Microsoft’s latest Windows 11 feature update, the Windows 11 2022 Update (22H2), turns on the operating system’s core isolation memory integrity protection by default. This change in Windows 11’s security policy trades increased security for a small (though significant) loss of performance in earlier tests.
Microsoft shipped the Windows 11 2022 Update on Tuesday, with additional security features like Smart App Control. Our review of the Windows 11 2022 Update notes these things, but also
At Windows 11’s launch, Microsoft left this feature off by default. Now, the company is concerned that users are secure “out of the box,” with other scenarios — including gaming, where turning on these functions has hurt performance — taking a back seat. Microsoft also believes that its engineering teams have been able to overcome or partially overcome the performance hit that turning on those memory integrity features entails.
It’s not clear, however, whether this feature will be turned on just for new PCs shipping with the Windows 11 2022 Update, or if it will affect upgrades as well. Microsoft representatives didn’t respond to questions by press time.
In Windows 10 and 11, supported hardware uses a form of virtualization to protect the operating system and your PC from malicious code, isolating certain processes in the PC’s memory. Certain hardware features are required, including a TPM 2.0, secure boot, and Data Execution Prevention. In part, the increased priority on security pushed Microsoft to require PCs with processors that supported these features as a requirement for Windows 11. But core isolation has been supported for several processor generations (and across AMD and Qualcomm) even if PCs haven’t necessarily used it.
Mark Hachman / IDG
You can typically check whether these features are on or off inside the Windows Security app, specifically the Device Security section. Certain PCs — for example, Microsoft’s Surface Laptop Studio — shipped with memory integrity on by default, with no option to turn it off. Other laptops may have different settings.
The change that Microsoft says that it is making, though, is to make this memory integrity setting more like the Surface Laptop Studio’s: on by default, protecting your PC with no choice to turn it off.
What effect does this have on your PC?
The significance of Microsoft’s decision depends on your perspective. To be fair, Microsoft’s decision trades off providing increased confidence in your PC’s security versus a slight dip in your PC’s performance, which you may or may not notice.
Both PCWorld and Tom’s Hardware tested the effects of the core isolation / memory integrity feature earlier this year. PCWorld’s tests focused on the impact on general productivity — and turning it on has less than 5 percent performance penalty for processors dating back to Intel’s 6th-generation Core chips. PCMark tests, which measure general productivity, were similar. Going back to Intel’s relatively ancient 6th-generation Core chip generates a performance drop of more than 10 percent.
In gaming, however, Tom’s Hardware found that even recent processors like the Core i7-11700K showed 7 percent drops in popular games like Red Dead Redemption 2 — about a processor generation’s worth of performance. That’s fairly significant, especially for those systems already hovering around the margins of playable frame rates.
Both tests were performed in October 2021, about a year ago, however. Microsoft believes that at least some of those performance drops have been overcome by engineering work since then. By how much? We don’t know yet.
If you’re an average PC user, Microsoft’s decision probably benefits you. Gamers, though, may (with an emphasis on may) have a reason to worry. Or use Windows 10 instead.
This story was updated at 11:16 AM with additional details.
Powered by WPeMatico