Slashdot Mirror
Windows 7's Virtual XP Mode a Support Nightmare?
CWmike writes "Microsoft's decision to let Windows 7 users run Windows XP applications in a virtual machine may have been necessary to convince people to upgrade, but it could also create support nightmares, analysts said today. Gartner analyst Michael Silver outlines the downsides. 'You'll have to support two versions of Windows,' he said. 'Each needs to be secured, antivirused, firewalled and patched. If a company has 10,000 PCs, that's 20,000 instances of Windows.' The other big problem Silver foresees: Making sure the software they run is compatible with Windows 7. 'This is a great Band-Aid, but companies need to heal their applications,' Silver said. 'They'll be doing themselves a disservice if, because of XPM, they're not making sure that all their apps support Windows 7.'"
...but didn't Apple successfully pull this off twice?
stop posting troll articles!! :@
The better it works the easier it will be to support. Also why does the XP instance have to have its own antivirus and firewall? I don't understand why the windows 7 (Magnificent 7? Windows Magnifica!) firewall and antivirus won't be sufficient for the virtual XP machine inside.
This could be very good for support people. Since Microsoft would have to keep supplying patches to XP, there will be no reason to even think about installing Windows 7. Thus allowing support people to the confidence of continued patches.
This is exactly what we want them to do. Virtualize the deprecated, old stuff, and get it out of the main operating system. Move on from the cruft of yore and build in some sweet new fundamentals that break backwards compatibility. We've been crying for them to do this for forever, so let's encourage it. It might add a bit of a support burden, but if it gives us a better product overall, what's the big deal?
Fear and doubt...doubt and fear.... Our two weapons are fear and doubt...and ruthless uncertainty.
I think overall, this is a better way of moving forward. Windows has been essentially crippled from several different perspectives for years because of their need to support backward-compatibility, even with broken interfaces or insecure models. Letting a significant portion of that flow into VMs of older operating systems for those customers who absolutely, positively can not get off their old apps is a good compromise. It allows them to start with a cleaner slate for the majority who has no such requirements.
I'm 100% sure that a competent IT dept that has no use for this feature will, unsurprisingly, NOT USE IT, saving themselves all the support hassles entirely.
And for those that DO need this feature, they know there's basically no other way and it's worth the extra support hassle because they know they will have people saying Application XYZ MUST work I don't care how.
I suspect this means that the old applications that have to work and only currently work on XP can now be moved forward and the IT dept can get everyone onto Windows 7. Once there, the devs of these applications will have Windows 7 rather than XP to test against/run with and they'll have an incentive to update their programs to just work on Windows 7 because, like Classic on Mac OS X, this mode will have just enough 'impedience' that programs will be updated to work on Windows 7 native; but they will work okay in the meantime.
That's the thing - this isn't seamless. It's going to be a little tricky to set up applications to run in the XP box rather than natively on Windows 7, even if launching them is easy.
The trick is "Just enough impedience to get people to update to 7 native while providing a path."
From TFA:
"Windows XP Mode is specifically designed to help small businesses move to Windows 7," Scott Woodgate, director of Windows enterprise and virtualization strategy, said in a blog entry last Friday.
Corrected:
"Windows XP Mode is specifically designed to help us move copies of Windows 7 proffessional and ultimate, as opposed to the cheaper home addition,"S cott Woodgate, director of Windows enterprise and virtualization strategy, meant in a blog entry last Friday.
How would running XP in a virtual machine be any different from the usual windows experience?
It depends on whether Windows 7 can pass-through USB devices and PCI cards to Windows XP. Otherwise, people will try and fail to use hardware with XP drivers on the virtual XP. (Windows 7 uses Vista drivers.)
How stupid are these people?
Windows alreadys supports multiple OSes, from the Win16 and DOS subsystems to the BSD/UNIX subsystem, and also the Win32 and Win64 subsystem.
Which all have their own kernels, and run in NT OS subsystems.
So adding in a VM'd version of XP is going to add to 'support'? How?
The updates still come from MS Update, it isn't like the in house people are writing the patches themselves.
If anything this creates more work for MS, not a freaking IT department.
I'm not sure where to even begin with how stupid this sounds...
More tech support? Really?
If an IT department isn't using group policies and the business centralization and integration technologies of Windows, they shouldn't be using Windows and instead move to something that has almost no central control or mangement like Linux or OS X.
The hallmark of why business CONTINUES to choose Windows deployments is the ease and control that MS continues to give IT administrators, along with their centralized server management concepts that really do make anything else out there look foolish.
A well deployed Windows server/client environment is peanuts to administer, even when the IT people shove Firefox on users and have to run around and do 'manual' updates because Firefox is 'retarded' about allowing remote or admin level updates without giving your users administrator rights.
The second part of this is not understanding the virtualization technology being used. They assume it is like a 'free window' VMWare mode.
It isn't, it somewhere better a VM and a Subsystem on the NT architecture, which is one thing that makes HyperV as powerful as it is.
Truly people forget that NT is a user mode OS-less architecture, and that everything anyone sees is a 'virtual' subsystem, even Win32 has its own kernel and doesn't really know that NT is running under it.
Ok, I'll let people go grab the facts on this crap themselves, and give Win7 a week or two i people's hands that actually 'do' know what they are talking about...
PS The XP Virtualization is mainly for corporate clients, as 99.9% of all software works on Vista and Win7.
It is only the in house written or 'corporate' written software crap that has no concept of NT security that has problems with Vista or possibly Win7 that enforces the 20yr old NT security model that the software developers should have written for in the first freaking place.
Why does every user need two operating systems? That seems awfully wasteful.
Because a non-free application that's no longer supported by its original publisher needs Windows XP, but the only OS of which Microsoft is selling new copies is Windows 7.
I almost feel bad for Microsoft because of the number of people attacking their code. Almost.
As I was perusing the various security boards and newsletters I frequent, I started thinking of how amazingly large the array of people making their livings off of Windows' security deficiencies. It's huge.
There are a multitude of websites that might as well be devoted to Windows security issues. There are the people who constantly write AV signatures. People who collect malware in honeypots and distribute it to security researchers. People who have to write and test patches - both at Microsoft and at other software publishers. People who lecture on Windows security. People who do forensics on compromised machines. People who try to contain the damage when an organization's computers are compromised. People who have to notify the people who are affected by the compromises. People who have to untangle and try to block unauthorized bank charges and identity theft. Etc.
It's like the bump on the log at the bottom of the sea song. The chain just goes and goes and goes. At least it is employing people but you have to wonder what the total global expenditures are in dealing with the consequences of security issues in Microsoft Windows.
This isn't meant to be a troll. It's a legitimate concern and I wonder when people will finally say "enough".
This is sad, just another example of how the wheels are coming off the cart while careening down another blind alley. I was at a trade show last month, and the visit to the Microsoft booth was surreal. The first kiosk was for Windows 7 and a smiling young man touting the virtues of this beta software. When I mentioned that I was having trouble running Vista on a 3.2GHz P4 with 4GB RAM, a 512MB ATI video card with DX10.1, and a terabyte HDD, he scoffed and said that nobody at Microsoft was running Vista, not even the developers. He gave me a DVD of beta 7 and told me that even as a beta, Windows 7 was "so much better than Vista." I accepted his disc (which expires on August 1), and went to the Windows Mobile (WM).
This kiosk had a good looking young man who was part of the product management group for WM 6.5 and very knowledgeable about the product. When I told him that I was a WM developer, he listened attentively as I explained my frustration in trying to program the WM6 smartphone camera to work. His smile faded as he explained that Microsoft had failed to thoroughly test the OEMs for WM5, WM6 and WM6.1. As a result, the DirectShow APIs for many phones were not fully/correctly implemented. He showed me a web page - http://studierstube.icg.tu-graz.ac.at/handheld_ar/camera_phones.php - that explained the problem phones. Then I asked, "will this be fixed in the coming 6.5 release?" He shook his head and replied, "no, not until WM7." I thanked him for his candor and moved onto Live Search.
At Live Search, a bright young man was touting the performance of their latest version and let me test it against Google, where it seemed to respond comparably. He talked about how his group was trying to get other parts of Microsoft to use their Live Search instead of their own, "an uphill battle." At that moment, another person walked up and asked a question, prompting him to pull out his iPhone. I reached out with my WM phone and joked, "wouldn't it be more politically correct to show this?" He responded, "oh, no. Most of my friends at work have iPhones. It's OK."
The problems documented by Daniel Wagner's web page (above) and unmentioned on microsoft.com or msdn.com cost us three months of development time. I should have suspected; mea culpa. Our application now runs on iPhone, and we are not looking back.
BTW, the Microsoft coffee table looks like a giant iPhone.
So when Intel and AMD couldn't increase the speed of their processors any more, they decided to introduce dual core chips. Does this mean that Microsoft has decided they couldn't slow down computers any more with Windows 7 and is now planning on shipping a dual OS system to ensure slow performance?
That's because making a living off Window's security deficiencies is for all intents and purpose the same thing as making a living off Computer security deficiencies. Sure, there are aspects of the Windows security model that downright suck. But the reality is every system has security vulnerabilities out the ass. Whether Windows or Linux or BSD or what have you has more is up for debate, but the definite thing is that security is an active, evolving process, and whatever OS is used by the majority of the world is going to be under constant attack.
I suppose if builders didn't build houses so damn easy to get into, we wouldn't need locks (and thus lock makers), and alarms, and cops and security guards, and fences, and a neighborhood watch. After all, the home builder made the house, he should guarantee it in perpetuity as an impenetrable fortress. Even if the owner ignores his recommendations, and leaves the doors unlocked and the windows open, it should still be secure. And despite the need for security, it must still be convenient for the owner and guests to enter and exit at will, pleasant to look at, and maintainable by an owner who has no knowledge of experience in houses.
You act as if security is easy, and MS could accomplish it if only it tried a little harder. That's not the reality. MS deserves flack for any number of legitimate grievances. They took way to long to take security seriously (basically the entire time from XP's release to Vista was spent making massive security improvements to catch up to where they should have been), they use abusive business practices to encourage lock-in. They make bizarre and frankly retarded attempts at anti-piracy like activation/genuine advantage (if there ever was a drm measure that does nothing to even slow pirates down, and annoys the crap out of legit purchasers, its Windows Activation).
But acting like MS and MS alone must bear the burden for ensuring the security of pc's, is ridiculous.
Go ahead stay in the reality distortion field and drink the kool-aid.
It's NOT the contest that proves it. Just read what the guy says and go investigate to see if what he is saying is true.
Just see: http://blogs.zdnet.com/security/?p=2941
and: http://news.cnet.com/8301-10784_3-9759132-7.html
Quote:
"With my Safari exploit, I put the code into a process and I know exactly where it's going to be. There's no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don't know where it is. Even if I get to the code, it's not executable. Those are two hurdles that Macs don't have."
You don't have to be a genius to figure it out. OSX doesn't have the same protections. It doesn't even have the protections Windows XP SP2 has and that came out 5 years ago.
If you don't believe me, just get the opinion of any of the top security researchers on the security of OSX compared to XP/Vista.
The reason why OSX is not exploited as much as windows is it is the equivalent of a house in a small village. Hardly anyone would bother break in even if the door is unlocked.
There's no point creating a tiny network of zombies. A huge network is where the money is.
If I were a malware writer I'd be rubbing my hands with glee if OSX's market share goes up.
Apple makes cool stuff, but they don't make secure stuff.
And guess who is responsible for the code quality of quicktime? Apple.
OSX is swiss cheese too. It has dozens of setuid programs. It has no "DEP" - something that Windows XP had 5 years ago with service pack 2.
It's not just me claiming that. I know others who would say the same thing.
Both Charlie Miller and "Nils" say OSX is easier to exploit.
http://voices.washingtonpost.com/securityfix/2009/03/mac_os_x_top_target_in_browser.html
http://news.cnet.com/8301-10784_3-9759132-7.html
http://blogs.zdnet.com/security/?p=2941
Quotes:
"It's getting pretty hard to do a lot of this stuff on Windows Vista and Windows 7," Nils said. "Especially when a lot of people who stayed with [Windows XP] switch to Windows 7 because they didn't want Vista, the bad guys may start to figure out they can more easily exploit these bugs more reliably on a Mac."
"Mac OS X has some ASLR but not much, and there is no DEP in OS X," Miller said. "My exploit relied on exploit code being in certain spot, and that it would [execute], and in Vista neither of those things would have happened."