G
Guest
Ok. Thanks!
digr said:By "full VM implementation" do you mean 1)the File and Registry
virtualization that apparently will be included in the first customer
release; 2)the per user virtualization Szwarc's talking about; or 3)the
whole
Vista operating system in a virtual environment, like I'm asking about?
Also, are 1) and 2) the same thing?
Roger Abell said:Well, I had my first briefing on Longhorn about two and a half years
ago and I have never had the impression that full VM implementation
was a planned architecture.
Pierre Szwarc said:From what was said at last year's Windows Security conference, this was
the
original intent. The planned architecture of Vista was very reminiscent
of
IBM's VM/CP. However, this isn't what was done in the current release.
Only
session zero (login and services) is separate from the user application
space.
--
Pierre Szwarc
Paris, France
PGP key ID 0x75B5779B
------------------------------------------------
Multitasking: Reading in the bathroom !
------------------------------------------------
"digr" <[email protected]> a écrit dans le message de
(e-mail address removed)...
|I know there's file and/or registry virtualization and virtual folders
in
| Vista, but is it true Microsoft originally planned on running the
whole
Vista
| operating system in a virtual environment by default as an added
security
| feature?
[snip]
implemented) hosting of the OS within another by use of software
that presents a virtual (V) machine (M) image to the hosted OS.
This is not involved with Vista.
The 1 and 2 you mention seem to be the same.
The two aspects I was differentiating are
1. intercepting write failures to disk or registry (which is done by
intercepting failures)
2. user privilege level reduction (which is done by adjusting what
is in the user token)
There is the reduction in privileges used by an account when it
logs in, and then there is the virtualization that you directly have
indicated in your post by mentioning the file/reg redirection.
Virtualization was not intended to be "the way" everything was
to be done. This was originally and always intended as a way
to intercept failures the user might otherwise experience.
The reduction of privilege on the other hand has from the
beginning been intended as a was to protect the system from
accounts that otherwise would have available more power
than necessary.
Neither of these are the sort of virtual machine implementation
that your posting envisions.
digr said:Really? I thought the reduction in privileges was part of the file/reg
virtualization. I guess I have some more reading to do. Do they work
together
though, first the reduction in privileges, then the redirection to per
user
file/reg virtualization? Maybe I should be reading more about these two
aspects instead of asking more questions, especially being the uninformed
intermediate user that I am.
Huh. But if VM for each user is the same as file/reg virtualization, as it
seems to you they are, then if Szwarc's right, running the whole Vista
operating system in a VM in or on top of a real host Vista by default
won't
be necessary, negating the need to add any further virtualization to Vista
in
the future. Isn't that right? Or am I still confused and uninformed, and
need to go read some more about the subject?