The Windows 7 XP Virtual Machine: A Step in the Wrong Direction
In the past I’ve incurred Microsoft’s wrath plenty of times. A decade ago, for example, I was highly critical of the security (or lack thereof) in Windows NT. Microsoft’s attempts to convince the public that NT security was strong and that only people prone to exaggerate pointed out major security problems in that operating system were often aimed at individuals such as myself. Then several years later Microsoft initiated its Trusted Computing Initiative (TCI), something that greatly changed my view about Microsoft’s willingness and ability to provide adequate security in its products. And if you have been reading my blogs over the past few years, you’ll discover that more than a few times I have given Microsoft more than a few kudos because of substantially improved security in its products that resulted from the TCI.
But much of this is going to change with Windows 7. As I have said before, I am eagerly awaiting the release of what I am sure will be a superb operating system. Let’s face it—Vista was a failure, an operating system that just didn’t meet the mark, even though it offered some new and potentially very worthwhile security-related features. The main problem with Windows 7 from a security perspective is that it will have a built-in XP virtual machine, one that provides XP-Windows 7 compatibility. In “XP mode” special processes that are completely independent of mainstream processes will run. Because of this independence, these XP-mode processes will not be affected by normal security-related Group Policy Objects (GPOs) and hot fixes that are installed. System administrators will thus have to individually set up GPOs for XP mode as well as install separate patches if this mode is to run securely. Instead of having to install and update one copy of anti-virus software, system administrators will have to install two. The same applies to the Windows Firewall and many other security-related features and functions.
Honestly, how many system administrators will be sufficiently motivated to expend double the effort needed to secure a system when they often expend little or no effort at all to security?
In the same way that a single torpedo can sink an entire ship, an undefended XP virtual machine can and will serve as the unauthorized entry point for intruders into a Windows 7 machine. Furthermore, the fact that it will have to be separately configured and maintained for security greatly increases the likelihood that it will be wide open to perpetrators. The Conficker worm has shown just how many systems are still not patched for a vulnerability that first surfaced in October, 2008. If people do not install a patch that has been available for such a long time, what do you think the chances are that they will try to secure a default virtual machine that has no built-in security?
Over the years millions of virus, worm and Trojan infections in Windows systems and an untold number of break-ins into these systems have occurred Compromised Windows systems all over the Internet are routinely used to send spam and to participate in distributed denial of service attacks (DDoS). Microsoft has not been sitting idly by—this vendor has over the years implemented numerous functions and features designed to substantially tighten the security of Windows systems. But I fear that many of the gains Microsoft has made will be negated in Windows 7 by the huge vulnerability that the XP virtual machine constitutes. The ball is clearly in Microsoft’s court—hopefully Microsoft will wake up to the severity of this situation and do something appropriate about it.