Windows 11 and VBS (Virtualization Based Security)

[imprecise]

Windows 11 and VBS (Virtualization Based Security)

The VBS virtualization function implemented in Windows 11 to secure the system can decrease performance in games by 30%.

Up to 30% lower performance for games! This is what should affect gaming PCs if they upgrade to Windows 11 according to UL Benchmarks, the publisher of 3DMark, a famous computer testing software. It is in particular on the Shadow of the Tomb Raider test, that 3DMark was able to note a monumental drop in performance. For once, on the side of the players, the new Windows should not easily find its place. The reason for this reduced performance? Reinforced security of the system which drains the power of the computer. Everything comes from the virtualization system, that is to say the Virtualization-Based Security (VBS). A process that is supposed to protect the computer against the exploitation of possible vulnerabilities and the large family of malware.

It is possible to disable the VBS

Concretely, the programs are isolated from the operating system by being activated in a protected virtual bubble. A very secure system which will have no consequences for a classic use of a computer, but which will radically reduce the performance of a gamer's PC. This technology, which is already integrated into Windows 10, is available from eighth generation processors at Intel, and AMD Zen 2. The only difference with Windows 10 is that this feature is activated by default with the new Windows. But there is a nuance, since this is not the case when the computer switches from Windows 10 to Windows 11. For its part, Benchmarks UL will update 3D Mark so that the software can automatically detect if the VBS is activated during its tests and so that the results are more relevant.


Virtualization Based Security System Resource Protections

Virtualization-based security, or VBS, uses hardware virtualization features to create a secure environment which can host a number of security features. Running these security applications inside VBS provides offers greatly increased protection from vulnerabilities in the operating system, and prevents the use of malicious OS exploits which attempt to defeat protections.

VBS uses the Windows hypervisor to create this virtual secure mode, and to enforce restrictions which protect vital system and operating system resources, or to protect security assets such as authenticated user credentials. With the increased protections offered by VBS, even if malware gains access to the OS kernel, the possible exploits can be greatly limited and contained because the hypervisor can prevent the malware from executing code or accessing platform secrets.