Warning: If you’re like me and you just use Windows for gaming, you may be interested in doing this too. This is not recommended unless you know what you are doing. Also, it highly depends on what model CPU you have as to what kind of performance you’d see from disabling these mitigations.
I have an “old” CPU, from around 2018-2019. It’s top-tier from around that time, but it suffered from around 10-15% loss of performance from the Spectre/Meltdown and friends mitigations. At the time, I didn’t think it was that big of a deal as I used this computer for work. Fast forward to 2021, and I’m now using this computer for gaming.
Needless to say, I disabled those mitigations today and found myself getting 25fps instead of 15 on the ground. This has made a world of difference for me when in VR. It’s a bit scary that it requires making my computer vulnerable, but whatever. I don’t do anything serious on this computer.
Your XBox for Windows account (which you use to authenticate and access the simulator) is at risk. If you have purchased any products through the Marketplace, access to those items are also exposed, as well as any Payment options tied to the account.
Which is why you always should enable 2 factor authentication wherever possible. It mitigates that risk quite well.
Payment options are not exposed since you as a user cannot “see” the details either. The only way to get credit card information would be to log the input during registering a new payment method.
Two-factor quality matters. SMS and e-mail is easily hijacked, which is what most users have (by virtue of manufacturer or vendor offerings, not necessarily by choice). Authenticator apps are stronger but not as widely supported. In any case, it’s risky to disable security controls at the hardware level. You might gain more bang for the buck and remain safe at the same by turning down settings.
Blockquote A statement by Intel said that “any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time”.[21][20]Phoronix benchmarked several popular PC games on a Linux system with Intel’s Coffee Lake Core i7-8700K CPU and KPTI patches installed, and found that any performance impact was little to non-existent.[63]
Probably more a placebo effect than anything else.
A little hyperbolic given that it’s an old exploit and in order for it to be exploited somebody has to be trying to exploit it and there’s little financial incentive to do that on an individual system. It’s also not a magic trick, an attacker would still have to target the system somehow on the off chance that reading what’s in memory would be something worth reading at all.
It’s a matter of how much risk are you willing to accept? Again, the only way to get to access and play the sim is the XBox for Windows account. You get locked out of that, well, that’s entirely on the user’s appetite.
If you’re not receiving the SMS or Email on the device that you’re logging in with, it’s basically a zero percent chance that any hacker would take the effort to target multiple devices at the same time.
The second vector makes these attacks totally unattractive, even for banking trojans (which basically all target singe-device usage since it’s a LOT easier).
Anyway, I’m pretty sure you could get access back to your XBox account if that still would happen. Being careful is always the best way, but knowing the risk and taking necessary steps (2FA) should be fine for most.
I was CPU limited on the ground, so it actually made a difference. If you’re GPU limited, it probably won’t do anything. One thing is for sure, numbers do not lie, so I doubt it was a placebo effect (tested in clear weather, same programs running, etc).
Please all be careful where you download such tools.
If there’s a security risk, then it’s most likely such tools which might be offered from fake websites with malware embedded.
It mitigates that risk quite well.