.  How many processes does Windows 10 have to run just to host an empty desktop for you nowadays (hint:  well over 100)?  Hosts?  Brokers?  Medics?  Bleh.

I have some systems from which I don't demand the utmost in performance, and for which security is a greater concern, and I've got them completely up to date.  Others I have stopped at the December 2017 patch level, because there are significant disadvantages, while at the same time Microsoft just hasn't delivered any improvements that matter.

Your mileage may vary.  Just make sure to know what it is.

-Noel

Posted
34 minutes ago, NoelC said:

because Microsoft is not the company they used to be.  It is no longer as high on their priority list to deliver a good, serious computing experience.

Well, you will need to provide a timeline for this change, I don't think they had "deliver a good, serious computing experience" anywhere on their list, most probably in the last 10 (ten) years, surely not in the last 5 (five) years [1].

jaclaz

[1] to give some context, Windows 8 was RTM on August 2012, i.e. roughly 6 (six) years ago and soon Windows 8.1 will be 5 years old.

Posted (edited)

I'm not talking short term!

I think I began to sense the change when Bill Gates stepped down from active management.  That was a while ago, for sure.  They spent a lot of years throwing things together then tidying it up later, but if you followed the "wait until Service Pack 1" (at least) philosophy, Windows has been a pretty good workhorse.  I still remember when it went from something that had "reboot fairly often" built into its design to "runs virtually as long as you want" - which for me happened around SP2 (I think it was) of Vista.

I got work out of Windows 3.1 for Workgroups and all the versions since, and to this day I still get a LOT of work out of Windows 8.1 - of course after taming its desire to be something it's not.  That taming just doesn't work as well with each subsequent new version.

Inertia took Microsoft a long way and is still carrying it along, but they're losing sight of the fact that the world needs Windows to be the serious, no nonsense business system that actually facilitates people's work on inexpensive hardware.  Even though they made a lot of money being that, now it just seems like they want to facilitate their own updates and bloat, and have all but forgotten people don't run Windows just to run Windows, but to actually DO things.  There is a helluva lot more a lot of folks need to do besides check Facebook and Twitter!

You have to admit, the no-nonsense Windows 7 update philosophy - putting YOU in charge - was way more "good, serious computing experience" than this modern "Windows as a Service" BS where they take over whenever they choose to.  And who said it was okay to change our settings, or delete our files?  That was the realm of MALWARE before they started trying to social engineer people to change the way they look at computing.

Even now - in the very latest versions of Windows 10 - we see them adding things like "WaaS Medic" and being ever more aggressive in taking over, while of course they say they're not.  Just try to disable certain services and see how long that lasts.  So yeah, they're not the company they used to be, not even last year.

-Noel

Edited by NoelC
Posted

Yep :), I read the "no longer" as implying that the change was recent enough, while in my opinion it dates back many, many  years, Bill Gates left MS (as CEO) in 2008, so it is roughly 10 years, that puts it in the right timeframe.

jaclaz

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...