Jump to content

Windows 8 - Deeper Impressions


JorgeA

Recommended Posts

Maybe I don't understand the concept well enough, but it's always seemed to me that VMs -- like sandboxes -- are kind of pointless, at least from a security standpoint, because of these issues. You either save the stuff to permanent storage and thus you're vulnerable anyway, or else you don't save the stuff permanently and your work goes POOF when you need to start fresh.

Gentle, patient explanations befitting my abysmal ignorance will be appreciated. ;)

Yes, you are evidently NOT familiar with the concept.

A Virtual Machine resides on a Real Machine (Host).

A Virtual Machine (normally) uses a Virtual Disk Drive.

A Virtual Disk Drive (normally) resides on the Real Machine (usually in the form of a disk image, i.e. of a file, saved on the Real Machine, that represents a disk contents).

The Virtual Disk Drive Image (the file) can be accessed - through a Virtual Disk Driver - exactly if it was a Real Disk Drive from the Real Machine.

jaclaz

Link to comment
Share on other sites


Maybe I don't understand the concept well enough, but it's always seemed to me that VMs -- like sandboxes -- are kind of pointless, at least from a security standpoint, because of these issues. You either save the stuff to permanent storage and thus you're vulnerable anyway, or else you don't save the stuff permanently and your work goes POOF when you need to start fresh.

Gentle, patient explanations befitting my abysmal ignorance will be appreciated. ;)

Yes, you are evidently NOT familiar with the concept.

A Virtual Machine resides on a Real Machine (Host).

A Virtual Machine (normally) uses a Virtual Disk Drive.

A Virtual Disk Drive (normally) resides on the Real Machine (usually in the form of a disk image, i.e. of a file, saved on the Real Machine, that represents a disk contents).

The Virtual Disk Drive Image (the file) can be accessed - through a Virtual Disk Driver - exactly if it was a Real Disk Drive from the Real Machine.

Thanks, jaclaz. I had you in mind when I wrote the bit about providing "gentle, patient explanations." :)

I can follow what you wrote above. That matches pretty much my understanding of VMs.

I can also understand the usefulness of a VM if you need to run an older program that a current version of Windows can't handle. But I'm struggling to understand the benefits of a VM from a security standpoint, like I explained in my previous post:

At some point, data downloaded/processed via the Internet (e-mail, websites, PDFs, etc.) will have to be stored permanently (otherwise we're just simulating work instead of actually working). Persumably this means storing it outside the VM. If the data thus downloaded or processed (and without malware scanning we don't necessarily know WHICH data is involved so that we can remove it) turns out to be infected with malware, then aren't we infecting the "real" machine anyway? OTOH, if the data is stored only within the VM and we wipe it out to start clean when the VM goes bonkers, then aren't we losing our work (which is the point of working on a computer)?

--JorgeA

Edited by JorgeA
Link to comment
Share on other sites

But I'm struggling to understand the benefits of a VM from a security standpoint, like I explained in my previous post:

At some point, data downloaded/processed via the Internet (e-mail, websites, PDFs, etc.) will have to be stored permanently (otherwise we're just simulating work instead of actually working). Persumably this means storing it outside the VM. If the data thus downloaded or processed (and without malware scanning we don't necessarily know WHICH data is involved so that we can remove it) turns out to be infected with malware, then aren't we infecting the "real" machine anyway? OTOH, if the data is stored only within the VM and we wipe it out to start clean when the VM goes bonkers, then aren't we losing our work (which is the point of working on a computer)?

--JorgeA

Unless you actually access/mount (through a Virtual Disk Driver) the Virtual Disk it is simply a file (or if you prefer a container).

Does (say) a .zip file (a common form of compressed container) infect you machine only because it exists on your hard disk drive?

On the other hand, once the Virtual Disk Image has been mounted to a drive or mountpoint, it behaves EXACTLY as it was a "real" Disk drive, let's say (but there is not "autorun" provision for these) like if you insert in your machine a SD card or a USB stick.

Again - provided that you have not any of the stupid autorun settings - are the contents of the device "dangerous" because they exist?

But since this Virtual Disk Drive behaves like it was a "real" one, you can scan it with the same anti-virus/anti-malware solution you use for the real disks.

Of course if you are affected by dementia and start executing (double clicking) "random" .exe's, .bat's, .cmd's etc from the mounted image, and do this with the OS in the VM having no anti-virus protection and you do it before scanning the device contents fron the "Host" OS, then you have the SAME lack of security you would have if you do the same on your Real Machine.

Conversely, if you never access/mount the Virtual Disk Drive, it is like an infected SD card or USB stick that you NEVER connect to your machine (pretty much safe ;)).

http://www.theanswerbank.co.uk/Media-and-TV/Question69979.html

I would say I am exactly like a ship carrying a cargo that will never reach any port. As long as I am alive, that ship will always be at sea, so to speak

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

I don't think JorgeA was quite going here, but it's still a rider on the topic of VMs:

I feel the industry consensus, or at least what seems to be a consensus, is misguided on the topic of old operating systems and their vulnerabilities. The most common opinion I hear is that unsupported systems shouldn't be used at all due to potentially unpatched vulnerabilities. However, with obsolescence, interest in exploiting vulnerabilities goes with it. Furthermore, until the mid-2000s the primary attack vector was attacking machines attached directly to the Internet. Not only have personal routers mitigated much of the issue but the default mode of VM software is to run machines NAT-inside-NAT, which means that infections inside a VM are unlikely to spread via network.

The enduring popularity of XP may cause me to change my opinion after support ends, but I hypothesize that running behind a single NAT and avoiding IE8 will likely be enough to ensure a reasonable amount of safety with XP. Of course, XP is inferior to later systems when it comes to engaging in unsafe activity (e.g. warez), but I'm talking about "regular usage" (web browsing, word processing) and running well-established applications that may depend on XP.

Another facet of of VMs is that even with the overhead they allow a more advanced platform than would have been available at the time. Getting Windows 98 to run on anything beyond a Williamette P4 is challenging due to driver issues with chipsets, etc. but with a VM we basically get to pretend that Windows 98 supports a Core i-series platform.

Link to comment
Share on other sites

Unless you actually access/mount (through a Virtual Disk Driver) the Virtual Disk it is simply a file (or if you prefer a container).

[...]

Very good jaclaz, thanks very much for the extended explanation. It does match what I thought but wasn't certain of. (Hey, I actually understand some of this technical stuff! :D )

--JorgeA

Link to comment
Share on other sites

Also when you are on desktop there should be option to totally disable charm bar, it is totally useless and only get in way when you use desktop PC. Windows 8.1 preview there is opinion to disable upper charm bar but not lower charm bar, basically charm bar still come if you move mouse to lower corner.

Edited by Aero7x64
Link to comment
Share on other sites

Also when you are on desktop there should be option to totally disable charm bar, it is totally useless and only get in way when you use desktop PC. Windows 8.1 preview there is opinion to disable upper charm bar but not lower charm bar, basically charm bar still come if you move mouse to lower corner.

Thanks for the report!

So it looks like they fixed things in part. Another halfway measure, like reviving the Start Button but not the Start Menu.

It's still unclear whether Microsoft will eliminate (in the official 8.1 or a subsequent release) all the code that permits Tihiy's StartIsBack and other Start Menu replacements. I keep jumping back and forth between hoping that they keep that ability (because it will make Win8 easier to use) or hoping that they will eliminate it completely (further damaging the prospects for Win8's success).

--JorgeA

Link to comment
Share on other sites

All they have done really is absolute minimum to limit damages and are putting some lipstick (Windows 8.1) to fat pig ( Windows 8). Also they still believe they were right and people only need visual clue to start screen and that people are happy with flat interface and don't need start menu and full Windows Aero as options. They think this is all that is necessary and hope people will fall for this trap and buy Windows 8.1. Of course this is unlikely going to happen and Windows 8.1 will also fail and in time of Windows 9 Microsoft will likely finally understand that forcing their way doesn't work.

Link to comment
Share on other sites

On Techbroil:

How to talk with a shill

This guy would have been banned on Neowin for sure.

A corporate entity has no citizenship rights (free speach, etc.) there is no reason to tolerate it (in any way), or its PR drones, unless it's performing some useful service. [..] Corporations are not humans, their opinions have no value, same as opinions of sheep or cows (or autonomous home devices), they either provide service or are taken away.

Sign of times that such opinion would cause meltdowns on Arstechnica, Neowin and TheVerge.

Link to comment
Share on other sites

I feel the industry consensus, or at least what seems to be a consensus, is misguided on the topic of old operating systems and their vulnerabilities. The most common opinion I hear is that unsupported systems shouldn't be used at all due to potentially unpatched vulnerabilities. However, with obsolescence, interest in exploiting vulnerabilities goes with it. Furthermore, until the mid-2000s the primary attack vector was attacking machines attached directly to the Internet. Not only have personal routers mitigated much of the issue but the default mode of VM software is to run machines NAT-inside-NAT, which means that infections inside a VM are unlikely to spread via network.

Bingo. You nailed it perfectly IMHO :thumbup And their self-serving planned-obsolescence will ironically bite them in the butt here.

The enduring popularity of XP may cause me to change my opinion after support ends, but I hypothesize that running behind a single NAT and avoiding IE8 will likely be enough to ensure a reasonable amount of safety with XP. Of course, XP is inferior to later systems when it comes to engaging in unsafe activity (e.g. warez), but I'm talking about "regular usage" (web browsing, word processing) and running well-established applications that may depend on XP.

Another facet of of VMs is that even with the overhead they allow a more advanced platform than would have been available at the time. Getting Windows 98 to run on anything beyond a Williamette P4 is challenging due to driver issues with chipsets, etc. but with a VM we basically get to pretend that Windows 98 supports a Core i-series platform.

WinXP has distinct advantages over the bloat and busy-ness of Win6. I also think it gets a bad rap on the security thing ( or more precisely Vista and 7 get an unwarranted good rap ). Yes it is/was mostly ran in Admin accounts but IMHO that is where the risk ends ( unless you count MSIE ). In WinXP the kernel is doing much less work ( less services, startup and background ops ), processing per task is lower ( compare in ProcMon ), the WFP is less hostile, and there is far less obfuscation using aliases and symbolic links ( and once you are on x64 in Vista or 7 all those aliases multiply in the WOW64 mad fantasyland ). Also, the registry is smaller and there are way less files than in Win6. So bucking the prevalent views I consider Win6 a malware paradise because there are so many more places and ways to hide. What a rootkit had to do in WinXP via stealth, is now practically unnecessary on x64 Vista and 7 because they can hide in plain sight. After fixing system after system the last couple years I really believe the security for Win7 is a big fat joke right now and they will never.patch up this Rube Goldberg machine enough. They'll be busy plugging away right until the "support" runs out, machines will still get infected, and then we'll hear another round of apocalyptic FUD to upgrade to Windows 9 or 10. It's a broken record. The MicroTreadmill. Almost all of the victims are running standard user, I'm almost always on XP as admin, not only do I feel safer, but I know I am. The real difference? I am always behind a router, no AV, no MSIE browsing, and always very careful naturally.

The point about hardware that didn't even exist working on older operating systems that long preceded it via a virtual machine is a really great one. And it was probably an unexpected one, by Microsoft. This is what I was trying to get at complaining about the lack of advancement of performance gains in CPUs. If we could just double the throughput there would be no VM instance of running any OS or software that anyone could complain about. It quite likely would equal or exceed the performance of the native system in its own time period. It is very suspicious this four generations of sideways progress since the i3-i5-i7 replaced Core 2. We're getting freaking updates to USB and PCIe and new video Thunderbolt but the CPU is locked down.

One minor note about Win9x, the Williamette > Northwood > Prescott were all pretty much do-able, the latter two on the same socket. Of course an early Northwood era board might not support all Prescott revisions. Plus there were outliers, especially the big brand OEMs like Dell and Compaq always using crappy mobos, and even though they built systems in the later Prescott era they still somehow missed out on current features like the bigger L2 cache and higher frequencies ( they were just too cheap to revise the boards ). Naturally they did not continually update their BIOS. But on a performance motherboard everything was usually fine. On the crapboards, which steered you to modified chipset drivers things got dicey. Sometimes the Intel default package worked in their place though. And sometimes it was just a matter of disabling SATA to get the thing to install.. It could get complicated for sure, but it was nothing compared to the early years.

Jorge, what I wrote above is just a comment about where everyone else will likely go IMHO ( and are already going ). It's from a combination of factors: Microsoft arrogance, new crappy interface, DRM, spying scandal, endless malware attacks, weekly hacking of customer data from big corporations, and so on. Personally I don't really need to run a VM currently because my scenario is already secure. However, a favorite operating system running in a VM ( on a faster future system ) would add one extra thing I don't have - a very fast way to reset. Currently it would take probably a half hour to shut down an infected system, disconnect that HDD and connect the backup, and then load the infected as a slave, do a careful incremental update of the backup from the infected for vital files and then switch to the backup permanently. I don't ever have occasion do this mind you, but I have it carefully diagrammed in my head! Insert Boy Scout motto here. With a VM using periodic snapshots ( think of it as System Restore that works :whistle: ) it would be just a minute or two to dump the infected one and restore an earlier snapshot. But since I masochistically enjoy swapping drives and similar manual things, VMs kinda take the fun out of it for me. :lol:

Link to comment
Share on other sites

If PRISM doesn’t freak you out about cloud computing, maybe it should, says privacy expert

http://gigaom.com/2013/06/28/if-prism-doesnt-freak-you-out-about-cloud-computing-maybe-it-should-says-privacy-expert/

:whistle:

And, just for the record :angel :

http://www.montereyherald.com/local/ci_23554739/restricted-web-access-guardian-is-army-wide-officials

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

Following up on the discussion about obsolete systems, I was going to post about how the anti-XP crowd will be sorely disappointed when developers don't abandon the platform overnight. As evidence I was going to use Windows 2000, which is either still supported or was dropped only fairly recently when its usage dropped below 1%. When looking up when Firefox dropped support, which was about a year ago, I stumbled across this thread.

In it, the topic creator explains how to patch the registry and add DLLs in W2K to allow installation and usage of newer Firefox versions. I figured someone would have done something like this by now and found the information useful. I would think others would, too, but, instead, the poster gets dogpiled and vilified for deigning to operate Windows 2000. The author is a good sport about it and puts forth one reasonable argument after another as the mob moves goalposts from security to aesthetics to performance and he actually wins over a few of the overreacting commenters.

What's funny, though, are the kneejerk posters claiming that he'll be part of a botnet any day now. The guy is part of a community that hacks installers and backports security patches from XP. He's clearly already done a far deeper risk analysis than any of them and it should be obvious he knows what he's doing.

So when did this vilification of older systems start? I don't remember it being around past a few years ago. Sure, people were gently ribbed for holding onto DOS, Windows 3, and Mac OS Classic, but I don't recall the aggressive advocacy to drop stuff that is working after the user explained his case. Another user joins the thread and says he was dogpiled even worse. I didn't read that thread, and it didn't link properly from the forum but after reformatting the URL I got it to work.

When I worked as a field tech I was still coming across NT4 machines a few years after support dropped, and I'm pretty sure its market share was higher than 2000's at the same point in the life cycle but could be wrong about that. I don't remember NT4 being an IT pariah but maybe it was and I didn't notice.

It would be fun to setup Windows XP RTM and attempt to avoid infection. IE6 would need to be avoided. The biggest challenge would be bypassing the SP1 and SP2 checks on software, but that can be backported (forward-ported?) from the 2000 knowledge base. I have a feeling that once Chrome or Firefox is in place, it won't be a big deal. Office 2003 should work even without SP1 installed, but the service packs and 2007 converters do have SP2 checks.

Link to comment
Share on other sites

So when did this vilification of older systems start? I don't remember it being around past a few years ago. Sure, people were gently ribbed for holding onto DOS, Windows 3, and Mac OS Classic, but I don't recall the aggressive advocacy to drop stuff that is working after the user explained his case. Another user joins the thread and says he was dogpiled even worse. I didn't read that thread, and it didn't link properly from the forum but after reformatting the URL I got it to work.

When I worked as a field tech I was still coming across NT4 machines a few years after support dropped, and I'm pretty sure its market share was higher than 2000's at the same point in the life cycle but could be wrong about that. I don't remember NT4 being an IT pariah but maybe it was and I didn't notice.

It wasn't.

Dictatorship and cultic worship of vendors is very en vogue nowadays in IT circles. Just look at the metrotards and their "my way or the highway" attitude. Think the Firefox thread is bad? Here's a really retarded example:

Some months ago I bought for cheap the game "Dawn of War: Soulstorm". It's a few years old, but I can remember that the predecessor had a function which kept the bases on the metamap in the regions alive, which you had already conquered. This functionality was missing in Soulstorm. I went to their forums and found this old thread where people noticed the same thing and wished the function would return, at least as an option. The drama and abuse towards the "complainers" is something to behold. "How dare you to want an option! I like it now as it is, my way or the highway! Be grateful the company even made the game!". The attitude is quite metrotastic in that thread. All this emotion, abuse and whoring over a frigging game!

This industry is getting seriously deranged.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...