I’ve seen a video from CTT demonstrating the <10 performance boosts by simply off the mitigation. The system will be secure for personal use as before.
Everything is secure until it isn’t. I’d leave it on.
Ask yourself: do you really need a performance boost or are you just chasing the numbers to avoid a non-existant problem?
Yea
The short answer, as a ton of people already said in the comments of the video, is “hell no” it is not and it is most likely also not worth it. Back when the video came out I tested it (with unplugged network) on my system and the performance gain was ~1% which I’d consider well within the margin of error
The system will be secure for personal use as before.
I wouldn’t be so sure of that. CPU side channels allow data to be leaked across security contexts. For example, from a user process to sandboxed JavaScript in a browser, from kernel space to user space, or from one containerized process to another. This is a problem even on a single user system without any VMs.
Many years ago when I was still doing my undergrad I had a cyber security prof talk about side channels:
”There’s no way to prevent side-channels. As long as two components are sharing the same physical resource there will be side channels. The only problem is that these side channels are leaking way more bits than we expected.”
So the question here is how big does the side channel need to be to leak something sensitive from memory? Turning off mitigations will almost certainly lead to larger side channels. Whether that is worth the risk is up to you.
It depends on how importent security is for that system and how devestating it would be if someone else got control over it and all accounts and devices connected to it.
Assuming there are sucessful exploits it would be like running everything as root and disabling all sandbox/isolation features from the kernel and browsers. I’d say you should not connect such a machine to the internet.
Link for the video?
As a general rule of thumb, I’ve been told that anything less than a 50% performance boost is hardly noticeable.
I’ve also heard (but ready to stand corrected) that mitigation costs only about 10% CPU (depending on the CPU).
I don’t get out of bed for a 10% performance boost.
99% of mitigations generally aren’t for vulnerabilities that affect day-to day users, so I’d say that you’ll probably be fine
This is exceptionally bad advice.
I like living on the edge