Vista in a Virtual Environment

Discussion in 'Windows Vista Security' started by digr, Mar 7, 2006.

  1. digr

    digr Guest

    Ok. Thanks!
     
    digr, Mar 15, 2006
    #21
    1. Advertisements

  2. By "full VM implementation" I was meaning to indicate the (not
    implemented) hosting of the OS within another by use of software
    that presents a virtual (V) machine (M) image to the hosted OS.
    This is not involved with Vista.

    The 1 and 2 you mention seem to be the same.

    The two aspects I was differentiating are
    1. intercepting write failures to disk or registry (which is done by
    intercepting failures)
    2. user privilege level reduction (which is done by adjusting what
    is in the user token)

     
    Roger Abell [MVP], Mar 15, 2006
    #22
    1. Advertisements

  3. digr

    digr Guest

    By "full VM implementation" I was meaning to indicate the (not
    Ok. In other words, #3 in my last post - what I started this thread about,
    which Swarc says is unnecessary if you have VM for each user.
    Does that mean then that the first customer versions of Vista released this
    fall will essentially have VM for each user (#2 in my last post), which
    according to Szwarc is just as safe as #3?
    Oh, ok. There's obviously more to this than I learned about before starting
    this thread.
     
    digr, Mar 15, 2006
    #23
  4. digr

    digr Guest

    Look, there are two aspects of this being thought of in your post.
    Really? I thought the reduction in privileges was part of the file/reg
    virtualization. I guess I have some more reading to do. Do they work together
    though, first the reduction in privileges, then the redirection to per user
    file/reg virtualization? Maybe I should be reading more about these two
    aspects instead of asking more questions, especially being the uninformed
    intermediate user that I am.
    Huh. But if VM for each user is the same as file/reg virtualization, as it
    seems to you they are, then if Szwarc's right, running the whole Vista
    operating system in a VM in or on top of a real host Vista by default won't
    be necessary, negating the need to add any further virtualization to Vista in
    the future. Isn't that right? Or am I still confused and uninformed, and
    need to go read some more about the subject?
     
    digr, Mar 15, 2006
    #24
  5. I really have not clue what you are asking in your reply and am
    at this point lost in the #1, #2, #3 s and am also at a loss as to
    how I could express what I have said any more clearly or any
    differently. One last time, the use of VM hosting of Vista built
    into Vista, which I understood you to be theorizing about, just
    plain is not there.
     
    Roger Abell [MVP], Mar 16, 2006
    #25
  6. I have no idea why you would thing they seem to be so to me
    As in other post
    Write attempt failures are trapped and made to happen in a temp area
    (see, I intentionally avoided using the "virtualize" terminology).
    This is just an error handler replacing the permission denied popup.
    User privs are reduced at login by adjusting what is present in the user
    token, and then there is code to trap failures that would not have happened
    if privs had not been reduced and a dialog is presented so the user can
    elect to make use of privs to which they are entitled.
    None of these have anything in common with what VMware, or Virtual PC
    do to virtualize and host.
     
    Roger Abell [MVP], Mar 16, 2006
    #26
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.