Microsoft has published the minimum CPU requirements for Windows 11

[britechguy]

Except is that really safe?

It's as "safe as you can get" with a given hardware configuration. There has never been a time when there was a mass exodus from a given hardware configuration (or similar configurations) because a security threat existed, because they've always existed, and, in some form, always will.

There are people still choosing to run Windows 7 (and even Windows XP) in contact with cyberspace. While I don't presume anyone is perfectly aware of all the risks involved in using whatever it is they use, they certainly should be aware of the broader ramifications.

So, yes, I absolutely stick by my earlier assertion. If your hardware supports Windows 11, it will go to Windows 11. If it doesn't, it stays on Windows 10 until Windows 10 hits EOL. And the security ramifications under each are what they are. I don't get to make the call about what is "secure enough" for anyone; they do.

 

[britechguy]

Obviously not perfect but perhaps good enough?

^^ This.

There is no perfect, ever. Sufficient is just that - sufficient in light of actual real-world conditions.

There are myriad threats that have been identified that have a near-zero probability of ever being exploited because it's just too darned hard and there's too little likelihood of any "useful payoff" from them.

Crooks aren't in it for the fun (though there certainly may be fun aspects).

 

[nlinecomputers]

TLDR, people using older hardware will be at a higher risk of crypto assault over the next 4 years than those on younger. MS's own telemetry shows a 70% reduction in malware infection on younger hardware as a result.

Yes but is that because of a real flaw being exploited in older hardware or the more likely that fact the users of older systems are more price-conscious and thus less likely to spend money on other security measures from AV software to firewalls and thus get pwnd because of overall lax security?

 

[britechguy]

older systems are more price-conscious and thus less likely to spend money on other security measures from AV software to firewalls and thus get pwnd because of overall lax security?

I'd say that, as a broad generality, cheaper systems are generally owned by residential users. This segment is well-known to be the most lax when it comes to absolutely any security measures you can name.

And, as has been said by many security experts, on many occasions: The weakest link in the security chain is the end user.
If you have an end user of any hardware that's cavalier about the most basic habits for safe interaction with cyberspace they're going to have various attack surfaces successfully attacked as a direct result of their own actions.

 

[Sky-Knight]

Yes but is that because of a real flaw being exploited in older hardware or the more likely that fact the users of older systems are more price-conscious and thus less likely to spend money on other security measures from AV software to firewalls and thus get pwnd because of overall lax security?

That really is the $1,000,000 question isn't it? The telemetry tells us hardware stats and infection rates but doesn't really give us the whole picture. For my part, I think that 3-4th generation platforms are still "secure" because they don't have that mini-OS in the chip that Intel started shipping with the 5th gens, but the 5th - 7th gen chips lack the features we need to fully patch those platforms.

So if you're security conscious and you want the full onion approach, you're already using 3-4th gen platforms, or brand new platforms as ideals. But how vulnerable is the rest in theory? I've certainly not had any issues with fully patched systems other than performance degradation. And the degradation has been largely invisible to the end users.

BUT... Intel has been having trouble in the last few years, so what if they start supporting chips for 10 years only? Then we won't have the microcode updates we need there either.

So again I see it as a line in the sand, the sooner you're on the other side the better your general experience will be. But I'm not about to freak out and push to get everyone over it today. It's just going to change the units I recommend to my clients a bit going forward. A year from now the secondary market will be flush with 8th generation and late 7th generation gear that meets these requirements on the cheap anyway. So those of us that refurb things to keep people going, will have plenty of further opportunity to do that.

Which is to say, the situation is normal.

 

[Galdorf]

The question is are the older chips still vulnerable according to top cyber security experts the micro code updates mitigate those issues real problem stems from Microsoft buggy code to mitigate the security issues instead of fixing it they want you to upgrade your cpu.

 

[NviGate Systems]

I miss the days when we had simple silicon problems like the old Pentium FDIV bug.

 

[Sky-Knight]

The question is are the older chips still vulnerable according to top cyber security experts the micro code updates mitigate those issues real problem stems from Microsoft buggy code to mitigate the security issues instead of fixing it they want you to upgrade your cpu.

There is no fix for Specre/Meltdown possible in the OS or in firmware. It must be done in the hardware... so yes new CPUs are required. The patches we've got are mitigations, not cures.

We'd have to stop using speculative execution to "fix" this given present architectures. Which reduces modern CPUs to 486s... it's THAT BIG.

 

[fincoder]

There is no fix for Specre/Meltdown possible in the OS or in firmware. It must be done in the hardware

And I believe the hardware fix wasn't released until Intel 9th gen CPUs (happy to be corrected if otherwise).

If so the Spectre/Meltdown vulnerability is present in 8th gen, which is supported by Windows 11 so those vulnerabilities must have nothing to do with the CPU requirements.

Corrected by Sky-Knight below. Intel 8th gen is when the hardware was fixed.

 

[Sky-Knight]

And I believe the hardware fix wasn't released until Intel 9th gen CPUs (happy to be corrected if otherwise).

If so the Spectre/Meltdown vulnerability is present in 8th gen, which is supported by Windows 11 so those vulnerabilities must have nothing to do with the CPU requirements.

Intel did some magic in the microcode for those: https://www.pcgamer.com/intel-to-bu...cpus-to-protect-against-spectre-and-meltdown/

It's not fixable in older chips though... but apparently some of the really late 7th gens are OK. I presume those are the chips Microsoft has added to the list.

By the way, I don't think the hardware fix made it in until the 10th gen chips... but my memory could be off on that.

 

[fincoder]

Oh I couldn't find that info when I googled to find out. So it seems Intel 8th gen has fixes for Spectre & Meltdown. So no coincidence then, that 8th gen are the oldest Intel CPUs supported.

 

[Sky-Knight]

Oh I couldn't find that info when I googled to find out. So it seems Intel 8th gen has fixes for Spectre & Meltdown. So no coincidence then, that 8th gen are the oldest Intel CPUs supported.

That's the best excuse I can think of anyway! It's also the generation where things got crazy power efficient. So for a line in the sand 4 years from now it's not a bad choice.

As for new rigs, I've been eying the AMD Ryzen 7 5600G, it's on Win11's HCL, and apparently contains a, fTPM. The GPU is apparently comparable to a GTX 760, which while not great is still enough to do plenty of gaming at a price that allows a machine built on it to be had for $500 in parts.

I'm looking at white-boxing again for the first time in ages thanks to it. At least for my kids, who are wanting to game but dang... I'm not paying what these idiots want for a GPU!

 

[Galdorf]

From what i am seeing i am staying away from windows 11 and going to linux there are some really bad features that i don`t want period on my pc`s.

 

[Sky-Knight]

From what i am seeing i am staying away from windows 11 and going to linux there are some really bad features that i don`t want period on my pc`s.

The ad injection into the shell is already built into Windows 10. There is no functional difference between 10 and 11 at this point short of the system reqs and some paint.

The bug in question has been fixed, and I remind you... it's STILL BETA. So all the whoopla over this specific thing is just stupid.

 

[SAFCasper]

From what i am seeing i am staying away from windows 11 and going to linux there are some really bad features that i don`t want period on my pc`s.

BREAKING NEWS - unreleased BETA software experiences a bug.

In other cRaZy news - software company are not interested in users beta testing on hardware they have directly stated as unsupported.

PS.
The "Advert" was infact a popup letting you know the new MS Teams client is now available. Hardly MS cashing in on advertising revenue like all these clickbait articles are suggestinf.

Yes, it's odd this could break the entire taskbar but again.. it's the BETA & Dev channel.

 

[britechguy]

So all the whoopla over this specific thing is just stupid.

And so predictably stupid, at that. Every time there's a Windows release it's, "Lather, Rinse, Repeat," as far as the hand-wringing naysayers go.

If you're going to stay with the Windows ecosystem it's going to be either with Windows 10 or 11, depending on your hardware. We don't get to pick and choose which version(s) of a given OS a given maker of same supports. For daily driving in contact with cyberspace, you only use something that's in support or you're just asking for a whole lotta hurt. And that last statement applies way beyond just Windows.

 

[britechguy]

Yes, it's odd this could break the entire taskbar but again.. it's the BETA & Dev channel.

Which anyone should know (and yes, I do include any "end user" that chooses beta or ::shudder:: dev software) is part of the bargain. If you agree to use it part of the deal is that you report issues/bugs as part of that deal.

Even stuff that's reached release candidate stage is not the actual release, as certain unexpected things can turn up even at that late stage.

 

[Sky-Knight]

@britechguy Yeah, you want to compare Windows 11 to something OSS? Compare it to Ubuntu 20.10...

It's not the current LTS release for a reason!

 

[britechguy]

OSS

That particular acronym is "not computing" for me at the moment.

 

[Blues]

MS has had a pattern of releasing a good working OS that people can at minimum tolerate well and then one which infuriates a significant portion of the user base. This has resulted in many skipped releases for end users and has been something of a trend since roughly Windows 98.