No Windows 7 XP Mode For Sony Vaio Z Owners

Voyager529 writes "While virtually every Core 2 Duo processor supports the hardware virtualization technology that powers the Windows 7 XP Mode, The Register UK reports that the Core 2 Duo processors in the Sony Vaio Z series laptops had the virtualization features intentionally crippled in the BIOS. Senior manager for product marketing Xavier Lauwaert stated that the QA engineers did this to make the systems more resilient against malicious code. He also stated that while they are considering enabling VT in some laptop models due to the backlash, the Z series are not among those being retrofitted."

What? Malicious code??

[jkrise]

Senior manager for product marketing Xavier Lauwaert stated that the QA engineers did this to make the systems more resilient against malicious code.

If they don't like Windows XP they can say so. Calling it malicious code will piss off Microsoft no end.

Re:What? Malicious code??

[TheRaven64]

There are a few proof-of-concept rootkits that work by installing a thin hypervisor in hyperprivileged mode and letting the OS carry on in ring-0, accessing hardware directly but being completely exposed to any code running in the hypervisor. This is virtually undetectable to the OS, so it makes sense to disable VT-x in the BIOS and enable it only when the user knowingly installs a hypervisor. It doesn't make a great deal of sense to not permit the user to enable it though.

Re:What? Malicious code??

[nschubach]

Sorry for the double post, but here's another one:
http://forums.lenovo.com/lnv/board/message?board.id=ideaPad&thread.id=11293&page=2

Re:What? Malicious code??

[Vu1turEMaN]

Lenovo disables it on almost all of their laptops, but its a simple step to go into bios and change the setting.

Dell disables it on a few random laptops, like the 1420N and D830, but once again its in the bios....usually under POST settings.

Re:What? Malicious code??

[tolan-b]

My old-ish Vaio (has a Core Duo, not the later Core 2 Duo) has VT disabled too, no BIOS setting to re-enable it, bery annoying and very pointless.

Re:What? Malicious code??

[nschubach]

And another: http://marcansoft.com/blog/2009/06/enabling-intel-vt-on-the-aspire-8930g/

Honestly, that's my last link... Google for others. It's not hard. I suggest looking for: "laptops with locked out vt"

Re:What? Malicious code??

[Lumpy]

But Lenovo allows you to re-enable it. sony simply has a "SUCKS TO BE YOU" sticker on it.

Re:What? Malicious code??

[AP31R0N]

My experience as a Sys Admin and doing IT house calls told me to avoid Sony computers like the plague, unless i wipe the OS and start again. i found their tweaks to cause all kinds of headaches.

Re:What? Malicious code??

[schon]

There are a few proof-of-concept rootkits that work by installing a thin hypervisor in hyperprivileged mode

No, there is one that the creators claim to operate like this.

This is virtually undetectable to the OS

No, it's claimed to be undetectable, but when challenged, the creators won't let anyone examine it to see.

Re:What? Malicious code??

[Moryath]

Nope. That shipped built in.

What did you THINK was eventually going to form Skynet anyways?

Re:What? Malicious code??

[SBrach]

My wife bought a Vaio against my advice. I have had vaios before and knew they were overpriced even though the hardware is typically very nice. The laptop is a Core 2 Duo with 4GB of Ram and was slower then her Celeron M gateway with 1GB of ram, both running Vista. Once I wiped the Sony and installed vista ultimate 64bit (and now 7 ultimate 64bit) it was much faster. I started trying to fix the sony image but there was too much crap to uninstall and too many stupid settings. Like who really wants 10% as a max CPU setting when on battery.

Re:What? Malicious code??

[FutureDomain]

Even Superman won't be able to save us.

But Chuck Norris can!

Re:What? Malicious code??

[TheRaven64]

Did you read the linked paper, or just the Slashdot summary? They explicitly state in the paper that they are not considering hypervisors that actively attempt to avoid detection, only those that passively try. Of the points they list that would allow detection of the hypervisor:

• CPU discrepancies do not apply to hypervisors that use VT-x; they detect instruction-rewriting VMMs like VMWare.
• Off-chip Discrepancies do not apply to a hypervisor that is only running one guest and is allowing it direct access to the hardware, as a malicious hypervisor would.
• They list their own potential countermeasures for page table-based attacks. I'd also add that if I were designing a malicious hypervisor I'd map its code into a region of physical memory and trap the BIOS call that reported the BIOS size.
• Timing anomalies also don't apply to a hypervisor which permits direct hardware access. For example, I would make my malicious hypervisor trap the hlt instruction so that it ran in the background while the OS was doing power saving and jumped back to the OS when it registered an interrupt. This would enable it, for example, to scan RAM for passwords and secret keys and drop them into the network interface while the OS thought it was in power saving mode.

Re:What? Malicious code??

[DJRumpy]

Read a bit further down. They indicated that these processors were specifically crippled by Intel to offer a cheaper price which is why they couldn't be enabled in Bios. The Sony on the other hand doesn't even show an option to enable VT when the processor does support VT.

"Actually, not every dual core mobile processor supports VT. Here are the specs for the p7450 in the y450. http://processorfinder.intel.com/details.aspx?sSpec=SLB54

You'll notice there is no mention of VT support. But if you look at the p8600 here:
http://processorfinder.intel.com/details.aspx?sSpec=SLB3S

It actually does have VT support as already mentioned here. Intel purposely removed VT support on some OEM spec processors to make them available at cheaper prices to go into laptops that probably won't need VT.
Apple actually paid intel to include VT support in a p7350 processor that doesn't normally have it. "

It's Sony

Hey, it's Sony. What kind of customer support did you expect.
It's not like they've got a long history depicting a care for their customers, rootkits being only 1 example.

Re:It's Sony

[nschubach]

Then start hating on Lenovo as well. They show you the option, but don't let you change it. I think you're just looking for ways to hate on Sony:
http://forums.lenovo.com/lnv/board/message?board.id=ideaPad&thread.id=11293&page=2

I'm sure there are other manufacturers doing this as well.

Re:It's Sony

[nschubach]

I'm glad someone appreciates the information... I was modded overrated and redundant on every other post pointing this out. Seems someone is trying to keep this firmly pointed at Sony.

Re:It's Sony

[TheGratefulNet]

It's not like they've got a long history depicting a care for their customers, rootkits being only 1 example.

lately, sony is the posterboy for 'do evil and lie about it'.

but they weren't always this way. 20 yrs ago they were the pinnacle of mid-fi consumer electronics. sometimes they even made high-end items but mostly they were comfortable making GOOD gear at an ok price.

fast forward to when sony got 'confused' about what business they are in: is it music software (and movies) or hardware that lets you watch/listen to them? they don't even know, themselves. they lost their focus and edge in the industry.

now they are a joke. but they didn't use to be. sad to see what USED to be a great company slide into evilness.

CD rootkits

They probably want to protect their customers from Rootkits that some manufacturers put on their CDs: http://it.slashdot.org/article.pl?sid=05/10/31/2016223

flash

[socsoc]

If only there was some way to replace the BIOS, with some sort of flashing... I'm sure at some point they'll be a alternative firmware for those people silly enough to think that Sony would embrace anything that wasn't one of their proprietary formats.

Re:flash

[Chaxid]

I actually reflashed my Vaio VGN-FW285J in order to enable Intel VT-x which was deliberately disabled by Sony. It irked me to no end that they disabled this feature, since I would not have bought the laptop if I'd known they'd disabled it. The procedure on how to reflash is on my blog, along with links on how to do it for Sony's other Vaio laptops (such as the "Z" series). The blog post is here: http://linux.com/community/blogs/sonys-crippled-intel-vt-support.html Credit should of course go to those fine folks who took the time to reverse engineer the BIOS, such as Igor Levicki who did this for the FW series' AMI BIOS. I hope Sony realizes they are making a big mistake.

Pfft

[Houndofhell]

::Sony BIOS SCREEN::

Virtualization: Disabled
Complimentary Rootkits: Enabled

In other news...

[langelgjm]

In other news, Sony has decided to disable the second core in many of its dual-core models. Senior douchebag Joe Schmo defended the decision, saying "Often the second core just allows people to run malware in the background without noticing it."

Um, no thanks, Sony. How about you let your customers decide whether they want to turn off processor features?

Re:In other news...

[the_fat_kid]

hey, my mother was a douche bag, you insensitive clod.

his won't affect geeks running Linux and VMs...

[JimMarch(equalccw)]

...because we already know Sony is evil as hell and we don't buy their laptops.

And anybody who went and forgot that lesson deserves whatever abuse Sony heaps on 'em.

Lenovo does the same thing

[Renegade88]

The virtual technology extensions of my Lenovo Thinkpass T400 has also been intentionally crippled. Sony isn't the only company making bad decisions with higher-end laptops.

Re:Lenovo does the same thing

[zdzichu]

Are you sure? My T400 (bought year ago) have VT switch in BIOS from day one. My earlier z61t hadn't, and required over a year of email exchange to get VT toggle in new BIOS.

Re:Lenovo does the same thing

[Renegade88]

True, but as I also posted, I searched the internet for an answer and numerous people not able to enable these features even with access to the BIOS. They had contacted Lenovo directly (in fact, it was a Lenovo support site) and were promised a solution (updated BIOS) and it didn't come.

What I can personally verify is the VT extensions are disabled. From what I saw on the Lenovo site, it's not possible to enable this without a non-existant upgraded BIOS. I can't explain why some people with T400's have VT extensions disabled. I doubt my company's IT dept. has a VT policy and decided to disable it by default, but I can surely confirm this easily.

Thanks for a classy response.

Re:Lenovo does the same thing

[Creepy]

incorrect, the T9400 does support Vt.

Intel Chips are massively hit-and-miss when it comes to Vt - I suggest checking wiki before buying. I tried to find a laptop in the $1000 range with Vt support, hardware GPU (the graphics work I do requires about a class 3 GPU here), and at least 720p. You almost can't find it - either they have Vt or they have hardware GPU. I get discounts from Dell, Toshiba, and IBM, but by the time I specced them out to my minimum they were $300-500 over budget. I finally found a 30% off coupon code for laptops over $1100 from HP and bought one of those (and 30% off brought it back to my $1000 budget - Dell with my discount and their sale was $400 over budget). Sony and Apple were out of my budget range from the start.

Linux BIOS Project?

[mwilliamson]

Can the bios be re-flashed with something more useful?

Re:Why does it matter what the BIOS supports?

Since DOS died the BIOS has been little more than a glorified POST. So why can't the OS just enable any features that the BIOS doesn't? Its not like any modern OS uses the BIOS once its up and running anyway - just some information the BIOS may have provided which the OS can double check for itself anyway.

IIRC the BIOS sets the CPU VT flag on powerup (ie, disabled) - once flag is set, it can't be cleared until next cold boot. However, I have an SZ series, there are tools out there to modify the bios settings to not set the flag (it works), I've successfully got linux KVM running :D (following http://forum.notebookreview.com/showthread.php?t=189228)

Let me fix that for you...

[wowbagger]

"Senior manager for product marketing Xavier Lauwaert stated that the QA engineers did this to make the systems more profitable by creating an artificial differentiation we can use to charge more money for basically the same thing."

Re:Why does it matter what the BIOS supports?

[ripnet]

It matters because the way the VT tech works is that its disabled by default in the CPU, and is (usually) enabled by the BIOS. The reason you cant (usually) turn it on after the OS has booted is because the register used to turn it on (the MSR) has a lock-bit, which once set prevents any changes to the VT status until power is removed from the CPU.

BIOS's that simply ignore the VT enable stuff are less of a problem, because its possible to set the VT tech on, and lock it on (by writing 5 to register 3A) within the OS using /dev/msr (linux) or cpuinfo (windows). The Mac Pro (early 2008) behaves like this. This is obviously bad for security, as the malware can simply enable it!

BIOS's that deliberately disable VT will set the register to 1 (vt off, lock on), turning off, and locking off the VT stuff. There is no way I know of to defeat this situation (short of disassembling the BIOS and 'fixing' it).

Some BIOS's even have the code to turn it on, but it is only triggered if a CMOS register is set to a certain value and there is no UI on these BIOS's to set that CMOS register. I believe some Sony BIOSs are like this, but am unsure.

The best ones of course allow you to turn it on in the BIOS - which is why Sony are talking BS when they say its for security. They only need to ship it turned off, and allow the users to turn it on at their own risk.

I understand that it IS a genuine risk (bluepill?) in that a hypervisor can install itself UNDER the OS layer, and then filter what the OS sees, invisible to the user (otherwise the virtualization is broken).

Thats why.

ps. apple ignored a bug report I made about the way the Mac Pro works... i guess its kinda understandable because it seems all MacOS virtualization products just turn it on using the MSR as needed.

Comment removed

[account_deleted]

Comment removed based on user account deletion

go to hell Sony

[pak9rabid]

This is exactly why I don't buy Sony products, whether it's a computer, camera, music, etc. Consumers have been burned by them enough times with their retarded proprietary formats, lawsuits, rootkits, and just an overall blatent disrespect for consumers that I'm surprised anyone buys their crap anymore.

Re:Legitimate reason ?

[fuzzyfuzzyfungus]

Most likely, they are using VT support as a price discrimination tool. Disable it to make a model "Low end" enable it to make the model premium.

In particular, with recent intel setups, intel's "Vpro" remote management widgetry depends on VT(and a bunch of other intel sauce). Disabling that is an excellent way to produce a line of systems that will appeal to individuals and smaller businesses, that you can sell cheaply to capture that cost sensitive demographic, that enterprise IT won't touch with a 10 foot pole, leaving them to buy your more expensive line.

Linux BIOS Project is now Coreboot

Just an fyi, the LinuxBIOS project was renamed Coreboot.

Re:Why does it matter what the BIOS supports?

[Hadlock]

Yeah I was going to say, this sounds like a job for a hex editor, 10 minutes, and a guy who understands basic x86 assembly code.

6 out of 11 is not "virtually every"

Only 6 out of 11 of the 45nm Core2 duo chips support VT according to info on intel.com. That's not "virtually every".

Not nitpicking for the sake of it, just don't want people to assume that the Core2 they're intending to buy supports VT. Best to check.

Re:6 out of 11 is not "virtually every"

[mzs]

And in fact Sony did make Z series laptops with VT incompatible C2D chips (I know since my cousin has one) plus in some cases they used chipsets that do not support VT (or at least not easily with clever SMI hacking). I bet another concern is that buggy hardware on some of the Z series is made to work with System Management Mode (SMM) code in the BIOS, stuff that was never tested with VT.

Sony has ALWAYS Gimped laptops...

[nweaver]

Back in 2000, when Win2K was out and happy but the proles were stuck with Win98/ME, I decided I wanted a laptop.

There was a cheap Sony laptop with Win98/ME on it that looked good to me and was on sale. I checked, there was a version of the same laptop with Win2K available, but it was a few hundred dollars more if you could FIND it, and the UC CS dept had a site liscence/arrangement for Win2K.

So I figured, why not? Buy it at fry's, reinstall with a remotely tolerable Windows OS, be happy.

Get the laptop, blow away the Win98/ME crap, put on Win2K, only to find out that Sony locks all the drivers with BIOS strings and the like so the drivers from the Win2K version won't install on any other notebook, even when the chipsets and everything are identical!

Fortunately, Fry's had a good return policy. So rather than going hunting for manufacturer sites for drivers, I said, screw it, popped in the reimage disk, and restored it and returned it.

A few weeks later, I bought an IBM notebook off a friend with PowerBook envy, much prefering the IBM site wher you put in the model # on the bottom and you get every driver for every OS variant, including Linux, in a nice neat grid...

But even nearly a decade ago, Sony was gimping their laptops badly. Glad to see they are keeping THAT tradition alive...

Re:Sony has ALWAYS Gimped laptops...

[vintagepc]

They do this with desktop VAIOs too... We have one here at the office that the owner could not get to dual-boot Linux and Windows... in fact, the manual even states that if you dual boot, your machine's features will be crippled... So we made the smart choice, did a linux-only install.
I think I speak for many of us when I say,
"F*ck you, Sony!".

Not virtually all C2D's

[GreenEnvy22]

The first line of this summary is quite wrong. Intel has LOTS of Core2Duo's that do not support Intel VT. A quick look through their processor matrix will confirm this. Still, it's common practise for laptop manufacturers to disable things like VT on their consumer models. My Toshiba satellite has it disabled (not changeable in BIOS), but the pro version of it (same mainboard and cpu) has the option. I'm sure there is some way to get it working via a hex editor or something, but then we're into voiding warranties (if the bios gets fubared).

Re:The real reason

[IBBoard]

Virtual Box will still run without VT, it just won't be optimal. I've got an old Athlon 64 that doesn't support VT or its AMD equivalent, but I can still run a Windows XP Virtual Box instance on it ;)

AMD vs. Intel

[Britz]

Lots of cheap Intel processors don't even have Intel VT, while most of the AMD processors in the same price range have it enabled. While I like the fact that some of the new Pentium processors run really cool, I would never consider buying a new processor without virtualization support. Yet most of the current cheap machines (laptops and boxen) that come with Intel use processors without virtualization. Kinda limits your choices. But then again I always liked AMD better.

Re:For security and compatibility

[Andy+Dodd]

I've never seen BIOS features password-protected from the factory. I have seen it FREQUENTLY done with corporate laptops (for example, the T42s I have for network testing have WLAN cards in them, but have been disabled in password-protected BIOS sections.)

Until Windows 7, 90%+ of consumers had no reason to use VT extensions, and for those, VT was only a potential security hole. Hence disabling by default made sense until very recently.

sony made wrong decision

[argent]

Virtual machines are a security feature. A VM establishes a security barrier around the OS> If you're infected, you just roll back the VM to the last snapshot and you're clean.

Security is like sex, once you're penetrated you're ****ed. Blocking useful security tools because they make it very slightly easier to hide after a successful penetration is asinine. And complaining about the cleanup cost? I normally reformat and reinstall after a virus is detected... and I've had to do that ONCE on any computer I've owned since 1986.

If people took some responsibility for their computers instead of depending on hacks like AV software to detect and clean up after they screw up, there wouldn't BE a virus problem.

As for your last line, "There is no real use of VT anyway since cores are now dual."... I have no idea what you mean by that, so here's a bunny with a pancake on its head.

Perhaps...

[chaboud]

Perhaps there is already some hypervisor running that we don't know about?

As a Z owner who is planning on upgrading to Windows 7, this pisses me off. That machine was nearly as expensive as my mac... my mac!

It's worth noting that, scarily enough, it *was* still cheaper than my MBP, and the MBP has all sorts of issues running Windows. Sadly, the one ideal computer to run all OS's is actually three and a roll of duct tape.

Re:Not Just Sony... Intel Marketing to blame

[rsborg]

Intel charges more for chips with VT enabled, they use it as an up sell. Many laptop manufacturers are choosing not to pay the extra, especially on low end laptops with razor thin margins. This isn't just a Sony problem. As any Apple fanboy can tell you, Apple pays for the good stuff.

Here's some more evidence that the "Apple Tax" is just a higher price for quality goods:
http://blog.fosketts.net/2009/08/07/macs-beat-pcs-intel-vt/

The question no one is asking...

[rickb928]

If Sony is disabling features to make their laptops more resiliant against malware attacks, can we expect them to offer support and resolution to malware attacks that occur because of their hardware/BIOS?

I bet not. So why not leave alone that which you are not willing to fully support anyways?

On another note, Intel (amd probably AMD) mess with the VT features, scattering them all over the processor product lines. You need a frakking CPA to work through the permutations and find the processor(s) that have all the features and performance you want or will pay for. !Simple. !Friendly. Evil.

Re:The real reason

[Creepy]

yep - Virtualbox uses QEMU if Vt-x or AMD-V isn't present. I've got a year old Quad-Core 8400 that doesn't support Vt-x because Intel doesn't include it in consumer grade chips (I made sure my laptop had it, though). I think this is going to bite Intel's ass just like the Intel GMA graphics thing did when they used a software timer and Vista Aero required a hardware timer.

"They"

[StreetStealth]

Trying to characterize the modern Sony in any meaningfully consistent way is an exercise in futility. Sony, like any major Japanese company, has always existed in a number of fairly distinct units or "silos," but in their present incarnation, they are spread across such a wide variety of markets that it's almost a coincidence they bear the same brand name.

Sony BMG, obviously, is the most consumer-unfriendly, as well as the least market-savvy. The rootkit debacle of four years ago has stayed with the tech community and poisoned its perception of the entire brand, but it's not really fair to conflate that with anything the VAIO division does -- VAIO is off in its own world from Sony BMG.

VAIO, as evidenced by this story, obviously has its own struggles, as does Sony Computer Entertainment, as does each Sony business unit in its own way. But they do not move as one.