Do the security features in Windows 11 really slow down gaming performance?

People are currently reading this guide.

AMD and Microsoft have reported a performance issue with AMD CPUs, resulting in up to 15% less performance in select games. The newly discovered problem is distinct from the gaming tests that follow, which highlight the effect of security measures and only serve to provide a lower baseline for our testing. As a result, the performance deltas measured below remain correct.

Do the security features in Windows 11 really slow down gaming performance?
Image credits:

Microsoft is facing even more criticism over the release of Windows 11, with recent reports claiming that customers of new pre-built computers might lose up to 28 percent of their gaming performance owing to frame-rate-crushing security measures. Gamers are outraged, so we conducted many rounds of testing in our laboratories using some of the top CPUs for gaming from Intel and AMD. We discovered that security methods indeed degrade gaming performance, with an average effect of 5% on an 11th-generation Intel CPU (7 percent peak in one title). To the untrained eye, it may not seem to be much, yet it represents nearly one Intel CPU generation's worth of evaporating performance. 

On AMD Ryzen systems, we found a significantly lesser effect, with a 4 percent average for a Ryzen 5000 CPU (and an outlier 8 percent loss in one title). We also have a plethora of additional gaming and desktop PC programme benchmarks, which you can find listed below. The performance effect we evaluated was not nearly as dramatic as other publications have stated. Still, we don't like to make compromises, and sacrificing gaming speed isn't an option if you don't need the extra protection — particularly since this is an optional feature that OEMs can just turn off. 

Fortunately for enthusiasts, if you upgrade your PC from Windows 10 to Windows 11, or if you do a clean install, these security techniques will not be activated by default. Microsoft does, however, recommend that OEMs activate these features on certain new pre-built systems. Following considerable investigation, it is evident that Microsoft expressly does not suggest one of the security settings for gaming PCs, while the status of another remains unknown. Here's a quick summary.

What exactly are VBS and HVCI?

The problem starts with Microsoft's Virtualization-Based Security (VBS) capability, which provides a variety of security services. This feature employs hardware virtualization to establish a safe memory space for use by other security features such as Trusted Platform Modules (TPM) and Hypervisor-Protected Code Integrity (HVCI). Consider VBS to be a platform that provides additional security mechanisms. As you'll see below, both VBS and HVCI may cause performance issues in gaming and other typical PC programs. Since Windows 10 version 1903 9D in October 2019, Microsoft has proposed deploying Windows with VBS enabled by default on OEM PCs that support the functionality. Microsoft, on the other hand, has beefed up its security protections in Windows 11 and now recommends that OEMs use HVCI by default on select devices. This feature enhances malware resistance by adding extra safeguards for kernel memory allocations. 

HVCI (also known as Memory Integrity) has a greater performance effect than VBS, although Mode Based Execution Control (MBEC) mitigates it. MBEC needs hardware support, which is built into all CPUs beginning with Intel's 7th generation and AMD's Zen 2. HVCI's performance effect might be fairly significant if this functionality is not present. MBEC essentially softens the hit on newer hardware, resulting in a reduced impact. According to our findings, MBEC assistance minimizes the effect of HVCI to roughly the same level as VBS alone. From a CPU standpoint, the criteria for default HVCI enabling are straightforward: You'll need an Intel 11th-generation, AMD Zen 2, or Qualcomm Snapdragon 8180 processor (or newer), 8GB of RAM, and 64GB of SSD storage, as well as HVCI-compatible drivers. Microsoft recognises the performance impact of HVCI, and OEMs may opt out of HVCI for specific kinds of machines: "Some devices that are very performance-sensitive (e.g., gaming PCs) may opt to ship with HVCI deactivated."

Given the implications for overall device security, we suggest that you fully evaluate these situations before implementing them." -Microsoft We're currently looking into if OEMs may opt out of VBS enabling for gaming laptops and PCs, although MSI says it doesn't support HVCI on its gaming devices. We'll provide additional details when we discover more. You can quickly verify whether VBS is enabled by looking at the summary in the System Information window. 

The "Virtualization Based Security" item will indicate whether or not the service is active. Go here for a more detailed explanation on how to activate and disable VBS and HVCI. Also, keep in mind that we're testing with CPUs that feature MBEC, which seems to lessen the overall effect of HVCI. As a result, older chips will suffer more from this increased degree of protection, as seen below.

Here's a short rundown of our gaming tests' general geometric mean. We've got a lot more in-depth testing and analysis down below. Overall, we're looking at a 5% drop in performance, give or take a 1% drop. That's not a tremendous reduction, and it's not something most people would notice, but it's important when you consider the difference in performance across different CPUs. Core i9-11900K, for example, costs around 35% more than Core i7-11700K, with the only major difference being higher clock speeds, which boost performance by—wait for it!—approximately 7%. On Intel CPUs, you're losing up practically a full speed step in performance.

Security Impact on Intel Gaming Performance in Windows 11

More thorough test notes may be found towards the conclusion of the paper. We ran five different games, two of which had distinct APIs, on both the Core i7-11700K and i7-10700K. The data were then used to calculate a geometric mean of gaming performance for the Intel and AMD platforms. As is customary, performance deltas vary per title, with some suffering less from VBS/HVCI and others suffering more. Check out the complete tests to see the breakdown. We ran tests using Windows 11 Pro 23000.194 (the review version given by Microsoft) and the Windows 11-compatible Nvidia 472.12 graphics driver. To reduce the graphics bottleneck, we utilised an Nvidia GeForce RTX 3090, as we normally do for CPU testing. We also stayed with a 1920x1080 resolution, so keep in mind that the effect of VBS and HVCI would differ with higher resolutions and lower graphics cards.

It's simple to see that activating VBS causes the newer 11700K to perform worse than its predecessor, which isn't good. Enabling HVCI resulted in a minor performance drop below the 'VBS On' findings, however performance varies depending on the game title tested. Furthermore, despite the fact that we tested for it, Microsoft does not advocate setting HVCI by default on 10th-generation CPUs. The test results for all of our Intel gaming tests can be seen in the album below, and we also have a table that displays the % drop in performance for both Intel and AMD systems a little further down.

We had to split the Core i7-11700K and 10700K slides owing to Intel's tiny gaming performance boost when it transitioned from its 10th-gen to 11th-gen CPUs — the two chips often overlap, and these charts may be misleading due to the identical chip nomenclature and configurations. We ran through DX11, DX12, and Vulkan APIs to evaluate whether they had an influence on performance with the security features. After activating VBS, Vulkan outperformed DX12 in Red Dead Redemption 2. Red Dead Redemption 2 was 7.3 percent slower with DX12 and VBS, but it was decreased to 4.4 percent with Vulkan. We only tested one title using Vulkan, so the difference might be attributable to the game engine rather than a Vulkan/VBS quirk. Shadow of the Tomb Raider has been touted as the most affected by VBS (to the tune of a staggering 28 percent), but our findings were significantly more modest, with the worst slowdown measuring -7.2 percent with DX12 on the Core i7-10700K. We also tested DX11 with both Core i7 processors, and practically all of the tests (see table below) were slowed by an average of 6%. Grand Theft Auto V seems to be relatively resilient to VBS, since it only lost around 1% of its performance after enabling the function. Far Cry 5 lost roughly 5% on both chips, whereas Project Cars 3 lost about 6% on each chip. Because UL Benchmarks was the first to issue a public warning regarding the VBS function, we included three of the company's benchmarks.

The Security Impact of Windows 11 on AMD Gaming Performance

We saw significantly lower performance drops with AMD CPUs than we did with Intel ones, but the difference is so minor that it is insignificant. At least for the previous two generations, you shouldn't rely an AMD versus Intel purchasing decision on a chip's ability to support VBS/HVCI. The Ryzen 7 5800X was 4% slower when we enabled VBS, according to our geometric mean. The HVCI result fits within the typical variation we anticipate in our benchmarks when compared to the 'VBS On' setup. That is, there is no discernible difference between the 'VBS On' and 'VBS+HVCI' settings. When we enable the security measures, the Ryzen 7 3800X slows down by 4.1 percent. The 3800X offers nearly the same degree of performance when configured with either 'VBS On' or 'VBS+HVCI.' Unlike Intel's minor upgrade from 10th to 11th-generation CPUs, AMD's shift from Zen 2 to Zen 3 resulted in significantly improved gaming performance. That implies that the effect of the Windows 11 security feature isn't enough to knock a generation's worth of performance off the table, as we saw with the Intel Core i7-11700K.

Any Issues? - Live Connect

You have our undying gratitude for your visit!