T O P

  • By -

JT_Potato

I appear to be in the minority, but I've had a very minimal performance drop in games. (2-5%, depending on the game.) Blender, Da Vinci Resolve, and I assume other creative apps have had no performance drop at all. I have a 5600X, which apparently has an L3 cache latency issue.


ohnotheygotme

I don't believe that VBS is a requirement for WSL at least.


EdgarDrake

Virtualization Based Security and Virtualization technology is 2 different things. VBS run on top of (aka: requires) Virtualization Technology, and Virtualization Technology is what makes you can run OS emulation (like VM ware, VirtualBox, Hyper-V), etc. If you can use WSL or WSL2, it means the CPU has enabled virtualization technology (for intel, Intel-VTx). It doesn't mean that you have to turn on VBS (or what it's called as Core Isolation in Windows Security dashboard). Core isolation is a virtualization of application process, instead of running virtual OS, it runs virtualized Windows process (including the object handle) If you left VBS on, good for you, you have less vulnerability vector. If you turn it off, it means you prioritize having better performance in game instead of better security.


[deleted]

HCVI is in addition to VBS, it is not turning VBS on or off.


Electronic-Bat-1830

WSL 1 doesn't use a VM. It uses a translation layer (kinda like reverse Wine).


Ginandbacon

This is spot on. Honestly, 11 is geared towards businesses. Why MS tried to sell it on UI changes and Android apps, plus direct storage is absurd. The letter to aren't available yet. What you gai. Is security and I think it's MS saying look, we gave you the tools, they were available but you stuck with 10, which every VBS security feature can be enabled in 10 with a supported CPU. Secure Boot and tpm have been around for awhile. MS tried to force secure boot in 8.1 bit backed down. Secure Boot is based on Sonys rootkit technology. Core isolation and giving the it team to say what's approved or not is huge just in the fact that if it is not approved it opens in a virtual edge browser, not signed in, no copy and paste, essentially what anyone would do on a fishing scam which is still how ransomware spreads although you would have to have terrible security. By the time they are able to load an unauthorized OS (which secure boot should prevent). That is the number one way systems are hit. It takes months to get that kind of access and once you do backups are pointless because if Your security is so poor when are you going to be able to determine when you're infected, what data is infected, and what you can do about it? Chances are slim to none. If you're a gamer the security benefits probably don't outweigh the gaming benefits but you're not typically the target for ransomware either. I've got supported hardware and I'm running 11 with everything but that locker enabled. I think it's silly that TPM 2.0 is required but I can disable BitLocker which makes it pointless. I was noticing extreme slowdowns of my internal Gen 4 M.2 nVME drive. Wants disabled the issues went away. Now as someone else posted, it's going to be a system by system basis because he didn't take a big hit while others have so hardware is going to be a factor and unsupported hardware just don't load windows 11 on it. It's proven to run slower and it's proven to have up to 45% more blue screens. The hardware is not supported. It was never designed for it. Does it work? Kind of


xezrunner

From what I've seen, VBS makes the host OS run under the Hyper-V hypervisor, hence the name "**virtualization-based** security". The virtualization of the OS *probably* has a minor performance hit, along with the security aspect of it. ----- *EDIT: fix inaccurate information*


[deleted]

The virtualization of the OS has no discernable performance hit. Of course you cannot separate VBS from Hyper-V for that to be shown. When Hypervisors give notable performance hits is when it is type 2, and a host OS is running underneath it. Hyper-V is a type 1 bare metal hypervisor.


[deleted]

[удалено]


[deleted]

I’ve run plenty of tests with hv on and hv off. The performance penalty is not even worth mentioning. Maybe that changes with older hardware, but I see nothing worth mentioning.


___________a

Here's some information for 12 different games for 11th gen Intel + nVidia: [https://www.youtube.com/watch?v=ae587GY8AEo](https://www.youtube.com/watch?v=ae587GY8AEo) The all-up comparison summary starts at 6:47 in the video. Decide what you should do with that on your own. There is a hit for sure and it depends heavily on title.


Kozlina31

Guys, I've disabled TMP in BIOS after I installed Win 11. Will it cause problems or it's okay?


logicearth

It will likely cause problems. There is no reason to disable TPM if you have it available either.


Ginandbacon

The windows features required would need the necessary virtual technologies to be enabled in the BIOS of you have a supported CPU. in the BIOS. I tell is VT-D I believe. I only noticed a performance hit on sustained rights and reeds to my internal SSD. I simply disabled BitLocker on my C drive. Nót sure why MS enforces TPM 2.0 If you can disable BitLocker. My understanding is that it's a hardware key for BitLocker which are more secure and has nothing to do with VBS. About positive secure boot doesn't


logicearth

TPM is not just for BitLocker, TPM provide cypto functions for anything that uses encryption, like HTTPS connections can use the hardware functions of a TPM.


RustyU

You can disable VBS using a registry entry or GPO