I know there's file and/or registry virtualization and virtual folders in Vista, but is it true Microsoft originally planned on running the whole Vista operating system in a virtual environment by default as an added security feature?
If so, is there a web page you can direct me to that tells more about it? 'Cause I've searched and searched and can't find one, 'cause too many pages that don't mention that come up in the results.
Vista in a Virtual Environment
Dana Epp - Security MVP gives a good explanation here:
"Windows re-prompts for elevated credentials for each and every process. More importantly, when Vista prompts the user for elevation of privilege, it's not actually doing it on the native desktop as you would be led to believe. It's actually a neat little trick. They take a screenshot of your working desktop, then flip to a secure desktop. Moving to the secure desktop eliminates attack vectors born from malware that may use API hooking, keystroke loggers etc. to capture credentials or force a security decision that the user doesn't want to make. Vista then paints your desktop on the background and then gives you the elevation prompt over top of that. It APPEARS as if you are on your desktop, when you are not. Nice trick."
http://weblog.infoworld.com/securityadviser/archives/2006/03/is_windows_vist.html -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"digr" wrote in message
I know there's file and/or registry virtualization and virtual folders in Vista, but is it true Microsoft originally planned on running the whole Vista operating system in a virtual environment by default as an added security feature?
If so, is there a web page you can direct me to that tells more about it? 'Cause I've searched and searched and can't find one, 'cause too many pages that don't mention that come up in the results.
From what was said at last year's Windows Security conference, this was the original intent. The planned architecture of Vista was very reminiscent of IBM's VM/CP. However, this isn't what was done in the current release. Only session zero (login and services) is separate from the user application space. -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"digr" a écrit dans le message de news: 2AEE9BE8-C985-461B-A78C-90EAB2CF47FD@microsoft.com... |I know there's file and/or registry virtualization and virtual folders in | Vista, but is it true Microsoft originally planned on running the whole Vista | operating system in a virtual environment by default as an added security | feature? [snip]
Awesome. Thanks so much. I really appreciate it. Do you know if technically speaking it's running Vista in a virtual environment then? On top of a host Vista? Or is it something similar but a bit different? It seems like it's not quite the same thing. Is it a real / host OS when it's not executing commands and a virtual one when it is?
For those who don't know, IBM's VM/CP, I just learn myself, creates a virtual machine for each user. And you say that was their original intent. So they did remove that feature from Vista? If so, what is Epp talking about then? File and registry virtualization, not Vista in a virtual machine as originally planned?
"Pierre Szwarc" wrote:
From what was said at last year's Windows Security conference, this was the original intent. The planned architecture of Vista was very reminiscent of IBM's VM/CP. However, this isn't what was done in the current release. Only session zero (login and services) is separate from the user application space. -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"digr" a écrit dans le message de news: 2AEE9BE8-C985-461B-A78C-90EAB2CF47FD@microsoft.com... |I know there's file and/or registry virtualization and virtual folders in | Vista, but is it true Microsoft originally planned on running the whole Vista | operating system in a virtual environment by default as an added security | feature? [snip]
Basically, I would say its imaging the environment, Files and Registry settings, it also works in the case of installing applications that require access to system files and previledges. -- -- Andre Windows Connect | http://www.windowsconnected.com Extended64 | http://www.extended64.com Blog | http://www.extended64.com/blogs/andre http://spaces.msn.com/members/adacosta
"digr" wrote in message
Awesome. Thanks so much. I really appreciate it. Do you know if technically speaking it's running Vista in a virtual environment then? On top of a host Vista? Or is it something similar but a bit different? It seems like it's not quite the same thing. Is it a real / host OS when it's not executing commands and a virtual one when it is?
Virtualization in the current Vista means that "legacy" apps which need to write into the HKLM hive or the "Program Files" folder tree (such as older games which save their status, or Office 97) will be silently redirected to a "mirror" location under the "Users\{login}" tree, and will not receive an "access denied" error. I wouldn't say they removed the VM-per-user feature from Vista, they just didn't have the time - or know-how - to include it ;)) Or possibly they're waiting for Palladium - sorry, I mean NGSCB - hardware to be widely available. -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"digr" a écrit dans le message de news: 3191A96C-4886-4BA1-95C4-F4E6236D0E87@microsoft.com... | For those who don't know, IBM's VM/CP, I just learn myself, creates a virtual | machine for each user. And you say that was their original intent. So they | did remove that feature from Vista? If so, what is Epp talking about then? | File and registry virtualization, not Vista in a virtual machine as | originally planned?
That's what I thought. Thanks. I hadn't noticed the date on Epp's comments till after I posted my reply, and I did some reading after that and I see now that he was talking about File and Registry virtualization, not running the whole operating system in a virtual environment. But thanks anyway for the link.
If Szwarc's right, it looks like what they decided not to include in this years release was putting each user account in a virtual environment, not the whole operating system. But maybe in practice it's essentially the same thing.
"Pierre Szwarc" wrote:
Virtualization in the current Vista means that "legacy" apps which need to write into the HKLM hive or the "Program Files" folder tree (such as older games which save their status, or Office 97) will be silently redirected to a "mirror" location under the "Users\{login}" tree, and will not receive an "access denied" error.
Right. Well my question was what Epp was talking about then. I assume by your reply it was about File and registry virtualization, not Vista in a VM.
I wouldn't say they removed the VM-per-user feature from Vista, they just didn't have the time - or know-how - to include it ;))
Sorry. Yeah, I should've said it that way instead.
Or possibly they're waiting for Palladium - sorry, I mean NGSCB - hardware to be widely available.
From what I've read, that's why they decided to not include NGSCB. All the programmers and / or vendors were complaining about that.
So... 1) as far as you know, the writer of that article that mentioned they had planned on running the whole Vista operating system in a VM was wrong then? They only planned on running each user account in a VM?
2) Wouldn't it be safer to run the whole operating system in a VM?
As far as I know, 1) yes, and 2) no. Running the whole OS in a VM is only meaningful if you want to isolate it from its surroundings, in this instance the "host" OS. On a machine with a single OS, this is redundant. Conversely, running each user in a VM allows each user to "break" the system in whatever way the user wants, it will not impact the other users of the same machine. This is most significant in family environments, as the typical professional machine is only used by one person. It's also significant is development environments, where the developpers can "crash test" their work in an isolated environment, which they currently do with VMWare or Virtual PC, with the corresponding overhead. -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"digr" a écrit dans le message de news: D54FCC87-A836-49A2-ABAA-D2857C3404D3@microsoft.com... [snip] | So... | 1) as far as you know, the writer of that article that mentioned they had | planned on running the whole Vista operating system in a VM was wrong then? | They only planned on running each user account in a VM? | | 2) Wouldn't it be safer to run the whole operating system in a VM? |
Look, there are two aspects of this being thought of in your post. There is the reduction in privileges used by an account when it logs in, and then there is the virtualization that you directly have indicated in your post by mentioning the file/reg redirection.
Virtualization was not intended to be "the way" everything was to be done. This was originally and always intended as a way to intercept failures the user might otherwise experience. The reduction of privilege on the other hand has from the beginning been intended as a was to protect the system from accounts that otherwise would have available more power than necessary.
Neither of these are the sort of virtual machine implementation that your posting envisions.
"digr" wrote in message
I know there's file and/or registry virtualization and virtual folders in Vista, but is it true Microsoft originally planned on running the whole Vista operating system in a virtual environment by default as an added security feature?
If so, is there a web page you can direct me to that tells more about it? 'Cause I've searched and searched and can't find one, 'cause too many pages that don't mention that come up in the results.
Well, I had my first briefing on Longhorn about two and a half years ago and I have never had the impression that full VM implementation was a planned architecture.
"Pierre Szwarc" wrote in message
From what was said at last year's Windows Security conference, this was the original intent. The planned architecture of Vista was very reminiscent of IBM's VM/CP. However, this isn't what was done in the current release. Only session zero (login and services) is separate from the user application space. -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"digr" a écrit dans le message de news: 2AEE9BE8-C985-461B-A78C-90EAB2CF47FD@microsoft.com... |I know there's file and/or registry virtualization and virtual folders in | Vista, but is it true Microsoft originally planned on running the whole Vista | operating system in a virtual environment by default as an added security | feature? [snip]
Well, I may have misunderstood, although the speaker seemed quite clear to me (Bernard Oughanlian, chief security officer for MS France). -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"Roger Abell [MVP]" a écrit dans le message de news: OXmV3D4QGHA.2436@TK2MSFTNGP11.phx.gbl... | Well, I had my first briefing on Longhorn about two and a half years | ago and I have never had the impression that full VM implementation | was a planned architecture.
"Pierre Szwarc" wrote in message
Well, I may have misunderstood, although the speaker seemed quite clear to me (Bernard Oughanlian, chief security officer for MS France). -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"Roger Abell [MVP]" a écrit dans le message de news: OXmV3D4QGHA.2436@TK2MSFTNGP11.phx.gbl... | Well, I had my first briefing on Longhorn about two and a half years | ago and I have never had the impression that full VM implementation | was a planned architecture.
Yes, all things are possible. However, I would think they would have played this up were it so during one of my past few (nda) trips to the MS motherland :-) -- ra
I bow to superior information <g> Possibly full VM architecture is slated for the *next* Windows version? -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"Roger Abell [MVP]" a écrit dans le message de news: %23XhInt$QGHA.4740@TK2MSFTNGP14.phx.gbl... | | Yes, all things are possible. However, I would think | they would have played this up were it so during one | of my past few (nda) trips to the MS motherland :-) | -- | ra |
No courtesies needed/sought/involved here, but rather the speculations in the thread did seem needing redirection. I would love to see this possibility come to fruition, and I do recall some discussions of fighting such as the rootkit threat with a rolling of images in and out in a server farm, and of the work still needed to separate persisted data and state from the binaries of the system to enable such. With the emergence of virtualizing in the 64 bit processors we will without doubt see more techniques emerge along these lines. -- Roger
"Pierre Szwarc" wrote in message
I bow to superior information <g> Possibly full VM architecture is slated for the *next* Windows version? -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"Roger Abell [MVP]" a écrit dans le message de news: %23XhInt$QGHA.4740@TK2MSFTNGP14.phx.gbl... | | Yes, all things are possible. However, I would think | they would have played this up were it so during one | of my past few (nda) trips to the MS motherland :-) | -- | ra |
Given the way computing has changed in the last 40 years, I'd wager 10 years from now we won't recognize current computers as *computers* <lol> Just look at the difference between the Blériot 11 plane, that crossed the Channel, and a Boeing 747. I hope I'll still be active in the field then. -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"Roger Abell [MVP]" a écrit dans le message de news: e7HU9jSRGHA.4900@TK2MSFTNGP09.phx.gbl... | No courtesies needed/sought/involved here, but rather the | speculations in the thread did seem needing redirection. | I would love to see this possibility come to fruition, and I do | recall some discussions of fighting such as the rootkit threat | with a rolling of images in and out in a server farm, and of the | work still needed to separate persisted data and state from | the binaries of the system to enable such. | With the emergence of virtualizing in the 64 bit processors | we will without doubt see more techniques emerge along | these lines.
I have been waiting 20 for computers to get good enough that we could see the first one designed entirely by computer (without taint from human input or prior designs).
"Pierre Szwarc" wrote in message
Given the way computing has changed in the last 40 years, I'd wager 10 years from now we won't recognize current computers as *computers* <lol> Just look at the difference between the Blériot 11 plane, that crossed the Channel, and a Boeing 747. I hope I'll still be active in the field then. -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"Roger Abell [MVP]" a écrit dans le message de news: e7HU9jSRGHA.4900@TK2MSFTNGP09.phx.gbl... | No courtesies needed/sought/involved here, but rather the | speculations in the thread did seem needing redirection. | I would love to see this possibility come to fruition, and I do | recall some discussions of fighting such as the rootkit threat | with a rolling of images in and out in a server farm, and of the | work still needed to separate persisted data and state from | the binaries of the system to enable such. | With the emergence of virtualizing in the 64 bit processors | we will without doubt see more techniques emerge along | these lines.
I'm not 100% sure I'd like that. Their purpose might not be fully consistent with ours... unless we build Asimov's three laws of robotics into them *first*. -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"Roger Abell [MVP]" a écrit dans le message de news: %23xwmpBYRGHA.424@TK2MSFTNGP12.phx.gbl... |I have been waiting 20 for computers to get good enough | that we could see the first one designed entirely by computer | (without taint from human input or prior designs).
By "full VM implementation" do you mean 1)the File and Registry virtualization that apparently will be included in the first customer release; 2)the per user virtualization Szwarc's talking about; or 3)the whole Vista operating system in a virtual environment, like I'm asking about?
Also, are 1) and 2) the same thing?
"Roger Abell [MVP]" wrote:
Well, I had my first briefing on Longhorn about two and a half years ago and I have never had the impression that full VM implementation was a planned architecture.
"Pierre Szwarc" wrote in message From what was said at last year's Windows Security conference, this was the original intent. The planned architecture of Vista was very reminiscent of IBM's VM/CP. However, this isn't what was done in the current release. Only session zero (login and services) is separate from the user application space. -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"digr" a écrit dans le message de news: 2AEE9BE8-C985-461B-A78C-90EAB2CF47FD@microsoft.com... |I know there's file and/or registry virtualization and virtual folders in | Vista, but is it true Microsoft originally planned on running the whole Vista | operating system in a virtual environment by default as an added security | feature? [snip]
Ok. Thanks!
By "full VM implementation" I was meaning to indicate the (not implemented) hosting of the OS within another by use of software that presents a virtual (V) machine (M) image to the hosted OS. This is not involved with Vista.
The 1 and 2 you mention seem to be the same.
The two aspects I was differentiating are 1. intercepting write failures to disk or registry (which is done by intercepting failures) 2. user privilege level reduction (which is done by adjusting what is in the user token)
"digr" wrote in message
By "full VM implementation" do you mean 1)the File and Registry virtualization that apparently will be included in the first customer release; 2)the per user virtualization Szwarc's talking about; or 3)the whole Vista operating system in a virtual environment, like I'm asking about?
Also, are 1) and 2) the same thing?
"Roger Abell [MVP]" wrote:
Well, I had my first briefing on Longhorn about two and a half years ago and I have never had the impression that full VM implementation was a planned architecture.
"Pierre Szwarc" wrote in message From what was said at last year's Windows Security conference, this was the original intent. The planned architecture of Vista was very reminiscent of IBM's VM/CP. However, this isn't what was done in the current release. Only session zero (login and services) is separate from the user application space. -- Pierre Szwarc Paris, France PGP key ID 0x75B5779B ------------------------------------------------ Multitasking: Reading in the bathroom ! ------------------------------------------------
"digr" a écrit dans le message de news: 2AEE9BE8-C985-461B-A78C-90EAB2CF47FD@microsoft.com... |I know there's file and/or registry virtualization and virtual folders in | Vista, but is it true Microsoft originally planned on running the whole Vista | operating system in a virtual environment by default as an added security | feature? [snip]
By "full VM implementation" I was meaning to indicate the (not implemented) hosting of the OS within another by use of software that presents a virtual (V) machine (M) image to the hosted OS. This is not involved with Vista.
Ok. In other words, #3 in my last post - what I started this thread about, which Swarc says is unnecessary if you have VM for each user.
The 1 and 2 you mention seem to be the same.
Does that mean then that the first customer versions of Vista released this fall will essentially have VM for each user (#2 in my last post), which according to Szwarc is just as safe as #3?
The two aspects I was differentiating are 1. intercepting write failures to disk or registry (which is done by intercepting failures) 2. user privilege level reduction (which is done by adjusting what is in the user token)
Oh, ok. There's obviously more to this than I learned about before starting this thread.
Look, there are two aspects of this being thought of in your post. There is the reduction in privileges used by an account when it logs in, and then there is the virtualization that you directly have indicated in your post by mentioning the file/reg redirection.
Really? I thought the reduction in privileges was part of the file/reg virtualization. I guess I have some more reading to do. Do they work together though, first the reduction in privileges, then the redirection to per user file/reg virtualization? Maybe I should be reading more about these two aspects instead of asking more questions, especially being the uninformed intermediate user that I am.
Virtualization was not intended to be "the way" everything was to be done. This was originally and always intended as a way to intercept failures the user might otherwise experience. The reduction of privilege on the other hand has from the beginning been intended as a was to protect the system from accounts that otherwise would have available more power than necessary.
Neither of these are the sort of virtual machine implementation that your posting envisions.
Huh. But if VM for each user is the same as file/reg virtualization, as it seems to you they are, then if Szwarc's right, running the whole Vista operating system in a VM in or on top of a real host Vista by default won't be necessary, negating the need to add any further virtualization to Vista in the future. Isn't that right? Or am I still confused and uninformed, and need to go read some more about the subject?
I really have not clue what you are asking in your reply and am at this point lost in the #1, #2, #3 s and am also at a loss as to how I could express what I have said any more clearly or any differently. One last time, the use of VM hosting of Vista built into Vista, which I understood you to be theorizing about, just plain is not there.
"digr" wrote in message
By "full VM implementation" I was meaning to indicate the (not implemented) hosting of the OS within another by use of software that presents a virtual (V) machine (M) image to the hosted OS. This is not involved with Vista.
Ok. In other words, #3 in my last post - what I started this thread about, which Swarc says is unnecessary if you have VM for each user.
The 1 and 2 you mention seem to be the same.
Does that mean then that the first customer versions of Vista released this fall will essentially have VM for each user (#2 in my last post), which according to Szwarc is just as safe as #3?
The two aspects I was differentiating are 1. intercepting write failures to disk or registry (which is done by intercepting failures) 2. user privilege level reduction (which is done by adjusting what is in the user token)
Oh, ok. There's obviously more to this than I learned about before starting this thread.
"digr" wrote in message
Look, there are two aspects of this being thought of in your post. There is the reduction in privileges used by an account when it logs in, and then there is the virtualization that you directly have indicated in your post by mentioning the file/reg redirection.
Really? I thought the reduction in privileges was part of the file/reg virtualization. I guess I have some more reading to do. Do they work together though, first the reduction in privileges, then the redirection to per user file/reg virtualization? Maybe I should be reading more about these two aspects instead of asking more questions, especially being the uninformed intermediate user that I am.
Virtualization was not intended to be "the way" everything was to be done. This was originally and always intended as a way to intercept failures the user might otherwise experience. The reduction of privilege on the other hand has from the beginning been intended as a was to protect the system from accounts that otherwise would have available more power than necessary.
Neither of these are the sort of virtual machine implementation that your posting envisions.
Huh. But if VM for each user is the same as file/reg virtualization, as it seems to you they are, then if Szwarc's right, running the whole Vista
I have no idea why you would thing they seem to be so to me
operating system in a VM in or on top of a real host Vista by default won't be necessary, negating the need to add any further virtualization to Vista in the future. Isn't that right? Or am I still confused and uninformed, and need to go read some more about the subject?
As in other post Write attempt failures are trapped and made to happen in a temp area (see, I intentionally avoided using the "virtualize" terminology). This is just an error handler replacing the permission denied popup. User privs are reduced at login by adjusting what is present in the user token, and then there is code to trap failures that would not have happened if privs had not been reduced and a dialog is presented so the user can elect to make use of privs to which they are entitled. None of these have anything in common with what VMware, or Virtual PC do to virtualize and host.
Windows Vista
User login
Related topics
- System Reboots After User Change
- UAA Bus Driver
- Read me files
- Task Scheduler
- Windows Vista Upgrade Advisor BETA
- Restarting on login screen
- shap shot in Vista
- After installation - returning to XP with spanned set.
- Pinning items to the start Menu
- Changing the way users log on and off
- Folder share Issue
- Fasttrak 378 compatible driver, anyone?
- Install error: Beginning of the filecopy process (before)
- Attaching, browsing for files
- How to get started?
- Where can I obtain a copy of Vista
- UI - Buttons
- I recently got a WLMD Public Beta (http://ideas.live.com) In
- EverQuest II has detected an unrecoverable error and must sh
- Event ID 4226
- Vodafone Mobile Connect
- Vista Beta2 Download
- Vista usage and install working greatl
- Installed Vista Beta 2
- Low rating for ATI X1900XT
- A New Problem I am Having with Build 5308 CTP: No Programs
- Trouble running Sacred Gold
- Windows Messenger SIP client
- Radeon x1600 and Aero???
- Video on Windows Vista
- WMP 11 at Start up?
- Suggested fix for expanding files problem
- Vista will NOT Install Motherboard Issue!
- Gateway 3522GZ
- Pictures not displayed properly