Vista in a Virtual Environment

Discussion in 'Windows Vista Security' started by digr, Mar 7, 2006.

  1. digr

    digr Guest

    I know there's file and/or registry virtualization and virtual folders in
    Vista, but is it true Microsoft originally planned on running the whole Vista
    operating system in a virtual environment by default as an added security
    feature?

    If so, is there a web page you can direct me to that tells more about it?
    'Cause I've searched and searched and can't find one, 'cause too many pages
    that don't mention that come up in the results.
     
    digr, Mar 7, 2006
    #1
    1. Advertisements

  2. Dana Epp - Security MVP gives a good explanation here:

    "Windows re-prompts for elevated credentials for each and every process.
    More importantly, when Vista prompts the user for elevation of privilege,
    it's not actually doing it on the native desktop as you would be led to
    believe. It's actually a neat little trick. They take a screenshot of your
    working desktop, then flip to a secure desktop. Moving to the secure desktop
    eliminates attack vectors born from malware that may use API hooking,
    keystroke loggers etc. to capture credentials or force a security decision
    that the user doesn't want to make. Vista then paints your desktop on the
    background and then gives you the elevation prompt over top of that. It
    APPEARS as if you are on your desktop, when you are not. Nice trick."

    http://weblog.infoworld.com/securityadviser/archives/2006/03/is_windows_vist.html
    --
    --
    Andre
    Windows Connect | http://www.windowsconnected.com
    Extended64 | http://www.extended64.com
    Blog | http://www.extended64.com/blogs/andre
    http://spaces.msn.com/members/adacosta
     
    Andre Da Costa [Extended64], Mar 7, 2006
    #2
    1. Advertisements

  3. From what was said at last year's Windows Security conference, this was the
    original intent. The planned architecture of Vista was very reminiscent of
    IBM's VM/CP. However, this isn't what was done in the current release. Only
    session zero (login and services) is separate from the user application
    space.
    --
    Pierre Szwarc
    Paris, France
    PGP key ID 0x75B5779B
    ------------------------------------------------
    Multitasking: Reading in the bathroom !
    ------------------------------------------------

    "digr" <> a écrit dans le message de ...
    |I know there's file and/or registry virtualization and virtual folders in
    | Vista, but is it true Microsoft originally planned on running the whole
    Vista
    | operating system in a virtual environment by default as an added security
    | feature?
    [snip]
     
    Pierre Szwarc, Mar 7, 2006
    #3
  4. digr

    digr Guest

    Awesome. Thanks so much. I really appreciate it. Do you know if technically
    speaking it's running Vista in a virtual environment then? On top of a host
    Vista? Or is it something similar but a bit different? It seems like it's not
    quite the same thing. Is it a real / host OS when it's not executing commands
    and a virtual one when it is?
     
    digr, Mar 7, 2006
    #4
  5. digr

    digr Guest

    For those who don't know, IBM's VM/CP, I just learn myself, creates a virtual
    machine for each user. And you say that was their original intent. So they
    did remove that feature from Vista? If so, what is Epp talking about then?
    File and registry virtualization, not Vista in a virtual machine as
    originally planned?
     
    digr, Mar 7, 2006
    #5
  6. Andre Da Costa [Extended64], Mar 7, 2006
    #6
  7. Virtualization in the current Vista means that "legacy" apps which need to
    write into the HKLM hive or the "Program Files" folder tree (such as older
    games which save their status, or Office 97) will be silently redirected to
    a "mirror" location under the "Users\{login}" tree, and will not receive an
    "access denied" error.
    I wouldn't say they removed the VM-per-user feature from Vista, they just
    didn't have the time - or know-how - to include it ;)) Or possibly they're
    waiting for Palladium - sorry, I mean NGSCB - hardware to be widely
    available.
    --
    Pierre Szwarc
    Paris, France
    PGP key ID 0x75B5779B
    ------------------------------------------------
    Multitasking: Reading in the bathroom !
    ------------------------------------------------

    "digr" <> a écrit dans le message de ...
    | For those who don't know, IBM's VM/CP, I just learn myself, creates a
    virtual
    | machine for each user. And you say that was their original intent. So they
    | did remove that feature from Vista? If so, what is Epp talking about then?
    | File and registry virtualization, not Vista in a virtual machine as
    | originally planned?
     
    Pierre Szwarc, Mar 8, 2006
    #7
  8. digr

    digr Guest

    That's what I thought. Thanks. I hadn't noticed the date on Epp's comments
    till after I posted my reply, and I did some reading after that and I see now
    that he was talking about File and Registry virtualization, not running the
    whole operating system in a virtual environment. But thanks anyway for the
    link.

    If Szwarc's right, it looks like what they decided not to include in this
    years release was putting each user account in a virtual environment, not the
    whole operating system. But maybe in practice it's essentially the same thing.
     
    digr, Mar 8, 2006
    #8
  9. digr

    digr Guest

    Right. Well my question was what Epp was talking about then. I assume by
    your reply it was about File and registry virtualization, not Vista in a VM.
    Sorry. Yeah, I should've said it that way instead.
    From what I've read, that's why they decided to not include NGSCB. All the
    programmers and / or vendors were complaining about that.

    So...
    1) as far as you know, the writer of that article that mentioned they had
    planned on running the whole Vista operating system in a VM was wrong then?
    They only planned on running each user account in a VM?

    2) Wouldn't it be safer to run the whole operating system in a VM?
     
    digr, Mar 8, 2006
    #9
  10. As far as I know, 1) yes, and 2) no. Running the whole OS in a VM is only
    meaningful if you want to isolate it from its surroundings, in this instance
    the "host" OS. On a machine with a single OS, this is redundant. Conversely,
    running each user in a VM allows each user to "break" the system in whatever
    way the user wants, it will not impact the other users of the same machine.
    This is most significant in family environments, as the typical professional
    machine is only used by one person. It's also significant is development
    environments, where the developpers can "crash test" their work in an
    isolated environment, which they currently do with VMWare or Virtual PC,
    with the corresponding overhead.
    --
    Pierre Szwarc
    Paris, France
    PGP key ID 0x75B5779B
    ------------------------------------------------
    Multitasking: Reading in the bathroom !
    ------------------------------------------------

    "digr" <> a écrit dans le message de ...
    [snip]
    | So...
    | 1) as far as you know, the writer of that article that mentioned they had
    | planned on running the whole Vista operating system in a VM was wrong
    then?
    | They only planned on running each user account in a VM?
    |
    | 2) Wouldn't it be safer to run the whole operating system in a VM?
    |
     
    Pierre Szwarc, Mar 9, 2006
    #10
  11. Look, there are two aspects of this being thought of in your post.
    There is the reduction in privileges used by an account when it
    logs in, and then there is the virtualization that you directly have
    indicated in your post by mentioning the file/reg redirection.

    Virtualization was not intended to be "the way" everything was
    to be done. This was originally and always intended as a way
    to intercept failures the user might otherwise experience.
    The reduction of privilege on the other hand has from the
    beginning been intended as a was to protect the system from
    accounts that otherwise would have available more power
    than necessary.

    Neither of these are the sort of virtual machine implementation
    that your posting envisions.
     
    Roger Abell [MVP], Mar 9, 2006
    #11
  12. Well, I had my first briefing on Longhorn about two and a half years
    ago and I have never had the impression that full VM implementation
    was a planned architecture.
     
    Roger Abell [MVP], Mar 9, 2006
    #12
  13. Well, I may have misunderstood, although the speaker seemed quite clear to
    me (Bernard Oughanlian, chief security officer for MS France).
    --
    Pierre Szwarc
    Paris, France
    PGP key ID 0x75B5779B
    ------------------------------------------------
    Multitasking: Reading in the bathroom !
    ------------------------------------------------

    "Roger Abell [MVP]" <> a écrit dans le message de ...
    | Well, I had my first briefing on Longhorn about two and a half years
    | ago and I have never had the impression that full VM implementation
    | was a planned architecture.
     
    Pierre Szwarc, Mar 9, 2006
    #13

  14. Yes, all things are possible. However, I would think
    they would have played this up were it so during one
    of my past few (nda) trips to the MS motherland :)
     
    Roger Abell [MVP], Mar 10, 2006
    #14
  15. I bow to superior information <g> Possibly full VM architecture is slated
    for the *next* Windows version?
    --
    Pierre Szwarc
    Paris, France
    PGP key ID 0x75B5779B
    ------------------------------------------------
    Multitasking: Reading in the bathroom !
    ------------------------------------------------

    "Roger Abell [MVP]" <> a écrit dans le message de %23XhInt$...
    |
    | Yes, all things are possible. However, I would think
    | they would have played this up were it so during one
    | of my past few (nda) trips to the MS motherland :)
    | --
    | ra
    |
     
    Pierre Szwarc, Mar 10, 2006
    #15
  16. No courtesies needed/sought/involved here, but rather the
    speculations in the thread did seem needing redirection.
    I would love to see this possibility come to fruition, and I do
    recall some discussions of fighting such as the rootkit threat
    with a rolling of images in and out in a server farm, and of the
    work still needed to separate persisted data and state from
    the binaries of the system to enable such.
    With the emergence of virtualizing in the 64 bit processors
    we will without doubt see more techniques emerge along
    these lines.
     
    Roger Abell [MVP], Mar 11, 2006
    #16
  17. Given the way computing has changed in the last 40 years, I'd wager 10 years
    from now we won't recognize current computers as *computers* <lol> Just look
    at the difference between the Blériot 11 plane, that crossed the Channel,
    and a Boeing 747. I hope I'll still be active in the field then.
    --
    Pierre Szwarc
    Paris, France
    PGP key ID 0x75B5779B
    ------------------------------------------------
    Multitasking: Reading in the bathroom !
    ------------------------------------------------

    "Roger Abell [MVP]" <> a écrit dans le message de ...
    | No courtesies needed/sought/involved here, but rather the
    | speculations in the thread did seem needing redirection.
    | I would love to see this possibility come to fruition, and I do
    | recall some discussions of fighting such as the rootkit threat
    | with a rolling of images in and out in a server farm, and of the
    | work still needed to separate persisted data and state from
    | the binaries of the system to enable such.
    | With the emergence of virtualizing in the 64 bit processors
    | we will without doubt see more techniques emerge along
    | these lines.
     
    Pierre Szwarc, Mar 11, 2006
    #17
  18. I have been waiting 20 for computers to get good enough
    that we could see the first one designed entirely by computer
    (without taint from human input or prior designs).
     
    Roger Abell [MVP], Mar 12, 2006
    #18
  19. I'm not 100% sure I'd like that. Their purpose might not be fully consistent
    with ours... unless we build Asimov's three laws of robotics into them
    *first*.
    --
    Pierre Szwarc
    Paris, France
    PGP key ID 0x75B5779B
    ------------------------------------------------
    Multitasking: Reading in the bathroom !
    ------------------------------------------------

    "Roger Abell [MVP]" <> a écrit dans le message de %...
    |I have been waiting 20 for computers to get good enough
    | that we could see the first one designed entirely by computer
    | (without taint from human input or prior designs).
     
    Pierre Szwarc, Mar 12, 2006
    #19
  20. digr

    digr Guest

    By "full VM implementation" do you mean 1)the File and Registry
    virtualization that apparently will be included in the first customer
    release; 2)the per user virtualization Szwarc's talking about; or 3)the whole
    Vista operating system in a virtual environment, like I'm asking about?

    Also, are 1) and 2) the same thing?

     
    digr, Mar 15, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.