Slashdot Mirror
Windows 7's Virtual XP Mode a Support Nightmare?
CWmike writes "Microsoft's decision to let Windows 7 users run Windows XP applications in a virtual machine may have been necessary to convince people to upgrade, but it could also create support nightmares, analysts said today. Gartner analyst Michael Silver outlines the downsides. 'You'll have to support two versions of Windows,' he said. 'Each needs to be secured, antivirused, firewalled and patched. If a company has 10,000 PCs, that's 20,000 instances of Windows.' The other big problem Silver foresees: Making sure the software they run is compatible with Windows 7. 'This is a great Band-Aid, but companies need to heal their applications,' Silver said. 'They'll be doing themselves a disservice if, because of XPM, they're not making sure that all their apps support Windows 7.'"
The better it works the easier it will be to support. Also why does the XP instance have to have its own antivirus and firewall? I don't understand why the windows 7 (Magnificent 7? Windows Magnifica!) firewall and antivirus won't be sufficient for the virtual XP machine inside.
This could be very good for support people. Since Microsoft would have to keep supplying patches to XP, there will be no reason to even think about installing Windows 7. Thus allowing support people to the confidence of continued patches.
When has M$ ever released an OS that wasn't a support nightmare?
If I were God, wouldn't I protect my churches from acts of me?
Microsoft is really giving customers the worst of both worlds. Making only incremental improvements to their mainline OS's while creating a backwards compatible VM which is simply more cruft to throw on top of an ever expanding pile of backwards compatible cruft.
Better to float the "VM as compatibility" boat in the wild before relying on it?
I'm making crap up -- it's probably more MS missightedness -- but it would be a half decent reason. There's all sorts of stuff that can go wrong in the wild that would be next to impossible to foresee, so by limiting the places where it doesn't work to only programs that don't run on Win7 natively they limit the potential damage a little bit. (Of course, problems that surface are more likely to be on critical apps.)
Classic is/was not an abstraction layer. When you start classic, you can open a window where you watch Mac OS 9 boot, just like Virtual PC. After it finishes loading, the window disappears and Classic apps are displayed on the desktop, same as any other. An old enough Macintosh can boot from the System Folder used for Classic.
You may be thinking of the Carbon API, which was available under 9 and X. There is no translation involved; Carbon applications are native in both 9 and X.
Rosetta is a binary translation layer, like you said. Apple did the same thing when moving from Motorola 68k CPUs to PowerPC.
Actually, Windows has a way of kicking you in the balls. How would running XP in a virtual machine be any different from the usual windows experience?
I think this is the smartest move Microsoft has done in a long time. They need to relegate the backwards compatibility to a virtual machine, and make the next Windows OS much leaner and secure.
I agree with the GP that Apple had little problems with this and their market is of sufficient size to assume that Microsoft would fare just as well.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
From TFA:
"Windows XP Mode is specifically designed to help small businesses move to Windows 7," Scott Woodgate, director of Windows enterprise and virtualization strategy, said in a blog entry last Friday.
Corrected:
"Windows XP Mode is specifically designed to help us move copies of Windows 7 proffessional and ultimate, as opposed to the cheaper home addition,"S cott Woodgate, director of Windows enterprise and virtualization strategy, meant in a blog entry last Friday.
How would running XP in a virtual machine be any different from the usual windows experience?
It depends on whether Windows 7 can pass-through USB devices and PCI cards to Windows XP. Otherwise, people will try and fail to use hardware with XP drivers on the virtual XP. (Windows 7 uses Vista drivers.)
Neither VPC, Virtual Server or Hyper-V support "running off of a directory tree in the host OS's file system"... instead the virtual hard drive(s) are packaged into nice and portable VHD files... and I'd be very surprised if VirtualBox, VMWare or any other VM software did.
External scanning would require the AV system to know how to crack a VHD (which isn't difficult at all)... though doing so when the VM is online might be tricky.
Help Brendan pay off his student loans
I almost feel bad for Microsoft because of the number of people attacking their code. Almost.
As I was perusing the various security boards and newsletters I frequent, I started thinking of how amazingly large the array of people making their livings off of Windows' security deficiencies. It's huge.
There are a multitude of websites that might as well be devoted to Windows security issues. There are the people who constantly write AV signatures. People who collect malware in honeypots and distribute it to security researchers. People who have to write and test patches - both at Microsoft and at other software publishers. People who lecture on Windows security. People who do forensics on compromised machines. People who try to contain the damage when an organization's computers are compromised. People who have to notify the people who are affected by the compromises. People who have to untangle and try to block unauthorized bank charges and identity theft. Etc.
It's like the bump on the log at the bottom of the sea song. The chain just goes and goes and goes. At least it is employing people but you have to wonder what the total global expenditures are in dealing with the consequences of security issues in Microsoft Windows.
This isn't meant to be a troll. It's a legitimate concern and I wonder when people will finally say "enough".
This is sad, just another example of how the wheels are coming off the cart while careening down another blind alley. I was at a trade show last month, and the visit to the Microsoft booth was surreal. The first kiosk was for Windows 7 and a smiling young man touting the virtues of this beta software. When I mentioned that I was having trouble running Vista on a 3.2GHz P4 with 4GB RAM, a 512MB ATI video card with DX10.1, and a terabyte HDD, he scoffed and said that nobody at Microsoft was running Vista, not even the developers. He gave me a DVD of beta 7 and told me that even as a beta, Windows 7 was "so much better than Vista." I accepted his disc (which expires on August 1), and went to the Windows Mobile (WM).
This kiosk had a good looking young man who was part of the product management group for WM 6.5 and very knowledgeable about the product. When I told him that I was a WM developer, he listened attentively as I explained my frustration in trying to program the WM6 smartphone camera to work. His smile faded as he explained that Microsoft had failed to thoroughly test the OEMs for WM5, WM6 and WM6.1. As a result, the DirectShow APIs for many phones were not fully/correctly implemented. He showed me a web page - http://studierstube.icg.tu-graz.ac.at/handheld_ar/camera_phones.php - that explained the problem phones. Then I asked, "will this be fixed in the coming 6.5 release?" He shook his head and replied, "no, not until WM7." I thanked him for his candor and moved onto Live Search.
At Live Search, a bright young man was touting the performance of their latest version and let me test it against Google, where it seemed to respond comparably. He talked about how his group was trying to get other parts of Microsoft to use their Live Search instead of their own, "an uphill battle." At that moment, another person walked up and asked a question, prompting him to pull out his iPhone. I reached out with my WM phone and joked, "wouldn't it be more politically correct to show this?" He responded, "oh, no. Most of my friends at work have iPhones. It's OK."
The problems documented by Daniel Wagner's web page (above) and unmentioned on microsoft.com or msdn.com cost us three months of development time. I should have suspected; mea culpa. Our application now runs on iPhone, and we are not looking back.
BTW, the Microsoft coffee table looks like a giant iPhone.
They are not apples and oranges (no pun intended). Mac's typically do not run virus scan (good or bad practice, most don't see it as necessary). They didn't have to deal with running virus scan and firewall software within the virtual machine. They also had a change of architectures underneath which may have made virus propagation from VM to parent a bit harder. Last but not least, OS X like Linux, is simply more secure, either through design or lack of market share.
That said, the latest offerings from virtul products tend to be very highly integrated. One would hope that MS could offer vscan integration to allow the parent OS to protect the virtual machine. I'm not saying that is the case now, but it seems possible since they are both on the same file system, both using the same hardware, memory, etc (given they are segmented from each other).
I still see this as a necessary step to avoid a lot of legacy baggage.
I run Windows XP in a VMWare Workstation virtual machine. My laptop requires 64bit and runs (believe it or not) better with Vista 64bit than any other Windows OS.
However, there are some apps that refuse to run correctly in Vista. So it's a cake walk with VMWare to run XP.
For support - I don't see an issue. XP actually runs pretty damn good in a controlled virtual environment. You get away from all the wacky hardware drivers and shit that normally trips up XP. The problem I see is if/when Microsoft ends XP support for security updates.
You could do something like using Linux off of PXE boot and have that host and automatically load a Windows XP session. This type of setup is used in places like kiosks where you have a hostile user environment and need the ability to easily restore XP as needed. This would present a single operating system to the user, avoid license issues, allow easy access from a troubleshooting standpoint and so on.
My issue with Microsoft is that they want you to run Windows 7 on a normal basis and then load a virtual XP on an as needed basis. This put enterprises in the business of supporting two platforms per PC and will significantly increase their support costs.
XP has become a victim of its own success.
There are many people out there who are clinging to XP, and they don't want Vista, they don't want 7...they want Windows XP 4 EVAR! And there is nothing wrong with that. XP isn't broken, don't fix it.
Sure, Windows 7 might 'suck less' than Vista, but that's merely providing the remedy to the poison. Easier to use, simpler, less eye candy.
There's nothing wrong with providing virtualization, and perhaps if they slapped a better GUI and contributing with new features to VirtualBox that might be worth writing home about. (Specifically the braindead ISO image manager that's a PITA to use when all is needed is a combobox for previously saved images, adding an OSX compat layer, adding JIT app translation for emulated binaries, etc)
Microsoft needs figure out what works well and make it work even better, not try to give us something new.
I have never seen any software thats even close to what you mention above. Im a network admin working with AD and those traits arent even on the same planet as Windows server 2008/2003.
Policies are an ugly hack of distributing disturbingly ugly and crude register hacks onto remote computers. The amount of bugs are staggering.
Remote installation with msi packages sometimes make me wake up screaming in the night. Its hellish work and sometimes an app breaks when installing a new one.
Microsoft doesnt run any office version properly, period.
Active Directory, pray tell, have you ever used it or its 100 different management tools? Seen it grow out of proportion, watched it crash and then had an allnighter trying to get it understand that yes, the backup is from yesterday and yes, it really is older than the current database? AD sucks compared to any LDAP service in existance and it sucks so bad you have to have two copies running at all times. Not for failover but for normal use.
Anyone claiming Windows and AD is a good product hasnt worked with it ever except maybe selling it. That or its someone who has never used anything else.
The only "problem" with linux is that it doesnt run windows applications. Managing many linux computers on a large network is a piece of cake and not at all a problem that needs to be solved.
HTTP/1.1 400
Of course it depends on Microsoft's implementation of the whole thing. But if done correctly Windows XP will run in a nice environment that is protected by Windows 7.
In fact, Windows 7 could act as an Hypervisor to secure XP.
A hypervisor is great when it comes to security, because from its vantage point it can control the guest OS (antivirus, firewall, etc.) without risking to be compromised itself.
I didn't say that. What I said is that there is a huge infrastructure in place with huge costs associated with Windows.
Linux and OSX both have and will have weaknesses. The tend to be more local exploits than remote, but they aren't perfect either. I know Apple has caught a lot of flack for being slow to fix weaknesses too - apparently generally slower than Microsoft or the Linux distro maintainers.
I know security is not easy. Security is a big part of my work. But I think that both Apple and Microsoft could do a better job about educating users regarding security. All too often I hear Windows and Mac users claiming they have never had an intrusion/virus. Particularly Mac users. Linux users, on the other hand, really do tend to be more computer literate and the distros now also tend to have everything turned off and ports need to be opened to use services. A default closed stance is a good one.
But the fact is that Microsoft is the target of the lion's share of exploits and attacks. It does get the criminals the most bang for the buck. But for whatever reason, a lot of Microsoft users don't update. I think it's a bad decision, but Microsoft now excludes pirate copy users from being able to get updates. That just guarantees a ready pool of systems to be used in botnets.
I think Apple and Microsoft both would benefit from including a multimedia presentation with their computers that covers the basics of computer security. They could explain the risks of various activities and also the best ways to combat computer crime. If people actually understood what the difference was between an administrator account and a user account, that in itself would go a long way to make it more difficult to compromise PCs.