07-19-2024, 12:03 PM
I don't know the details about how this security stuff works. One thing Windows 11 wants is virtualization-based security (VBS), memory integrity, to protect the kernel from malware attacks.
Older CPUs, such as my previous Intel Core i7-6700, this feature can be enabled easily enough, but then you get a bit of a performance hit. I run two separate performance measuring programs, one number crunching and the other graphics, and both showed an impact. Although in daily use, I must say, I saw no performance problem.
It seems that this performance issue got resolved, beginning with some Intel Core 7th generation CPUs and all 8th gen and newer. Some of what BIOS had to emulate in the older CPUs is now done in hardware, "Mode-Based Execution Control virtualization," or MBEC.
So, my experience, this did appreciably help the results of my two test programs, but where I really noticed a difference was in the installation time required for those bloated Windows Cumulative Updates. It went from a pretty reliable30 minutes, with the 6th gen Core i7, by the time the update was complete, to more like 10 minutes or so in 8th and 12th gen Intel Core CPUs. How much is attributable to MBEC? How much to having an SSD in the newer PCs, vs HDD? I don't know.
Honestly, that's the one really useful performance upgrade, for me. The big updates, even a reinstallation of Windows, becomes much less painful.
All this long-winded post to ask, does Linux not have similar security concerns? Don't Linux machines also want to enable something analogous to VBS? And if they do, wouldn't they also experience performance issues, with the older CPUs?
Older CPUs, such as my previous Intel Core i7-6700, this feature can be enabled easily enough, but then you get a bit of a performance hit. I run two separate performance measuring programs, one number crunching and the other graphics, and both showed an impact. Although in daily use, I must say, I saw no performance problem.
It seems that this performance issue got resolved, beginning with some Intel Core 7th generation CPUs and all 8th gen and newer. Some of what BIOS had to emulate in the older CPUs is now done in hardware, "Mode-Based Execution Control virtualization," or MBEC.
So, my experience, this did appreciably help the results of my two test programs, but where I really noticed a difference was in the installation time required for those bloated Windows Cumulative Updates. It went from a pretty reliable30 minutes, with the 6th gen Core i7, by the time the update was complete, to more like 10 minutes or so in 8th and 12th gen Intel Core CPUs. How much is attributable to MBEC? How much to having an SSD in the newer PCs, vs HDD? I don't know.
Honestly, that's the one really useful performance upgrade, for me. The big updates, even a reinstallation of Windows, becomes much less painful.
All this long-winded post to ask, does Linux not have similar security concerns? Don't Linux machines also want to enable something analogous to VBS? And if they do, wouldn't they also experience performance issues, with the older CPUs?