Microsoft's incompetence or deliberate performance degradation

[RejZoR]

Have you tried a complete fresh install of the latest version of 10 (1803)? As yes I have seen slow downs on other computers soon after certain updates and a fresh install seems to help.

Yeah, 1803 is this slow "out of the box" and with no fixable option because you can't remove any individual updates. Downgrading to 1709 and removing problematic updates resolved it. I'm not aware of any method where I could selectively kill specific KB's that come as part of 1803 itself.
I've done like 5 fresh installs to even pinpoint what was even causing it (after going through several GPU driver revisions thinking it's GPU issue since everything visual was lagging and it wasn't accelerating Youtube videos).

@lexluthermiester
I prefer my systems fully updated. This laptop is used mostly by my mom and even though I manage it, I can't always know what is going on with it. This is why I really dislike the idea of not updating it for the sake of it even being usable...

 

[lexluthermiester]

It's a speculative execution timing attack on caches? I don't know where you get "VM" from that.

Because that is the best avenue of attack for these vulnerabilities. Hyper-Threading is another. Disabling both will block 99% of the security risks exposed by them.

 

[R-T-B]

It is even more ironic knowing AMD isn't affected by given vulnerability

AMD is affected by Spectre. Can't believe we are still going in circles on that point.

Because that is the best avenue of attack for these vulnerabilities. Hyper-Threading is another. Disabling both will block 99% of the security risks exposed by them.

Uh, not really? I'm really going to have to call a citation needed here. It flies in the face of everything I have read. It's a timing attack on caches. Hyperthreading... I mean I'm not even sure what that has to do with it?

Just because server farms are most at risk (because they tend to have barriers set up in VM form) does not mean that is the only vector for attack, or even how the attack works. It just means they are the long hanging fruit target wise.

 

[lexluthermiester]

AMD is affected by Spectre. Can't believe we are still going in circles on that point.

AMD CPU's are not affected in the same ways. Yes they can be exploited, but it is more difficult to do so when compared to Intel CPU's and this is because of the VM and HT implementations, generally. For the older, non-VM CPU's the difficulties are almost identical and generally need physical access to the PC in question to exploit.

 

[R-T-B]

AMD CPU's are not affected in the same ways. Yes they can be exploited, but it is more difficult to do so when compared to Intel CPU's and this is because of the VM and HT implementations, generally. For the older, non-VM CPU's the difficulties are almost identical and generally need physical access to the PC in question to exploit.

Irrelevant when you consider that;

a.) AMD has every reason to sell you that line.
b.) Microsoft has no reason to do so.
c.) Microsoft pushed Spectre fixes globally. So did linux, and several other vendors.

I think the proof is in that pudding. "More or less" vulnerable, potato potatoe, they are still vulnerable enough to be an issue or they wouldn't push the fix.

 

[lexluthermiester]

a.) AMD has every reason to sell you that line.

Not really. This is proven fact. AMD CPU's are not exploitable in the same ways as Intel, nor are they as severely affected. ARM CPU's are in the same boat.

b.) Microsoft has no reason to do so.

Rubbish. Microsoft is very well known for pulling tricks and nonsense such as this to favor their preferred hardware vendors. Whether it is, in this instance, a deliberate act, laziness or sheer carelessness remains to be seen.

c.) Microsoft pushed Spectre fixes globally. So did linux, and several other vendors.

Yes, but the Android, iOS, MacOS, BSD, Unix and Linux patches have not had the same affected on those platforms that these patches have had on the AMD platforms.

I think the proof is in that pudding.

Agreed.

 

[RejZoR]

AMD A9-9420 (3.6GHz dual core, 4GB RAM, 256GB M.2 SSD) -> Absurd degredation of performance down to unusable levels when fully updated OS (3 individual updates causing performance problems)

Intel Atom Z8300 (1.44GHz quad core, 2GB RAM, 64GB eMMC) -> No noticeable performance degradation even when fully updated OS

I mean, it doesn't require an expert to see something doesn't add up when objectively weaker laptop has no performance degradation due to updates, but superior one becomes like 10 times slower than the weak one.

I have no clue how to solve this nonsense long term and MS's support was next to useless. I spent 1 hour explaining things to the person on the other end and then they've just done what I've already done myself, removed the update manually. That's not much of a fix when you want to keep OS updated because MS itself is pressuring you to do so on all ends.

 

[Assimilator]

Yes, but the Android, iOS, MacOS, BSD, Unix and Linux patches have not had the same affected on those platforms that these patches have had on the AMD platforms.

Considering Linux drivers are generally worse than their Windows counterparts, would anyone running Linux notice the impact of Spectre patches? More to the point, would anyone running Linux really be running it on a dual-core potato?

Fact of the matter is, it seems like there is almost no information on what the actual performance impact of Spectre/Meltdown patches is on AMD CPUs - not on the high-end models, and certainly not on the potatoes. Given that, it doesn't seem unreasonable to assume that all we're seeing is that low core count CPUs suffer far more from these patches than HCC ones.

I would try getting in contact with someone from AMD to confirm this - they're much more likely than Microsoft to be interested in fixing this issue, if it can be fixed.

 

[lexluthermiester]

Considering Linux drivers are generally worse than their Windows counterparts

Speaking from personal experience, no they aren't. Linux driver are more often than not more efficient and stable than Windows drivers, by design and necessity.

I would try getting in contact with someone from AMD to confirm this - they're much more likely than Microsoft to be interested in fixing this issue, if it can be fixed.

AMD has already done their part. This is entirely in Microsoft's ballpark.

 

[FordGT90Concept]

It's a speculative execution timing attack on caches? I don't know where you get "VM" from that.

Because the attack has to come from an administrator account and the only scenario where you have a malicious administrator user account on a machine with accounts that aren't malicious is when there's multiple VMs running on the same silicon. Namely, cloud computing. A user could buy a VM on the cloud and then use that VM to siphon data from other VMs hosted on the same hardware.

In a single user environment with no VMs running, the only potential administrator is the user himself/herself. There's no reason to plug the vulnerability.


Microsoft should condition the install of the Specter/Meltdown fixes based on whether or not Hyper-V is enabled.

 

[Vario]

Put 7 back on it and enjoy it for the remaining 1.5 years. Make sure to read the 7 KBB descriptions as you patch it up.

 

[eidairaman1]

Put 7 back on it and enjoy it for the remaining 1.5 years. Make sure to read the 7 KBB descriptions as you patch it up.

Is he using a HDD, moat low end laptops were using a 5400 hdd in them to begin with, most troubles for 10 were due to an HDD and most forget to optimize the hdd.

Also he should try www.blackviper.com

 

[FordGT90Concept]

Windows, since 7 (maybe Vista), has automatically defragmented hard drives. Windows since 8 (I think) also automatically optimizes solid state drives.

 

[HD64G]

That performance difference cannot be because AMD CPUs are vulnerable to any security threat. My 8350 hasn't seen any performance loss at all from windows update. So, something is bad with those updates for specific cpus and MS should fix that asap.

 

[trparky]

AMD A9-9420 (3.6GHz dual core, 4GB RAM, 256GB M.2 SSD) -> Absurd degradation of performance down to unusable levels when fully updated OS (3 individual updates causing performance problems)

Intel Atom Z8300 (1.44GHz quad core, 2GB RAM, 64GB eMMC) -> No noticeable performance degradation even when fully updated OS

I mean, it doesn't require an expert to see something doesn't add up when objectively weaker laptop has no performance degradation due to updates, but superior one becomes like 10 times slower than the weak one.

Um... wait, so you're saying that the AMD system is superior to the Intel system in this situation. Are you trying to make me laugh here? Because you're doing a damn good job, I had to bite my tongue to stop myself from laughing here.

The AMD chip you're talking about is essentially AMD Bulldozer. OK, I know you're going to say that it's technically Excavator but Excavator is basically Bulldozer with a couple of tweaks. Basically lipstick on a pig here. AMD's Bulldozer architecture was a steaming pile of horse shit, there was a reason why after coming out with that sorry excuse of a processor AMD's image took a major hit; it was because it was garbage (no, to call it garbage would be an insult to garbage). So no, the AMD chip is a piece of shit when compared to that of the Intel Atom Z8300 here in pure benchmarks, add in Spectre and Meltdown patches and you'll have that AMD chip so loaded down it would be like asking a Yugo to pull a tractor trailer.

If it weren't for Ryzen AMD would be dead today, Ryzen brought that company (figuratively and literally) back from the edge of death. How you expected that garbage AMD chip to be anywhere close to decent, I have no idea. There's a reason why Intel reigned supreme for so many years.

 

[AltCapwn]

Is he using a HDD, moat low end laptops were using a 5400 hdd in them to begin with, most troubles for 10 were due to an HDD and most forget to optimize the hdd.

Windows 10 + HDD = bug of the 100% disk usage for no reason.

But initialy, op has a SSD.

Um... wait, so you're saying that the AMD system is superior to the Intel system in this situation. Are you trying to make me laugh here? Because you're doing a damn good job, I had to bite my tongue to stop myself from laughing here.

Atom < AMD APUs, he doesn't mean that Intel is worse than AMD. Atom is a lower spec part than AMD Apu's. His point was that lower spec CPUs has less performance hit than higher spec CPUs, AMD vs Intel has nothing to do here. But I guess it's because the performance hits can be count in percentage.

 

[RejZoR]

Exactly. I actually own both, A9-9420 and Atom Z8300 and there is no way Atom is in any way better. It may have more cores, but it runs at 1.44GHz in best case (I haven't ever seen it clock higher even though it should up to 1.8GHz afaik). It's IPC also isn't magical just because it's Intel. People think uh oh Stoney Ridge is based on Bulldozer so it must be crap. Entirely ignoring the fact it has updated instructions set, improved IPC and is heavily single thread focused where Bulldozer was everything but that because they traded all that for MOAR CORES approach. This A9 is VERY fast for a lower end CPU and such absurd performance hit makes zero sense.

 

[Kursah]

Windows, since 7 (maybe Vista), has automatically defragmented hard drives. Windows since 8 (I think) also automatically optimizes solid state drives.

Windows 7 SP1 could trim/optimize SSD's at the logon screen iirc. But it is still recommended to check and ensure TRIM is enabled and to enable it if it isn't already, which it usually was by default when an SSD was detected. Pre-SP1...that's a different story. But post-SP1 I recall being pretty SSD friendly.

https://lifehacker.com/5640971/check-if-trim-is-enabled-for-your-solid-state-drive-in-windows-7

Put 7 back on it and enjoy it for the remaining 1.5 years. Make sure to read the 7 KBB descriptions as you patch it up.

That is an option, or toss the latest Ubuntu on there. Going back to Gnome GUI has been pretty solid and far smoother performance-wise on low-end gear, I've had my mom able to easily use a spare system I had with it while I get hers back up to snuff (Win10 system). We are talking an old dual core/4GB RAM/HDD system and it's nice and snappy right now with Bionic Beaver. The latest Ubuntu has been a pleasure to use and deploy for users, and I would venture to say one of the best iterations of the OS yet to be released.

I have no clue how to solve this nonsense long term and MS's support was next to useless. I spent 1 hour explaining things to the person on the other end and then they've just done what I've already done myself, removed the update manually. That's not much of a fix when you want to keep OS updated because MS itself is pressuring you to do so on all ends.

Unfortunately 2018 has been pretty busy with a LOT of "oops" patches from MS. There's still one they keep pushing out monthly that has the potential to cause NIC ports to stop working but still be present. This has been a huge pain in the ass, because this has been happening monthly since April (or March) because there is a security element that MS keeps pushing out, then another element that kills NIC activity, but they can't seem to separate them.

I work for an MSP and we utilize Continuum ITSupport RMM, which we also use to whitelist/blacklist Windows updates, we've been mostly staying ahead of the curve since April except for the time MS 0-dayed one of the security patches that also contained the "NIC killing bug". That was an all hands on deck situation going on-site to repair/reinstall NIC drivers where we could on systems that didn't have WiFi adapters available (A LOT of them didn't, but now have at least a spare on-site that is usable thanks to this).

The most current KB that has been blacklisted through our RMM service, and also one we're blocking on WSUS is KB4338818.

Here's a quick statement provided by Continuum:

[Action Required] Microsoft July 2018 Security Updates KB4338818 Blacklisted for All Partners

Date: 7/11/2018

We have blacklisted the July Monthly Security Update for Windows 7 and Server 2008 R2 SP1 (KB4338818) for all partners. After testing, the team found that the same major issue that causes the NIC to stop working is still present.

We are following the same guidance and process that we shared previously, and as a reminder there is a script available to help you find which resources have the missing OEM .INF file so that you can replace the network drivers on those resources before applying the Security Update. For a step-by-step guide visit the Zero-Day Patch Update Doc Center page.

To ensure that you get this Security Update and future Security Updates follow and complete the steps outlined in the Zero-Day Patch Update page as our team will not whitelist this update or future updates with this major issue present.

You can also choose to deploy the update using the “Manual Deployment” capability within the ITSupport portal to schedule an on-demand job that will deploy the update to any resource(s) or site(s) you wish.

Please know that we are committed to your success and are continuing to evaluate additional ways to provide you with the more control and options. Any updates made will be communicated with you.

The frustrating part, and I feel your pain @RejZoR is that we really shouldn't have to be manually filtering or controlling patches. There are many situations where that doesn't happen, but it seems the situations to pay more attention to Windows updates and having to remove or blacklist them has definitely increased in frequency as Windows 10 has matured. Which seems pretty backwards to me as well. But in the age of seems like almost daily vulnerabilities being reported, maybe it shouldn't be so surprising.

Either way, maybe going W10 LTSB as @eidairaman1 suggested earlier in the thread would be the appropriate way to go. Use Win Defender + whatever you prefer, use DNS filtering service(s), etc...you probably already do all of that for her though. Sure you won't have the latest and greatest security patching, but with the latest and greatest security patching causing issues, that might not always be such a bad thing.

 

[GoldenX]

gpedit.msc and kill Windows Update?
Wasn't the Linux patch pushed by Intel to be global but Linus stopped it?

 

[Deleted member 163934]

That is an option, or toss the latest Ubuntu on there. Going back to Gnome GUI has been pretty solid and far smoother performance-wise on low-end gear, I've had my mom able to easily use a spare system I had with it while I get hers back up to snuff (Win10 system). We are talking an old dual core/4GB RAM/HDD system and it's nice and snappy right now with Bionic Beaver. The latest Ubuntu has been a pleasure to use and deploy for users, and I would venture to say one of the best iterations of the OS yet to be released.

I'm using Lubuntu on the pc with Sempron 145 (single core, second core is totaly unstable), 4 GB RAM, gt 720, hdd. Win 10 was basicaly killing the poor Sempron, Win 7 SP1 x64 totaly unpatched was acceptable, Win 7 SP1 x64 with most important updates (I have like 3 that I never install) was painfull for the poor Sempron.

The problem might be easier to notice on older AMD cpu due to their lower single thread performance compared to Intel cpu. I notice a performance degradation on my other pc with Athlon x4 640 between Win 7 SP1 x64 totaly unpatched and Win 7 SP1 x64 patched with important updates except IE10, IE11 and KB2670838 , on the other had I notice no performance degradation on the Pentium G3260 even after updating the bios to get the microcode for Spectre.

1.81 from 12/10/2018 (dd/mm/year , to make it clear for everyone)

1.81 from today

(I no longer have Windows on the x4 640 (moved it to mint mate 5 days ago). By next year I plan to move all my pcs to Linux except one crappy one that will stay on Windows just to have a pc on Windows .)

yes the score from today is constantly lower (anyway less than 5%) compared to the one from october last year but well it's the microcode from the bios and the meltdown/spectre patches. 1.81 because this looks to be the latest I have before the meltdown/spectre thingy.
3dmark scores are also a bit worst compared to the ones I was getting last year but again it's under 5%.

Bulldozer has low single thread performance. It's a weird design to be honest and I failed to see what exactly they wanted to do with it (I don't really see who they were targeting at release, gamers clearly not, people that were already having a pc and using it for browsing/office didn't really had a need to upgrade in most cases k8/k10 cpus could still do that).

L.E.: If reinstalling Windows and patching it gives exactly the same result then well that points to an issue with a windows patch and something else in the pc. What something else? Not easy to tell. Win 10 has a passion to install on it's own drivers, maybe one patch just doesn't play well with one driver that Win 10 itself installed. But it doesn't have to be that. It can easily be a perf regression that was introduce in the patch that triggers only in particular situation (in this case it can be (but it doesn't have to be this) the Bulldozer architecture that well it's not exactly like the rest of the cpus). I don't have a Bulldozer based cpu so I can't test if it's a problem with this particular cpu architecture or not, if it is others will probably notice it sooner or later and there will be topics about this problem. Things become more complicated if the regression triggers only in a particular mb + cpu combination and worst if a particular mb bios bug is triggering it (mostly because there will be less cases reported, but in same time easier to figure out the problem because all of them will have something easy to notice in common)...

L.E. 2: I find really weird the single thread performance loss in OP post. It's almost half the single thread performance lost (even if I assume that after the patch the A9-9420 stop using the turbo clocks that 600 mhz between 3ghz and 3.6 ghz shouldn't have such an impact, it should be ~153 (+-10%) if before the patches it was going into turbo freq and after patches it's not going; if this was my laptop i'd stop the cpu from downclocking (bios if possible or windows) and use cpu-z bench again, if for some reasons in the single thread test it doesn't clock properly well this anomaly can be explained).... Multi thead performance looks be somehow fine, but if I see single thread performance lost I expect the multi thread performance to go down also. At least from my point of view the multi thread ratio shouldn't really show such changes.

 

[trparky]

There's still one they keep pushing out monthly that has the potential to cause NIC ports to stop working but still be present.

Um... If the patch isn't causing issues with other network controllers yet it's causing issues with one particular network controller I can't say that the blame should be on Microsoft, the blame should be on the manufacturer of the one network controller that is having issues. Perhaps it's a driver issue. If it is, it should be up to the manufacturer to fix it.

The problem might be easier to notice on older AMD cpu due to their lower singlethread performance compared to Intel cpu.

Exactly. We've known for years that AMD lagged behind that of Intel performance. Perhaps, unfortunately for all of us, the fixes for recent processor exploits have brought about an even wider gap on particularly older AMD chips to make for a performance gap that's even worse than it was before.

 

[Deleted member 178884]

Ouch - my celron j1900 4th pc didn't take such a bad hit over time and still stable and semi fast.

 

[trparky]

We knew that this kind of situation may come about, perhaps we just didn't know how bad the situation would be. But, there's no use in crying about it. Upgrade and move on, that's all we can do.

 

[hat]

Um... If the patch isn't causing issues with other network controllers yet it's causing issues with one particular network controller I can't say that the blame should be on Microsoft, the blame should be on the manufacturer of the one network controller that is having issues. Perhaps it's a driver issue. If it is, it should be up to the manufacturer to fix it.


Exactly. We've known for years that AMD lagged behind that of Intel performance. Perhaps, unfortunately for all of us, the fixes for recent processor exploits have brought about an even wider gap on particularly older AMD chips to make for a performance gap that's even worse than it was before.

Bulldozer may be a turd, but atom is a bigger turd, at least when comparing these two chips specifically. The bulldozer is the faster chip. Just because bulldozer was bad in general doesn't mean it's okay for this patch to murder its performance.

 

[Vayra86]

Um... If the patch isn't causing issues with other network controllers yet it's causing issues with one particular network controller I can't say that the blame should be on Microsoft, the blame should be on the manufacturer of the one network controller that is having issues. Perhaps it's a driver issue. If it is, it should be up to the manufacturer to fix it.


Exactly. We've known for years that AMD lagged behind that of Intel performance. Perhaps, unfortunately for all of us, the fixes for recent processor exploits have brought about an even wider gap on particularly older AMD chips to make for a performance gap that's even worse than it was before.

Stop this nonsense man, that A9 runs almost 3x the clocks of the Atom that has almost no perf loss. IPC gaps even as high as 100% wont make the Atom faster. Also, bulldozer at high clocks was on the level of a Sandy Bridge at 3~3.6 Ghz so the gap really isnt that huge as you make it out to be.