Microsoft’s latest Windows 11 feature update, the Windows 11 2022 Update (22H2), turns on the operating system’s core isolation memory integrity protection by default. This change in Windows 11’s security policy trades increased security for a small (though significant) loss of performance in earlier tests.
Microsoft shipped the Windows 11 2022 Update on Tuesday, with additional security features like Smart App Control. Our review of the Windows 11 2022 Update notes that Microsoft has focused more on behind-the-scenes features like accessibility and security, rather than more popular features like the Taskbar.
At Windows 11’s launch, Microsoft left core isolation off by default. Now, the company is concerned that users are secure “out of the box,” with other scenarios — including gaming, where turning on these functions has hurt performance — taking a back seat. Microsoft also believes that its engineering teams have been able to overcome or partially overcome the performance hit that turning on those memory integrity features entails.
“Core Isolation will be on by default for fresh installations and new PCs, so devices are secure as possible,” Microsoft said in an emailed statement after this story had initially published.
The new security feature will be on by default for new PCs, but not for those who are upgrading to the Windows 11 2022 Update. Representatives also said that the core isolation feature can be turned off. (One of our test PCs, a Microsoft Surface Laptop Studio, does not allow this feature to be turned off, however.)
What is core isolation?
In Windows 10 and 11, supported hardware uses a form of virtualization to protect the operating system and your PC from malicious code, isolating certain processes in the PC’s memory. Certain hardware features are required to enable the feature, including a TPM 2.0, secure boot, and Data Execution Prevention. In part, the increased priority on security pushed Microsoft to require PCs with processors that supported these features as a requirement for Windows 11. But core isolation has been supported for several processor generations (and across AMD and Qualcomm) even if PCs haven’t necessarily used it.
Mark Hachman / IDG
You can typically check whether these features are on or off inside the Windows Security app, specifically the Device Security section (Settings > Privacy & security > Windows Security > Device Security > Core Isolation). Certain PCs — for example, Microsoft’s Surface Laptop Studio — shipped with memory integrity on by default, with no option to turn it off. Other laptops may have different settings.
The change that Microsoft says that it is making, though, is to make this memory integrity setting more like the Surface Laptop Studio’s: on by default, protecting your PC. Again, though, if you’ve switched this feature off, Microsoft says it will not be switched on again.
“For users who are upgrading their OS and Core Isolation is turned off, it will remain off,” Microsoft said in a statement. “The user will see a warning in the Windows Security app informing them that this feature is currently turned off so that action can be taken by the user to turn it on so that their device is as secure as possible against malicious attacks.”
What effect does this have on your PC?
The significance of Microsoft’s decision depends on your perspective. To be fair, Microsoft’s decision trades off providing increased confidence in your PC’s security versus a slight dip in your PC’s performance, which you may or may not notice.
Both PCWorld and Tom’s Hardware tested the effects of the core isolation / memory integrity feature earlier this year. PCWorld’s tests focused on the impact on general productivity — and turning it on has less than 5 percent performance penalty for processors dating back to Intel’s 6th-generation Core chips. PCMark tests, which measure general productivity, were similar. Going back to Intel’s relatively ancient 6th-generation Core chip generates a performance drop of more than 10 percent.
In gaming, however, Tom’s Hardware found that even recent processors like the Core i7-11700K showed 7 percent drops in popular games like Red Dead Redemption 2 — about a processor generation’s worth of performance. That’s fairly significant, especially for those systems already hovering around the margins of playable frame rates.
Both tests were performed in October 2021, about a year ago, however. Microsoft believes that at least some of those performance drops have been overcome by engineering work since then. By how much? We don’t know yet.
If you’re an average PC user, Microsoft’s decision probably benefits you. Gamers, though, should probably consider switching this feature off when they begin gaming. Or use Windows 10 instead.
This story was updated at 12:35 PM with additional details.
Digital Currencies Cryptocurrency has taken the financial world by storm, with digital currencies such as Bitcoin and Ethereum gaining mainstream acceptance. As more businesses and consumers adopt digital currencies, we are seeing a shift in the global financial landscape. In this article, we will discuss the rise of crypto and how it is reshaping the […]
Modern Law Enforcement: Best Practices and Techniques for Digital Evidence Collection and Analysis. Computer forensics is the process of collecting, analyzing, and preserving digital evidence from electronic devices for use in legal proceedings. With the increase in technology usage and the rise of cybercrime, computer forensics has become an essential tool for law enforcement agencies […]
Free VPNs are a tricky business since you always have to ask how the company is covering the costs of such an offering. Some services see it as a chance to encourage upgrades or just as free advertising for the paid service. Others, however, host third-party ads, which means you may be targeted based on […]
Hello, Iam Guest Posting Service I Have 600 Site Status : Indexed All Good DA : 40-60 Different Nice I Category Drip Feed Allowed I can instant publish ASAP
My Service : 1. I will do your orders maximum of 1X24 hours, if at the time i’am online. I will do a maximum of 1 hour and the process is complete. 2. If any of you orders are not completed a maximum of 1x24 hours, you do not have to pay me, or free. 3. For the weekend, I usually online, that weekend when i’am not online, it means i’am working Monday. 4. For the payment, maximum payed one day after published live link. 5. Payment via paypal account If you interesting, please reply Thank You Regards, AKDSEO