How can I disable protection from Specter V2 in windows 10?

[vattghern]

I read an article today that protection against the new Specter V2 vulnerability hits processor performance by up to 35%. I'm not worried about this vulnerability on my home PC, I care about the performance I paid for. How can I disable this protection? As far as I know, this is done by editing the registry.

 

[GerKNG]

download "InSpectre" run it as admin and disable both protections, reboot and check again if they are disabled.

 

[ThrashZone]

Hi,
I didn't look at the link but would of been surprised if it didn't have a link to the utility

GRC | InSpectre

 

[freeagent]

That disables the windows mitigations, but what about the microcode stuff that has already been implemented?

 

[GerKNG]

That disables the windows mitigations, but what about the microcode stuff that has already been implemented?

this seems to be baked in. (but afaik only the software solutions like these two patches are hurting performance. there was a video from Tech Yes City back when it was new and i remember that the microcode updates were in the margin of error)

 

[ThrashZone]

Hi,
Spectre and meltdown is two out of three third being micro code but most performance should be back
Some won't have to worry about the micro code seeing their systems are eol

Might get some watchdog/ bsod though because ms/ defender blocking program access in areas.

 

[Regeneration]

That disables the windows mitigations, but what about the microcode stuff that has already been implemented?

That in most cases should be enough.

 

[Assimilator]

Imagine if you'd actually read the article.

But again, workloads that don't rely on I/O or networking didn't show significant performance loss. These include gaming, web browsing, and other daily tasks.

If you want to be stupid and have sex without a condom, all the best to you. Just don't come crying to us when your wang falls off.

 

[Regeneration]

Good thing Assimilator's post got LQed. It was a bad example anyway!!! I'd like to have some sensation during sex. As long as both parties were tested & clean, there shouldn't be a problem. There are birth control pills, UID, and more.

Some processors and apps are more/less affected by the Spectre and Meltdown mitigations. If your server's efficiency drops by 30 percent, it is somehow a big deal.

Best thing is to benchmark your apps/games with mitigations OFF and ON. Usually, it shouldn't make much a difference unless you have some unique app/service/game.

 

[R-T-B]

That disables the windows mitigations, but what about the microcode stuff that has already been implemented?

AFAIK most of the microcode mitigations won't be used without windows supporting them. So this should be pretty close to the same, using InSpectre.

 

[freeagent]

AFAIK most of the microcode mitigations won't be used without windows supporting them. So this should be pretty close to the same, using InSpectre.

Yessir, I forgot about that.. I am convinced my 3770K was updated through microcode, and in doing so the VID was updated to a higher value. I only noticed because that value had never increased in Core Temp before, now it is the norm when I run the clocks that I am. Also requires more vcore.. these changes happened shortly after all of this dropped.. about a month or so after I got the system

Or maybe I should put away my tinfoil hat.. not sure yet..

 

[kiriakost]

I care about the performance I paid for.

How much was that? We might discover of what is your CPU and deliver better answers.

 

[vattghern]

How much was that? We might discover of what is your CPU and deliver better answers.

I have 10400f, when I started the program I see this:

Meltdown protection and Microcode Update were not enabled/installed. Apparently, this is due to the fact that I do not have the latest BIOS version installed. I'm not sure how Specter affects the performance of my processor, as I haven't tested it... Perhaps this problem only occurs on 11 and 12th processors?

 

[chrcoluk]

An alternative tool is "mitigations status", it also supports toggling SSB.

 

[R-T-B]

I have 10400f, when I started the program I see this:

View attachment 239645

Meltdown protection and Microcode Update were not enabled/installed. Apparently, this is due to the fact that I do not have the latest BIOS version installed. I'm not sure how Specter affects the performance of my processor, as I haven't tested it... Perhaps this problem only occurs on 11 and 12th processors?

That's kind of amazingly bad for Inspectre to report that considering anything newer than 9900k has on chip Meltdown protections.

 

[vattghern]

That's kind of amazingly bad for Inspectre to report that considering anything newer than 9900k has on chip Meltdown protections.

Do you mean that I will not be able to disable protection with this program?

 

[kiriakost]

I have 10400f, when I started the program I see this ... Perhaps this problem only occurs on 11 and 12th processors?

What you classify as limitation or a problem, this is solely your own assumption, and I do not have any plans so to help you, about to change it.

But this topic it did motivated me, to check my system.
I have In-Spectre protected latest BIOS, I did personally request the file from Gigabyte , 45 days ago.

Regarding statistics, the screenshot of my system, this represents of how a fully patched and modern system, this should look like.
And I am damn happy about it.

In early 2018 the PC industry was rocked by the revelation that common processor design features, widely used to increase the performance of modern PCs, could be abused to create critical security vulnerabilities. The industry quickly responded, and is responding, to these Meltdown and Spectre threats by updating operating systems, motherboard BIOSes and CPU firmware.

Protection from these two significant vulnerabilities requires updates to every system's hardware-its BIOS which reloads updated processor firmware-and its operating system-to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.

This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.

This system's present situation:

This 64-bit version of Windows has been updated for full awareness of both the Spectre and the Meltdown vulnerabilities. If the system's hardware (see below) has also been updated, this system will not be vulnerable to these attacks.

This system's hardware has been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize their impact upon the system's performance. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)

This system's Intel processor provides high-performance protection from the Meltdown vulnerability. A properly updated operating system will be able to provide protection without significant system slowdown.

This system's Intel processor provides high-performance protection from the Meltdown vulnerability, but this version of Windows is not taking advantage of those features to offer that protection without performance penalties. (It could and should!) You may wish to consider disabling this system's Meltdown protection until it is offered at lower system performance cost.

Due to the potential performance impact of these vulnerability protections, which may be particularly burdensome on older hardware and operating systems that cannot be updated, either one or both of these protections may be disabled with Windows registry settings. This system's "protection disable" is currently set as follows:

The system's registry is configured to enable both of the Spectre and Meltdown protections. Within the bounds of any limitations described above, Windows will work with the system's processor to prevent the exploitation of these vulnerabilities.

Guidance & Observations

The Windows OS installed on this young Intel-based system is employing the slowest approach for preventing Meltdown vulnerability attacks despite the fact that this system's modern processor does support high-speed prevention. This is something that Microsoft could fix if they chose to. (They did it for the latest Windows 10.) The question is: Will they step up and do what they should? or will they use this as additional pressure to push users where they clearly do not wish to go?

When enabled and active, both of these vulnerability protections come at some cost in system performance, and Meltdown attack protection may be quite expensive on older systems or under versions of Windows where Microsoft has not bothered to implement high-speed solutions. If this system's performance is more important than security, either or both of the vulnerability protections can be disabled to obtain greater performance.

When InSpectre is run with elevated administrative privilege, each button below toggles its respective protection on or off. Any changes will take effect after the system is restarted. Each button will be disabled if its protection is not available to be changed.

For more information see GRC's InSpectre web page

Copyright © 2018 by Gibson Research Corporation

 

[vattghern]

What you classify as limitation or a problem, this is solely your own assumption, and I do not have any plans so to help you, about to change it.

But this topic it did motivated me, to check my system.
I have In-Spectre protected latest BIOS, I did personally request the file from Gigabyte , 45 days ago.

Regarding statistics, the screenshot of my system, this represents of how a fully patched and modern system, this should look like.
And I am damn happy about it.




View attachment 239661



In early 2018 the PC industry was rocked by the revelation that common processor design features, widely used to increase the performance of modern PCs, could be abused to create critical security vulnerabilities. The industry quickly responded, and is responding, to these Meltdown and Spectre threats by updating operating systems, motherboard BIOSes and CPU firmware.

Protection from these two significant vulnerabilities requires updates to every system's hardware-its BIOS which reloads updated processor firmware-and its operating system-to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.

This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.

This system's present situation:

This 64-bit version of Windows has been updated for full awareness of both the Spectre and the Meltdown vulnerabilities. If the system's hardware (see below) has also been updated, this system will not be vulnerable to these attacks.

This system's hardware has been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize their impact upon the system's performance. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)

This system's Intel processor provides high-performance protection from the Meltdown vulnerability. A properly updated operating system will be able to provide protection without significant system slowdown.

This system's Intel processor provides high-performance protection from the Meltdown vulnerability, but this version of Windows is not taking advantage of those features to offer that protection without performance penalties. (It could and should!) You may wish to consider disabling this system's Meltdown protection until it is offered at lower system performance cost.

Due to the potential performance impact of these vulnerability protections, which may be particularly burdensome on older hardware and operating systems that cannot be updated, either one or both of these protections may be disabled with Windows registry settings. This system's "protection disable" is currently set as follows:

The system's registry is configured to enable both of the Spectre and Meltdown protections. Within the bounds of any limitations described above, Windows will work with the system's processor to prevent the exploitation of these vulnerabilities.

Guidance & Observations

The Windows OS installed on this young Intel-based system is employing the slowest approach for preventing Meltdown vulnerability attacks despite the fact that this system's modern processor does support high-speed prevention. This is something that Microsoft could fix if they chose to. (They did it for the latest Windows 10.) The question is: Will they step up and do what they should? or will they use this as additional pressure to push users where they clearly do not wish to go?

When enabled and active, both of these vulnerability protections come at some cost in system performance, and Meltdown attack protection may be quite expensive on older systems or under versions of Windows where Microsoft has not bothered to implement high-speed solutions. If this system's performance is more important than security, either or both of the vulnerability protections can be disabled to obtain greater performance.

When InSpectre is run with elevated administrative privilege, each button below toggles its respective protection on or off. Any changes will take effect after the system is restarted. Each button will be disabled if its protection is not available to be changed.

For more information see GRC's InSpectre web page

Copyright © 2018 by Gibson Research Corporation

As I understand it, for a better "balance of performance" and "medium" security, you can enable Specter protection and disable Meltdown. I recently upgraded from I7 2600k to 10400f, and on my old processor and motherboard configuration (which miraculously still works), this program displayed the same thing as you, i.e. both protections have been enabled and the firmware has been updated. Although I did not update the BIOS (no updates were released for 7 years). And the results were as follows:

Spoiler: Result:

Spoiler: Result:

After

 

[kiriakost]

To be honest, I am totally unaware, of how my system this get software level patched.
Microsoft did not do it, due windows updates patch (I am in control of this).
But now I am suspecting driver file install which came from automatic driver update, as soon it was detected the Z87 chip-set.

The description performance-loss, this is unclear, I have Microsoft training IT server.
Usual Microsoft applications as is MS Office, along third party Adobe Photoshop, or even my web-design software, they all work super fast.
My game for on-line gaming this produces very fast FPS.
Therefore I do not have any proofs that the what ever negative impact this is a true problem.

The software report speaks about greater loss at Win 7, and no loss at Win 10.
I am using Win7 and I do not see the problem.

 

[vattghern]

To be honest, I am totally unaware, of how my system this get software level patched.
Microsoft did not do it, due windows updates patch (I am in control of this).
But now I am suspecting driver file install which came from automatic driver update, as soon it was detected the Z87 chip-set.

The description performance-loss, this is unclear, I have Microsoft training IT server.
Usual Microsoft applications as is MS Office, along third party Adobe Photoshop, or even my web-design software, they all work super fast.
My game for on-line gaming this produces very fast FPS.
Therefore I do not have any proofs that the what ever negative impact this is a true problem.

The software report speaks about greater loss at Win 7, and no loss at Win 10.
I am using Win7 and I do not see the problem.

In that case, I think i don't need to worry about it. Thanks!

 

[OneMoar]

V2 is a 20-30% hit with all the mitigations enabled on intel(12th gen) platforms, AMD is about 10%

older cpus pre intel gen7 are hit much harder by the older spectr/meltdown fixes and the microcode fix is not any faster

The Performance Impact Of MDS / Zombieload Plus The Overall Cost Now Of Spectre/Meltdown/L1TF/MDS - Phoronix

www.phoronix.com

haven't seen older cpus tested with V2 but I am sure its equally ungood if they are affected

 

[kiriakost]

Bunch of tests written with code that does not use a single INTEL CPU natively supported command set.
This is why the guys of Linux they should keep a distance from us using windows.
We do not care of RAW calculation tests.

But it was fun reading about the Java test = no impact at web browsers either.

 

[OneMoar]

Bunch of tests written with code that does not use a single INTEL CPU natively supported command set.
This is why the guys of Linux they should keep a distance from us using windows.
We do not care of RAW calculation tests.

non-sense you don't know what you are talking about the intel specific instruction sets have nothing todo with spectr
its the way cpu architecture is designed is NOT an instruction set or ANY software

the perf hit is real and is generally 15-30% depending on the platform and workload I don't give a flying guy fawks if you believe it or not you can't argue with the benchmarks
this has been tested repeatedly by multiple sources on multiple cpus

 

[kiriakost]

non-sense you don't know what you are talking about the intel specific instruction sets have nothing todo with spectr
its the way cpu architecture is designed is NOT an instruction set or ANY software

the perf hit is real and is generally 15-30% depending on the platform and workload I don't give a flying guy fawks if you believe it or not you can't argue with the benchmarks
this has been tested repeatedly by multiple sources on multiple cpus

I do not trust your sources.. for as long they use their own hand made routines and not widely known benchmarks.

 

[OneMoar]

I do not trust your sources.. for as long they use their own hand made routines and not widely known benchmarks.

that is your problem not mine
live in ignorance I care not to waste anymore time here