Microsoft’s latest Windows 11 feature update, Windows 11 2022 (22H2) Update, turns on the operating system’s Quarantine Integrity Protection by default. This change in the Windows 11 Security Policy increases security for a small (albeit significant) loss of performance in previous tests.
Microsoft shipped the Windows 11 2022 Update on Tuesday, with additional security features like Smart App Control. Our review of the Windows 11 2022 Update indicates that Microsoft focused more on behind-the-scenes features like accessibility and security, rather than more popular features like the taskbar.
At the launch of Windows 11, Microsoft left isolation core by default. Now, the company is concerned that users are safe “out of the box,” with other scenarios — including gaming, where running these functions compromises performance — taking a back seat. Microsoft also believes that its engineering teams have overcome or partially overcome the performance hit involved in operating these memory integration features.
“Core Isolation will be turned on by default for recent installs and new PCs, so hardware is as secure as possible,” Microsoft said in a statement emailed after this story was initially published.
The new security feature will be turned on by default for new PCs, but not for those upgrading to Windows 11 2022 Update. The representatives also said that the core isolation feature can be turned off. (However, one of the computers we tested, the Microsoft Surface Laptop Studio, does not allow this feature to be turned off.)
What is basic isolation?
In Windows 10 and 11, supported devices use some form of virtualization to protect the operating system and your computer from malicious code, isolating certain processes in your computer’s memory. Certain hardware features are required to enable the feature, including TPM 2.0, Secure Boot, and Data Execution Prevention. In part, the increased priority of security has prompted Microsoft to require computers with processors that support these features as a requirement for Windows 11. But core isolation has been supported by several generations of processors (and via AMD and Qualcomm) even if PCs didn’t necessarily use it.
Mark Hatchman / IDJ
You can usually check if these features are turned on or off within the Windows security app, specifically a file Device security Section (Settings > Privacy and Security > Windows Security > Device Security > Core Isolation). Some PCs—for example, Microsoft’s Surface Laptop Studio—ship with memory integration turned on by default, with no option to turn it off. Other laptops may have different settings.
However, the change Microsoft says it’s making is to make this memory integration setting more like setting up Surface Laptop Studio: by default, to protect your PC. Again, though, if you turn this feature off, Microsoft says it won’t turn on again.
“For users who upgrade their operating system and have Core Isolation turned off, it will remain closed,” Microsoft said in a statement. “The user will see a warning in the Windows Security app telling them that this feature is currently off so that the user can take action to turn it on so that their devices are as secure as possible against malicious attacks.”
What effect does this have on your computer?
The significance of Microsoft’s decision depends on your point of view. To be fair, Microsoft’s decision goes against offering increased confidence in your PC’s security in exchange for a slight decrease in your PC’s performance, which you may or may not notice.
Both PCWorld and Tom’s Hardware tested the effects of the Core Isolation/Memory Integrity feature earlier this year. PCWorld’s tests focused on the impact on overall throughput – and running it results in less than a 5% performance penalty for processors dating back to 6th generation Intel Core chips. The PCMark tests, which measure overall productivity, were similar. Going back to the relatively old Intel 6th generation Core chip, it generates a performance drop of over 10 percent.
In gaming, Tom’s Hardware found that even modern processors like the Core i7-11700K showed a 7 percent drop in popular games like Red Dead Redemption 2 – About the value of the performance of the processor generation. This is somewhat important, especially for those systems that are already hovering around the margins of playable frame rates.
Both tests took place in October 2021, about a year ago. Microsoft believes that at least some of these performance drops have been overcome by engineering work since then. with you? We don’t know yet.
If you’re a regular PC user, Microsoft’s decision will likely benefit you. Although, players should consider turning this feature off when they start playing. Or use Windows 10 instead.
This story was updated at 12:35 PM with additional details.