Microsoft’s latest Windows 11 feature update, the Windows 11 2022 Update (22H2), turns on the operating system’s core isolation memory integrity protection by default. This change in Windows 11’s security policy trades increased security for a small (though significant) loss of performance in earlier tests.
At Windows 11’s launch, Microsoft left this feature off by default. Now, the company is concerned that users are secure “out of the box,” with other scenarios — including gaming, where turning on these functions has hurt performance — taking a back seat. Microsoft also believes that its engineering teams have been able to overcome or partially overcome the performance hit that turning on those memory integrity features entails.
In Windows 10 and 11, supported hardware uses a form of virtualization to protect the operating system and your PC from malicious code, isolating certain processes in the PC’s memory. Certain hardware features are required, including a TPM 2.0, secure boot, and Data Execution Prevention. In part, the increased priority on security pushed Microsoft to require PCs with processors that supported these features as a requirement for Windows 11. But core isolation has been supported for several processor generations (and across AMD and Qualcomm) even if PCs haven’t necessarily used it.
Mark Hachman / IDG
You can typically check whether these features are on or off inside the Windows Security app, specifically the Device Security section. Certain PCs — for example, Microsoft’s Surface Laptop Studio — shipped with memory integrity on by default, with no option to turn it off. Other laptops may have different settings.
The change that Microsoft is making, though, is to make this memory integrity setting more like the Surface Laptop Studio’s: on by default, protecting your PC with no choice to turn it off.
What effect does this have on your PC?
The significance of Microsoft’s decision depends on your perspective. To be fair, Microsoft’s decision trades off providing increased confidence in your PC’s security versus a slight dip in your PC’s performance, which you may or may not notice.
Both PCWorld and Tom’s Hardware tested the effects of the core isolation / memory integrity feature earlier this year. PCWorld’s tests focused on the impact on general productivity — and turning it on has less than 5 percent performance penalty for processors dating back to Intel’s 6th-generation Core chips. PCMark tests, which measure general productivity, were similar. Going back to Intel’s relatively ancient 6th-generation Core chip generates a performance drop of more than 10 percent.
In gaming, however, Tom’s Hardware found that even recent processors like the Core i7-11700K showed 7 percent drops in popular games like Red Dead Redemption 2 — about a processor generation’s worth of performance. That’s fairly significant, especially for those systems already hovering around the margins of playable frame rates.
Both tests were performed in October 2021, about a year ago, however. Microsoft believes that at least some of those performance drops have been overcome by engineering work since then. By how much? We don’t know yet.
If you’re an average PC user, Microsoft’s decision probably benefits you. Gamers, though, may (with an emphasis on may) have a reason to worry.