Vista in a Virtual Environment

[Guest]

I know there's file and/or registry virtualization and virtual folders in
Vista, but is it true Microsoft originally planned on running the whole Vista
operating system in a virtual environment by default as an added security
feature?

If so, is there a web page you can direct me to that tells more about it?
'Cause I've searched and searched and can't find one, 'cause too many pages
that don't mention that come up in the results.

 

[Andre Da Costa [Extended64]]

Dana Epp - Security MVP gives a good explanation here:

"Windows re-prompts for elevated credentials for each and every process.
More importantly, when Vista prompts the user for elevation of privilege,
it's not actually doing it on the native desktop as you would be led to
believe. It's actually a neat little trick. They take a screenshot of your
working desktop, then flip to a secure desktop. Moving to the secure desktop
eliminates attack vectors born from malware that may use API hooking,
keystroke loggers etc. to capture credentials or force a security decision
that the user doesn't want to make. Vista then paints your desktop on the
background and then gives you the elevation prompt over top of that. It
APPEARS as if you are on your desktop, when you are not. Nice trick."

http://weblog.infoworld.com/securityadviser/archives/2006/03/is_windows_vist.html
--
--
Andre
Windows Connect | http://www.windowsconnected.com
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta

 

[Pierre Szwarc]

From what was said at last year's Windows Security conference, this was the
original intent. The planned architecture of Vista was very reminiscent of
IBM's VM/CP. However, this isn't what was done in the current release. Only
session zero (login and services) is separate from the user application
space.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"digr" <[email protected]> a écrit dans le message de (e-mail address removed)...
|I know there's file and/or registry virtualization and virtual folders in
| Vista, but is it true Microsoft originally planned on running the whole
Vista
| operating system in a virtual environment by default as an added security
| feature?
[snip]

 

[Guest]

Awesome. Thanks so much. I really appreciate it. Do you know if technically
speaking it's running Vista in a virtual environment then? On top of a host
Vista? Or is it something similar but a bit different? It seems like it's not
quite the same thing. Is it a real / host OS when it's not executing commands
and a virtual one when it is?

 

[Guest]

For those who don't know, IBM's VM/CP, I just learn myself, creates a virtual
machine for each user. And you say that was their original intent. So they
did remove that feature from Vista? If so, what is Epp talking about then?
File and registry virtualization, not Vista in a virtual machine as
originally planned?

 

[Andre Da Costa [Extended64]]

Basically, I would say its imaging the environment, Files and Registry
settings, it also works in the case of installing applications that require
access to system files and previledges.
--
--
Andre
Windows Connect | http://www.windowsconnected.com
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta

 

[Pierre Szwarc]

Virtualization in the current Vista means that "legacy" apps which need to
write into the HKLM hive or the "Program Files" folder tree (such as older
games which save their status, or Office 97) will be silently redirected to
a "mirror" location under the "Users\{login}" tree, and will not receive an
"access denied" error.
I wouldn't say they removed the VM-per-user feature from Vista, they just
didn't have the time - or know-how - to include it ) Or possibly they're
waiting for Palladium - sorry, I mean NGSCB - hardware to be widely
available.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"digr" <[email protected]> a écrit dans le message de (e-mail address removed)...
| For those who don't know, IBM's VM/CP, I just learn myself, creates a
virtual
| machine for each user. And you say that was their original intent. So they
| did remove that feature from Vista? If so, what is Epp talking about then?
| File and registry virtualization, not Vista in a virtual machine as
| originally planned?

 

[Guest]

That's what I thought. Thanks. I hadn't noticed the date on Epp's comments
till after I posted my reply, and I did some reading after that and I see now
that he was talking about File and Registry virtualization, not running the
whole operating system in a virtual environment. But thanks anyway for the
link.

If Szwarc's right, it looks like what they decided not to include in this
years release was putting each user account in a virtual environment, not the
whole operating system. But maybe in practice it's essentially the same thing.

 

[Guest]

Virtualization in the current Vista means that "legacy" apps which need to
write into the HKLM hive or the "Program Files" folder tree (such as older
games which save their status, or Office 97) will be silently redirected to
a "mirror" location under the "Users\{login}" tree, and will not receive an
"access denied" error.

Right. Well my question was what Epp was talking about then. I assume by
your reply it was about File and registry virtualization, not Vista in a VM.

I wouldn't say they removed the VM-per-user feature from Vista, they just
didn't have the time - or know-how - to include it )

Sorry. Yeah, I should've said it that way instead.

Or possibly they're waiting for Palladium - sorry, I mean NGSCB - hardware
to be widely available.

From what I've read, that's why they decided to not include NGSCB. All the
programmers and / or vendors were complaining about that.

So...
1) as far as you know, the writer of that article that mentioned they had
planned on running the whole Vista operating system in a VM was wrong then?
They only planned on running each user account in a VM?

2) Wouldn't it be safer to run the whole operating system in a VM?

 

[Pierre Szwarc]

As far as I know, 1) yes, and 2) no. Running the whole OS in a VM is only
meaningful if you want to isolate it from its surroundings, in this instance
the "host" OS. On a machine with a single OS, this is redundant. Conversely,
running each user in a VM allows each user to "break" the system in whatever
way the user wants, it will not impact the other users of the same machine.
This is most significant in family environments, as the typical professional
machine is only used by one person. It's also significant is development
environments, where the developpers can "crash test" their work in an
isolated environment, which they currently do with VMWare or Virtual PC,
with the corresponding overhead.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"digr" <[email protected]> a écrit dans le message de (e-mail address removed)...
[snip]
| So...
| 1) as far as you know, the writer of that article that mentioned they had
| planned on running the whole Vista operating system in a VM was wrong
then?
| They only planned on running each user account in a VM?
|
| 2) Wouldn't it be safer to run the whole operating system in a VM?
|

 

[Roger Abell [MVP]]

Look, there are two aspects of this being thought of in your post.
There is the reduction in privileges used by an account when it
logs in, and then there is the virtualization that you directly have
indicated in your post by mentioning the file/reg redirection.

Virtualization was not intended to be "the way" everything was
to be done. This was originally and always intended as a way
to intercept failures the user might otherwise experience.
The reduction of privilege on the other hand has from the
beginning been intended as a was to protect the system from
accounts that otherwise would have available more power
than necessary.

Neither of these are the sort of virtual machine implementation
that your posting envisions.

 

[Roger Abell [MVP]]

Well, I had my first briefing on Longhorn about two and a half years
ago and I have never had the impression that full VM implementation
was a planned architecture.

 

[Pierre Szwarc]

Well, I may have misunderstood, although the speaker seemed quite clear to
me (Bernard Oughanlian, chief security officer for MS France).
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"Roger Abell [MVP]" <[email protected]> a écrit dans le message de (e-mail address removed)...
| Well, I had my first briefing on Longhorn about two and a half years
| ago and I have never had the impression that full VM implementation
| was a planned architecture.

 

[Roger Abell [MVP]]

Well, I may have misunderstood, although the speaker seemed quite clear to
me (Bernard Oughanlian, chief security officer for MS France).
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"Roger Abell [MVP]" <[email protected]> a écrit dans le message de (e-mail address removed)...
| Well, I had my first briefing on Longhorn about two and a half years
| ago and I have never had the impression that full VM implementation
| was a planned architecture.

Yes, all things are possible. However, I would think
they would have played this up were it so during one
of my past few (nda) trips to the MS motherland

 

[Pierre Szwarc]

I bow to superior information <g> Possibly full VM architecture is slated
for the *next* Windows version?
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"Roger Abell [MVP]" <[email protected]> a écrit dans le message de %[email protected]...
|
| Yes, all things are possible. However, I would think
| they would have played this up were it so during one
| of my past few (nda) trips to the MS motherland
| --
| ra
|

 

[Roger Abell [MVP]]

No courtesies needed/sought/involved here, but rather the
speculations in the thread did seem needing redirection.
I would love to see this possibility come to fruition, and I do
recall some discussions of fighting such as the rootkit threat
with a rolling of images in and out in a server farm, and of the
work still needed to separate persisted data and state from
the binaries of the system to enable such.
With the emergence of virtualizing in the 64 bit processors
we will without doubt see more techniques emerge along
these lines.

 

[Pierre Szwarc]

Given the way computing has changed in the last 40 years, I'd wager 10 years
from now we won't recognize current computers as *computers* <lol> Just look
at the difference between the Blériot 11 plane, that crossed the Channel,
and a Boeing 747. I hope I'll still be active in the field then.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"Roger Abell [MVP]" <[email protected]> a écrit dans le message de (e-mail address removed)...
| No courtesies needed/sought/involved here, but rather the
| speculations in the thread did seem needing redirection.
| I would love to see this possibility come to fruition, and I do
| recall some discussions of fighting such as the rootkit threat
| with a rolling of images in and out in a server farm, and of the
| work still needed to separate persisted data and state from
| the binaries of the system to enable such.
| With the emergence of virtualizing in the 64 bit processors
| we will without doubt see more techniques emerge along
| these lines.

 

[Roger Abell [MVP]]

I have been waiting 20 for computers to get good enough
that we could see the first one designed entirely by computer
(without taint from human input or prior designs).

 

[Pierre Szwarc]

I'm not 100% sure I'd like that. Their purpose might not be fully consistent
with ours... unless we build Asimov's three laws of robotics into them
*first*.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"Roger Abell [MVP]" <[email protected]> a écrit dans le message de %[email protected]...
|I have been waiting 20 for computers to get good enough
| that we could see the first one designed entirely by computer
| (without taint from human input or prior designs).

 

[Guest]

By "full VM implementation" do you mean 1)the File and Registry
virtualization that apparently will be included in the first customer
release; 2)the per user virtualization Szwarc's talking about; or 3)the whole
Vista operating system in a virtual environment, like I'm asking about?

Also, are 1) and 2) the same thing?

Well, I had my first briefing on Longhorn about two and a half years
ago and I have never had the impression that full VM implementation
was a planned architecture.

From what was said at last year's Windows Security conference, this was
the
original intent. The planned architecture of Vista was very reminiscent of
IBM's VM/CP. However, this isn't what was done in the current release.
Only
session zero (login and services) is separate from the user application
space.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------

"digr" <[email protected]> a écrit dans le message de (e-mail address removed)...
|I know there's file and/or registry virtualization and virtual folders in
| Vista, but is it true Microsoft originally planned on running the whole
Vista
| operating system in a virtual environment by default as an added
security
| feature?
[snip]