Jump to content

Windows 8.1 - Patch Performance Findings, Not Surpisingly The Latest Patches are Costly!


NoelC

Recommended Posts

On Πέμπτη, 21 Ιουνίου 2018 at 7:38 PM, erpdude8 said:

fyi for Jody T, the Meltdown/Spectre patches for Win8 Embedded Standard and Server 2012 R0 (the "server" version of Win8.0) started in March 2018 with KB4088877 and KB4088880.

I have installed these patches together with Intel's microcode update (with the VMware method) and observed no noticeable difference in my system's performance. My processor is Intel Core i5 3230M.

Edited by HarryTri
Link to comment
Share on other sites


As I mentioned, I HAD turned off the Meltdown and Spectre mitigations, and still noticed the 8% slowdown.

What people subjectively observe and what objective measurements show can be two different things.

I think I mentioned I measured the same slowdowns in Windows 7 as well.  Something they've done to the basic structure of Windows has reduced its efficiency, and they apparently found no additional optimization to counteract it.

-Noel

Edited by NoelC
Link to comment
Share on other sites

On Σάββατο, 23 Ιουνίου 2018 at 6:49 AM, NoelC said:

What people subjectively observe and what objective measurements show can be two different things.

I do my own benchmark tests with Novabench 4. Of course the Meltdown and Spectre patches may have different effect on performance from processor to processor.

Link to comment
Share on other sites

I believe that NoelC uses Intel processors in all of his systems.  I'm curious whether the same kinds of performance hits he has observed are also present in AMD processor based systems. Has anyone experienced that?

In either case, besides avoiding Meltdown and Spectre specific patches and several other updates we've already been avoiding to prevent telemetry and downgrading to Win 10 etc, if MS has started using the cumulative update model for not only Win 10 but for Win 7 and 8.x as well, are there any updates since Dec 2017 that are safe (and useful? ) to apply to Win 7 and 8.x that will not have an appreciable impact on performance?  Are we stuck using a Dec 2017 version of the OS from here on out?  Yes I know that many folks comfortably use even older OS or take the approach of almost never applying updates except to address specific problems they might encounter, but I'm not sure I'm completely comfortable with that approach quite yet.  I would be more comfortable with a revised list of updates to avoid, or a list of which updates are OK, if anyone is willing to maintain such a list. Something like an expanded version of the 'How to avoid being "upgraded to Win 10" against your will:', perhaps? But that's just me.

Cheers and Regards

Link to comment
Share on other sites

How do you keep track of the updates to download?

All the offline updaters are either not updated anymore, or are incomplete (WSUS Offline).

For keeping track of Office updates, this Microsoft blog has been useful. But I've found nothing as organized for Windows (nothing too useful here).

 

Edited by shae
Link to comment
Share on other sites

11 hours ago, bphlpt said:

are there any updates since Dec 2017 that are safe (and useful? ) to apply to Win 7 and 8.x that will not have an appreciable impact on performance?

I guess it depends whether you find documented changes useful. Cumulative updates are great from the ease of maintenance perspective, but there's a problem as soon something you don't want is included, in this case Meltdown/Spectre patches.

I'm currently on April 2018 patch level. Windows 8.1 is a bit shaky on my hardware, I've had occasional DRIVER_POWER_STATE_FAILURE BSOD when shutting down in the past. The problem hasn't surfaced once since January 2018 update.

So whatever changes they did in kernel obviously have positive impact on my system's stability. Probably an isolated case though, potentially depending on uncontrollable factors.

Edit: Never mind, those BSODs were caused by buggy driver for my network card. I forgot I've turned off every checkbox in its properties on Power Management tab.

Guess I got some things mixed up in my head as I remember reading about some past unrelated update dealing with certain DRIVER_POWER_STATE_FAILURE BSOD, but it's unrelated to the problem I had.

Edited by UCyborg
Link to comment
Share on other sites

There is some good information nowadays about what one can expect out of Windows patches over at askwoody.com.

In short, you can apply all available patches offered by Windows Update (known at the aforementioned site as "Group A"), you can apply security patches only from the Catalog ("Group B"), or you can stop applying patches altogether (sometimes referred to as "Group W").

Up to December I had been applying all updates for Windows 8.1 via Windows Update "Group A" style.  I have from time to time done "Group B" style updating when I wanted only certain security patches, such as Internet Explorer components only, and that's what I have now with the Win 8.1 setup.  I am still keeping another, different system running Windows 7 up to date with all patches "Group A" style.

Thing is, there's really no assurance that anything other than keeping an OS fully up to date up to a certain date is viable.  Mixing and matching OS components that are not offered by Microsoft as an all-working-together set is a hit or miss proposition.  Yes, the code is somewhat modular, but imagine how easy it would be for Microsoft to change something in the kernel, then make assumptions in other, later changes to components that would require those earlier changes to function properly.  That being said, it's not like they're doing a huge amount of testing nowadays...

It doesn't make Microsoft upset much that people fragment the patches on their older operating systems, because what's the outcome of that?  An unworkable, unreliable system that has to be replaced?  Who benefits most from that?

-Noel

 

P.S., And yes, all my systems are Intel-based.

Link to comment
Share on other sites

  • 2 weeks later...
On 6/22/2018 at 12:43 PM, HarryTri said:

I have installed these patches together with Intel's microcode update (with the VMware method) and observed no noticeable difference in my system's performance. My processor is Intel Core i5 3230M.

you i5 3xxx CPU is of Ivy Bridge generation (3rd gen).  My family's Dell Inspiron 620 uses an Intel i5 2500 CPU (a little older than yours) & Win7 with the newest Meltdown/Spectre updates installed.  Dell is planning to release a new microcode bios update for that model but no timetable as to when that will actually happen.

 

On 6/22/2018 at 8:49 PM, NoelC said:

As I mentioned, I HAD turned off the Meltdown and Spectre mitigations, and still noticed the 8% slowdown.

What people subjectively observe and what objective measurements show can be two different things.

I think I mentioned I measured the same slowdowns in Windows 7 as well.  Something they've done to the basic structure of Windows has reduced its efficiency, and they apparently found no additional optimization to counteract it.

-Noel

 

perhaps you should try doing the tests on older gen of Intel CPUs like Sandy Bridge (2nd gen) or even Clarkdale (1st gen) to really notice a significant difference.  the older the CPU the bigger the impact.

yes you are using Intel based processors, but what kinds or what generations (or series) of Intel CPUs were you testing them on?

Edited by erpdude8
Link to comment
Share on other sites

3 hours ago, erpdude8 said:

Dell is planning to release a new microcode bios update for that model but no timetable as to when that will actually happen.

Perhaps the Intel's microcode update is for your processor too (if you haven't checked)?


 

3 hours ago, erpdude8 said:

the older the CPU the bigger the impact.

Counting on Noel's reports it seems to me that in fact the newest the CPU the bigger the impact. I don't know your exact observations on the matter of course.

Link to comment
Share on other sites

My CPUs are Intel Xeon X5690 (Westmere) and Intel Pentium G3220 (Haswell).

The X5690 is not new - circa 2011 or 2012 or so - but was the very top of its line and I have two of them in the workstation - meaning it's still a good performer except when compared to systems with high end current workstation processors.  The Pentium G3220 is a few years younger - 2014 or 2015 - but certainly not brand new.

The slowdowns to a lean, highly tuned system with the actual Spectre and Meltdown mitigations enabled are horrendous.  Maximum I/O throughput, normally about 1.7 gigabytes per second for big transfers to/from my SSD array and 120 megabytes per second for 4k byte I/Os, is literally cut in HALF.  Desktop response for things like font rendering is also noticeably slower.

I can't believe so many folks are willing to take these kinds of performance hits.  I am imagining that many folks don't have their systems tuned up for max performance anyway, and the difference is kind of lost in the shuffle.

-Noel

Link to comment
Share on other sites

1 hour ago, NoelC said:

The slowdowns to a lean, highly tuned system with the actual Spectre and Meltdown mitigations enabled are horrendous. 

So, isn't it best to actually disable both? With just a properly patched browser one should be safe from all attacks coming from outside the console. And, in case the attacker has actual access to the console, Spectre and Meltdown aren't the only ways to pwn it, anyway.

Link to comment
Share on other sites

It's hard to generalize.  Personally, I actually HAVE disabled both on my network facing system.  I have enough protection (and discipline) in my environment here that malware never even gets close, and I especially have several layers of security blanket that keep my browsers and applications from visiting known bad sites online.  Not to mention I turn that stupid UAC off (making a security Meltdown kind of a moot point).  I guard the borders better and don't worry as much about policing microsecond by microsecond operation, which sounds like it may be your philosophy too.

But everyone's needs are different.  Would I suggest disabling the mitigations for the general public, especially those who are not technically savvy?  Probably not.

My point here is that even when disabled there's a significant performance penalty.  I guess this must be because besides the memory manager reload operations that were added (and which can be disabled) the kernel and system software in Windows have been recompiled with changes to do certain operations a different, less efficient way to avoid meltdown concerns.  I'm always looking for more detail on this, and I appreciate the discussion.

The surprising part is that hardly anyone's talking about this!  I guess it must be a combination of folks in general doing things that are not easily measurable and their systems already being burdened-up with a bunch of performance-sapping software, so what's one more little slowdown?

-Noel

Edited by NoelC
Link to comment
Share on other sites

So here's my question to @NoelC and @dencorso.  If DON'T install either the March of April 2018 update (whichever the one is with the Spectre/Meltdown crap in it - and I have that labelled as such at home), and then I DO install all of the other security-only updates to July 2018, do you think that I will reap the performance degradation that NoelC is experiencing?  I'm talking about that 8% that's nagging at him.

Secondly, remember I was mentioning about updating backwards to minimize Component Store Bloat and redundancy.  Well we know that with Windows 8, I have post EOL updates from Server 2012 that I use from after January 2016.  My amended path of updating is this, so see if this is rational:

  • Install Windows 8 x64 Pro
  • Start with the newest post-EOL Server 2018 updates (say July 2018).  Install each month's update going backwards, going all the way back to February 2016, !!!! AND SKIPPING WHATEVER MONTH HAS THE SPECTRE/MELTDOWN PATCH !!!!
  • Now install all of the remaining valid Windows 8 updates that were originally offered by Microsoft automatically. (pre-EOL)

Would that cause any system instability.  I know I'll be prompted to skip (or else not be offered) updates that are not valid or superseded.

 

 

Link to comment
Share on other sites

Well, the published way to disable the Spectre and Meltdown mitigations is in the attached .reg file below. No need to actually avoid any update because of them. But I'd sure skip the telemetry-related updates (especially KB2976978) and the Universal CRT (KB2999226). There are other updates to avoid (the ones related to update to 10) but I'm not sure they even remain being offered. Effectively, by updating from the latest to the oldest updates, you ought not to be offered any superseded updates without Incurring in any known issue, AFAIK. But I'd do that only if installing 8 from scratch, as I'm no fan of reinstalling an otherwise working OS. Bit rot is nothing more than a PEBCAK, IMO. My oldest still active XP machine was originally installed in Sep 09, 2007 and runs at present no worse than it did at first... actually it does it better because I used to have AVG 9 on it and now it runs just MSE 4.4.304.0, which does tax much less the machine. It was an Athlon XP 3000+ machine originally, but now it runs on a Phenom II X4 940 Black Edition (even so, either one of my two i7 3770Ks run circles around it,,.).

KB4078130_Off.REG

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...