Updated 26 May, 2012, 4:18 pm IST

Microsoft Makes Adopting Vista Tough

24 Feb, 2007, 12:01 pm IST | by AP |

The least-expensive versions of Vista actually would work in virtualization programs. But Microsoft wants to restrict it because of new security holes spawned by the technology, according to Scott Woodgate, a director in Microsoft's Vista team.

Lately Intel and rival chip-maker Advanced Micro Devices Inc. have built virtualization-friendly hooks directly into microprocessors. The goal was to make virtualization work better, but Woodgate argues that the move created a security flaw — essentially that malicious programs can run undetected alongside an operating system.

Indeed, last year a security analyst showed how AMD chips with virtualization support made computers vulnerable to such an attack. (That researcher, Joanna Rutkowska, said she presumed it would work on Intel-based systems as well, but she didn't have time to try).

AMD challenged the feasibility of such an attack and said virtualization did not decrease computer security. Intel concurred; spokesman Bill Calder called Rutkowska's claims ''overstated.''

But Microsoft took notice. Woodgate said Microsoft considered banning virtualizing Vista entirely, on all versions. But ultimately, he said, his team decided that the most technically savvy users, or people in companies with tech support, probably could handle Vista in virtualization programs, while home users should be steered away.

The prohibition applies not only to third-party virtualization products like Parallels, but also to Microsoft's own Virtual PC software, which is available as a free download. (It does not apply to Apple's Boot Camp product, which is not virtualization software.)

''We're balancing security and customer choice,'' Woodgate said.

However, there doesn't seem to be much evidence that technically savvy people wouldn't want the less expensive versions of Vista. Rudolph at Parallels said virtualization customers often just need the most basic version of Windows possible to let some favored application run.

Plus, even though Microsoft will let virtualization products run the higher-priced versions of Vista, some powerful features in those editions are also forbidden in virtualization. The license agreement prohibits virtualization programs from using Vista's BitLocker data-encryption service or from playing music, video or other content wrapped in Microsoft's copyright-protection technology. Microsoft says virtualization's security holes make those features dangerous as well.

Rudolph believes many users will be so confused that they avoid Vista altogether.

Of course, that's Microsoft's decision to make, and it seems logical if you buy the security argument.

But not everyone agrees a virtualization lockdown is justified. In fact, virtualization has been considered a security enhancement. If applications run within their own walls, malicious code can be confined to that zone and not infect the rest of the computer.

''Nobody's complained to us that there's security issues with our products,'' said Srinivas Krishnamurti, director of product management at EMC Corp. unit VMWare, which plans to release a product for Macs this summer.

In a statement e-mailed after the interview, Krishnamurti added: ''The Vista licensing limitation is akin to the industry saying, 'Hey, consumer, when you connect your PC to the Internet, there is a chance you can download adware, spyware or malware so we don't think you should connect to the Internet using a browser.' The world would be a very different place if the industry made that decision in the '90s.''

Rudolph acknowledged that ''there's always going to be a security risk in any piece of software.'' But he added that if Parallels ''was really not that secure, we would have heard about it substantially.''

And even Rutkowska, who argued that her virtualization attack last year — which she called ''Blue Pill'' — proved a glaring weakness in the technology, said Microsoft's decision regarding Vista would make no difference. ''I really don't see how Microsoft could use this mechanism to prevent Blue Pill from loading,'' she said.

Apple would not take a position: Spokeswoman Lynn Fox said Mac users who want to run Windows in virtualized programs should ask the virtualization vendors about security.

Michael Cherry, an analyst with Directions on Microsoft, said virtualization may indeed introduce new complexities and security challenges. ''But they're not greater than the technical issues surrounding some of the other features (Microsoft) decided to include,'' he said. ''I don't buy that virtualization is dangerous.''

Cherry believes what's really going on is that Microsoft wanted to create more differences between the multiple editions of Vista, presumably giving people more reason to buy the most expensive versions.

But Microsoft's Woodgate insisted that this was not a marketing decision.

''We are absolutely working with our partners to resolve this security issue,'' he said.