XP Mode in W7 [OT in uk.d-i-y]

A lot has been written about the end of security updates for Windows XP, and the possible (or likely, depending on who you ask) security risks if you continue to use XP.

It is also claimed that if you run a Virtual XP system under W7, this is vulnerable unless you prevent it connecting to the internet.

As many people will know, if you set up a virtual XP system and install applications within it, those applications can subsequently be run as "XP Mode Applications" within W7 rather than loading the entire virtual machine.

Anyone know whether there's any difference in potential vulnerability between these two ways of running XP apps?

Reply to
Roger Mills
Loading thread data ...

I am of the opinion, and this is purely my view, that xp and other flavours of windows are no more or less vulnerable given some sensible precautions. IE do not do daft things. The XP updates thus far must have closed almost all the holes in the time they have been running. If holes exist in third party software, they probably also exist in the same software run on other flavours of Windows too. it has long been obvious that a lot of the security issues are courtesy of third party apps and drivers etc, so I treat everything as suspect and after I have run anything that has done something strange I throw all the diagnostic and anti malware stuff at it I can find just to be sure as I can. Brian

Reply to
Brian Gaff

Good point. I agree with the "likely" rather than "possible" claims. Just count all the Win7 updates of the variety "to plug a security hole that has been found in I.E. or PDF etc." And then realize that similar updates currently apply to XP as well. That's the danger.

And currently both Win7's virtual XP and the third party virtual machines are exposed to that danger. And the danger will increase unless the suppliers do something about it.

And what can they do about it? All I can think of is front-ending them with something to eliminate the perils; and that would simply be something that has been consistently updated. Which is a non-starter!

Ed

Reply to
Ed Cryer

WinXP Mode, is a virtual machine, using Terminal Services for display. That allows a rootless window to be displayed, when an application is run.

In all cases, this part is a constant. It always does this. It's standard virtual machine technology. The WinXP OS is running, the whole OS. Otherwise, if the OS wasn't running, it couldn't offer "services" to the WinXP Mode program you're trying to run.

Windows 7 Pro (host) | Windows Virtual PC | WinXP Mode (guest OS, activated)

If you were to run it that way, as in that diagram, WinXP would display in a rectangular window, and present a fully decorated desktop within the rectangle.

If, on the other hand, the WinXP Mode opens a single application in rootless mode, that uses Terminal Services. In this case, no fully decorated desktop need appear. This is the innovation that was brought to the table specifically for the Windows 7 introduction.

Windows 7 Pro (host) +-------> rootless window | | Windows Virtual PC | (Terminal | | Services) WinXP Mode (guest OS, activated) ----+

So from a malware perspective, I don't see the exposure issues changing at all, between the two diagrams. If you operated a web browser inside WinXP, or if you downloaded applications (.exe) straight into the WinXP Mode guest, then you'd be very exposed (if no AV was running in there too).

You need an AV program for each.

Windows 7 Pro (host)

Reply to
Paul

In reality the XP mode does load the entire virtual machine - it just avoids displaying the whole desktop in a window...

Yes and no. None of the current known vulnerabilities exist by simply allowing a XP machine on the internal LAN. If it never tries to reach out to the net[1], then most of the likely avenues for compromise will be blocked. So a fully patched XP SP3 VM, on which you never run an email client, or browser, have no web style plugins for any of the usual infection vectors etc should be pretty secure just running a single application for which you have no modern equal. Its a more doubtful risk if you want to run old software that accesses the web.

So in summary, at this stage, it mostly comes down to what applications you need to run.

[1] Note that XP is quite 'net happy and will go hunting for stuff on the net without much provocation
Reply to
John Rumm

Now, I should have thought of trying that a couple of years ago when I was into virtual machines. And, in case you think I'm kidding, I'm not. It's the sort of pushing things to the limit that used to drive me.

Ed

Reply to
Ed Cryer

[Virtual machine stacking]

This was considered/done way back when Virtual Machine meant IBM VM/CMS; running separate 370 VMs (fu set to afu,awg)

Reply to
Stanley Daniel de Liver

It may be, but if you have a VM framework you should be able to have some image file that represents the whole XP machine and its necessary disk(s), and you should be able to recreate that instance of XP running in a virtual machine from that image repeatedly. So if something destroys a running virtual XP you should be able to go back to a prior version and run it again, and again...

Reply to
Jeremy Nicoll - news posts

I seem to recall trying something similar some 25+ years ago... for our uni final project we developed a software processor emulator targeted on a Prime mini computer, which let you run 6502 machine code on it (and included an machine language monitor to give it a usable interface plus a small set of emulated system calls for IO etc). ISTR it achieved a performance of a reasonable fraction of that of the common home micros of the day when running on the mini.

I recompiled it in Turbo Pascal 3 so that it could run under DOS. Shortly after I got my first Amiga and then a package called Transformer which was a software emulator of a PC-XT on the miggy. So tried a stack of 7MHz 68K based machine emulating a 8088 based PC, in turn running the

6502 emulator. It worked quite nicely, but had an effective clock speed that was probably in the 100s to low 1000s of Hz rather than MHz!
Reply to
John Rumm

Blimey, reminds me of a colleague who wrote a LISP interpreter in MUMPS. That ran a tad slowly, too.

Reply to
Huge

If I need to do anything, er, dodgy, on the net, I do it from a clone of a VM which I delete once I've finished.

Reply to
Huge

Ruminations....

We used to have "programs" to make our computers do desirable things. Those who wrote them were called "programmers."

Now we only seem to have "apps" (applications). What are those who write these called? Applicators? Applicians? Do colleges teach applicating?

-dan z-

Reply to
slate_leeper

Developers. Now that film is more-or-less gone, the word needs a new home.

Reply to
Huge

I agree. Don't surf the net in XP mode, especially not with Internet Explorer. Don't run stuff you just downloaded from the net in XP mode. Don't read PDF files from the net in Adobe reader in XP mode. And hey presto you're pretty damn safe.

Reply to
Brian Gregory

Incubating. Incubators.

Apps are things of business, they may hire developers but ye need the rest of the shebang; roles like marketing and R&D. And someone at the top to publicly take all the credit (and money).

Reply to
Adrian C

I might try rebuilding it under Lazerus and seeing how it runs on a modern 64 bit platform... I expect it will now be orders of magnitude faster than the real processor ;-)

Reply to
John Rumm

Roger Mills presented the following explanation :

No more or less than any other XP system

You're still loading th entire virtual machine. "XP Mode Applications" just refers to how one interacts (the applications appear as if they are running on Windows 7 rather than using XP directly in a window and running the apps within that XP window).

No difference other than you are less likely to do "dumb" things. Using it in the XP mode fashion you will less likely use the XP browser to surf the web thus eliminating that as an attack vector.

Reply to
Seth

One thing to check, speaking from my experience designing images for MEDV (MEDV is MIcrosoft Enterprise Desktop Virtualization, the corporate version of XP-Mode) is how the disk is arranged on the host. With MEDV the deployed image is a static image and any changes from the first time it is booted up (FTS, First Time Setup) as well as applications installed after that and data and settings are written to a differencing disk (a 2nd VHD file). In MEDV there is a reset command )c:\program files\microsoft enterprise desktop virtualiation\medvhost.exe /resetworkspace) that essintially powers down the VM, kills the differencing disk, and then relaunches the VM causing FTS to run again.

That would be great for the use-case you describe above.

Reply to
Seth

For some reason, I was slightly saddened when I discovered a PDP11 emulator that ran faster than a "real" PDP11.

Reply to
Huge

The VAX one runs faster than a VAX!

and doesn't do badly at all on a Galaxy S2...

Reply to
Bob Eager

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.