If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
A lot has been written about the end of security updates for Windows XP,
and the possible (or likely, depending on who you ask) security risks if you continue to use XP. It is also claimed that if you run a Virtual XP system under W7, this is vulnerable unless you prevent it connecting to the internet. As many people will know, if you set up a virtual XP system and install applications within it, those applications can subsequently be run as "XP Mode Applications" within W7 rather than loading the entire virtual machine. Anyone know whether there's any difference in potential vulnerability between these two ways of running XP apps? -- Cheers, Roger ____________ Please reply to Newsgroup. Whilst email address is valid, it is seldom checked. |
Ads |
#2
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
I am of the opinion, and this is purely my view, that xp and other flavours
of windows are no more or less vulnerable given some sensible precautions. IE do not do daft things. The XP updates thus far must have closed almost all the holes in the time they have been running. If holes exist in third party software, they probably also exist in the same software run on other flavours of Windows too. it has long been obvious that a lot of the security issues are courtesy of third party apps and drivers etc, so I treat everything as suspect and after I have run anything that has done something strange I throw all the diagnostic and anti malware stuff at it I can find just to be sure as I can. Brian -- From the Sofa of Brian Gaff Reply address is active "Roger Mills" wrote in message ... A lot has been written about the end of security updates for Windows XP, and the possible (or likely, depending on who you ask) security risks if you continue to use XP. It is also claimed that if you run a Virtual XP system under W7, this is vulnerable unless you prevent it connecting to the internet. As many people will know, if you set up a virtual XP system and install applications within it, those applications can subsequently be run as "XP Mode Applications" within W7 rather than loading the entire virtual machine. Anyone know whether there's any difference in potential vulnerability between these two ways of running XP apps? -- Cheers, Roger ____________ Please reply to Newsgroup. Whilst email address is valid, it is seldom checked. |
#3
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
Roger Mills wrote:
A lot has been written about the end of security updates for Windows XP, and the possible (or likely, depending on who you ask) security risks if you continue to use XP. It is also claimed that if you run a Virtual XP system under W7, this is vulnerable unless you prevent it connecting to the internet. As many people will know, if you set up a virtual XP system and install applications within it, those applications can subsequently be run as "XP Mode Applications" within W7 rather than loading the entire virtual machine. Anyone know whether there's any difference in potential vulnerability between these two ways of running XP apps? Good point. I agree with the "likely" rather than "possible" claims. Just count all the Win7 updates of the variety "to plug a security hole that has been found in I.E. or PDF etc." And then realize that similar updates currently apply to XP as well. That's the danger. And currently both Win7's virtual XP and the third party virtual machines are exposed to that danger. And the danger will increase unless the suppliers do something about it. And what can they do about it? All I can think of is front-ending them with something to eliminate the perils; and that would simply be something that has been consistently updated. Which is a non-starter! Ed |
#4
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
Roger Mills wrote:
A lot has been written about the end of security updates for Windows XP, and the possible (or likely, depending on who you ask) security risks if you continue to use XP. It is also claimed that if you run a Virtual XP system under W7, this is vulnerable unless you prevent it connecting to the internet. As many people will know, if you set up a virtual XP system and install applications within it, those applications can subsequently be run as "XP Mode Applications" within W7 rather than loading the entire virtual machine. Anyone know whether there's any difference in potential vulnerability between these two ways of running XP apps? WinXP Mode, is a virtual machine, using Terminal Services for display. That allows a rootless window to be displayed, when an application is run. In all cases, this part is a constant. It always does this. It's standard virtual machine technology. The WinXP OS is running, the whole OS. Otherwise, if the OS wasn't running, it couldn't offer "services" to the WinXP Mode program you're trying to run. Windows 7 Pro (host) | Windows Virtual PC | WinXP Mode (guest OS, activated) If you were to run it that way, as in that diagram, WinXP would display in a rectangular window, and present a fully decorated desktop within the rectangle. If, on the other hand, the WinXP Mode opens a single application in rootless mode, that uses Terminal Services. In this case, no fully decorated desktop need appear. This is the innovation that was brought to the table specifically for the Windows 7 introduction. Windows 7 Pro (host) +------- rootless window | | Windows Virtual PC | (Terminal | | Services) WinXP Mode (guest OS, activated) ----+ So from a malware perspective, I don't see the exposure issues changing at all, between the two diagrams. If you operated a web browser inside WinXP, or if you downloaded applications (.exe) straight into the WinXP Mode guest, then you'd be very exposed (if no AV was running in there too). You need an AV program for each. Windows 7 Pro (host) ---- Run an AV program in here | Windows Virtual PC | WinXP Mode (guest OS, activated) --- Run an AV program in here That would give some measure of protection. My MacOSX Macintosh had a mode of operation like this, and how that one worked, is the MacOS guest would start automatically, if you double-clicked a MacOS program icon. And at some point, if the guest OS was idle (no programs loaded), the virtual guest machine could be shut down for you automatically. I don't know any of the details of what triggers WinXP Mode VM OS to start or to stop. Or whether the user controls that manually. Windows Virtual PC should have controls available, to put the VM to sleep, to just halt it (ACPI "power button" event), and so on. I can't run WinXP Mode here, because my laptop only has Home Premium. When I ran Windows 7 Pro in a VM, and attempted to run WinXP Mode on top of that, that failed miserably. Too many VMs apparently. My test setup looked like this :-) For some kinds of more naive virtual machine technologies, you can build big stacks like this. WinXP SP3 (host) | VPC2007 | Windows 7 Pro (guest) | Windows Virtual PC | WinXP Mode (guest of a guest) Not really a surprise that it failed, but I had to give it a try anyway. Paul |
#5
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
On 20/04/2014 16:19, Roger Mills wrote:
A lot has been written about the end of security updates for Windows XP, and the possible (or likely, depending on who you ask) security risks if you continue to use XP. It is also claimed that if you run a Virtual XP system under W7, this is vulnerable unless you prevent it connecting to the internet. As many people will know, if you set up a virtual XP system and install applications within it, those applications can subsequently be run as "XP Mode Applications" within W7 rather than loading the entire virtual machine. In reality the XP mode does load the entire virtual machine - it just avoids displaying the whole desktop in a window... Anyone know whether there's any difference in potential vulnerability between these two ways of running XP apps? Yes and no. None of the current known vulnerabilities exist by simply allowing a XP machine on the internal LAN. If it never tries to reach out to the net[1], then most of the likely avenues for compromise will be blocked. So a fully patched XP SP3 VM, on which you never run an email client, or browser, have no web style plugins for any of the usual infection vectors etc should be pretty secure just running a single application for which you have no modern equal. Its a more doubtful risk if you want to run old software that accesses the web. So in summary, at this stage, it mostly comes down to what applications you need to run. [1] Note that XP is quite 'net happy and will go hunting for stuff on the net without much provocation -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#6
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
Paul wrote:
Roger Mills wrote: A lot has been written about the end of security updates for Windows XP, and the possible (or likely, depending on who you ask) security risks if you continue to use XP. It is also claimed that if you run a Virtual XP system under W7, this is vulnerable unless you prevent it connecting to the internet. As many people will know, if you set up a virtual XP system and install applications within it, those applications can subsequently be run as "XP Mode Applications" within W7 rather than loading the entire virtual machine. Anyone know whether there's any difference in potential vulnerability between these two ways of running XP apps? WinXP Mode, is a virtual machine, using Terminal Services for display. That allows a rootless window to be displayed, when an application is run. In all cases, this part is a constant. It always does this. It's standard virtual machine technology. The WinXP OS is running, the whole OS. Otherwise, if the OS wasn't running, it couldn't offer "services" to the WinXP Mode program you're trying to run. Windows 7 Pro (host) | Windows Virtual PC | WinXP Mode (guest OS, activated) If you were to run it that way, as in that diagram, WinXP would display in a rectangular window, and present a fully decorated desktop within the rectangle. If, on the other hand, the WinXP Mode opens a single application in rootless mode, that uses Terminal Services. In this case, no fully decorated desktop need appear. This is the innovation that was brought to the table specifically for the Windows 7 introduction. Windows 7 Pro (host) +------- rootless window | | Windows Virtual PC | (Terminal | | Services) WinXP Mode (guest OS, activated) ----+ So from a malware perspective, I don't see the exposure issues changing at all, between the two diagrams. If you operated a web browser inside WinXP, or if you downloaded applications (.exe) straight into the WinXP Mode guest, then you'd be very exposed (if no AV was running in there too). You need an AV program for each. Windows 7 Pro (host) ---- Run an AV program in here | Windows Virtual PC | WinXP Mode (guest OS, activated) --- Run an AV program in here That would give some measure of protection. My MacOSX Macintosh had a mode of operation like this, and how that one worked, is the MacOS guest would start automatically, if you double-clicked a MacOS program icon. And at some point, if the guest OS was idle (no programs loaded), the virtual guest machine could be shut down for you automatically. I don't know any of the details of what triggers WinXP Mode VM OS to start or to stop. Or whether the user controls that manually. Windows Virtual PC should have controls available, to put the VM to sleep, to just halt it (ACPI "power button" event), and so on. I can't run WinXP Mode here, because my laptop only has Home Premium. When I ran Windows 7 Pro in a VM, and attempted to run WinXP Mode on top of that, that failed miserably. Too many VMs apparently. My test setup looked like this :-) For some kinds of more naive virtual machine technologies, you can build big stacks like this. WinXP SP3 (host) | VPC2007 | Windows 7 Pro (guest) | Windows Virtual PC | WinXP Mode (guest of a guest) Not really a surprise that it failed, but I had to give it a try anyway. Paul Now, I should have thought of trying that a couple of years ago when I was into virtual machines. And, in case you think I'm kidding, I'm not. It's the sort of pushing things to the limit that used to drive me. Ed |
#7
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
On Sun, 20 Apr 2014 20:53:28 +0100, Ed Cryer
wrote: Paul wrote: Roger Mills wrote: [Virtual machine stacking] For some kinds of more naive virtual machine technologies, you can build big stacks like this. WinXP SP3 (host) | VPC2007 | Windows 7 Pro (guest) | Windows Virtual PC | WinXP Mode (guest of a guest) Not really a surprise that it failed, but I had to give it a try anyway. Paul Now, I should have thought of trying that a couple of years ago when I was into virtual machines. And, in case you think I'm kidding, I'm not. It's the sort of pushing things to the limit that used to drive me. Ed This was considered/done way back when Virtual Machine meant IBM VM/CMS; running separate 370 VMs (fu set to afu,awg) -- It's a money /life balance. |
#8
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
Stanley Daniel de Liver wrote:
On Sun, 20 Apr 2014 20:53:28 +0100, Ed Cryer wrote: Paul wrote: Roger Mills wrote: [Virtual machine stacking] For some kinds of more naive virtual machine technologies, you can build big stacks like this. WinXP SP3 (host) | VPC2007 | Windows 7 Pro (guest) | Windows Virtual PC | WinXP Mode (guest of a guest) Not really a surprise that it failed, but I had to give it a try anyway. Paul Now, I should have thought of trying that a couple of years ago when I was into virtual machines. And, in case you think I'm kidding, I'm not. It's the sort of pushing things to the limit that used to drive me. Ed This was considered/done way back when Virtual Machine meant IBM VM/CMS; running separate 370 VMs (fu set to afu,awg) ICL had their VME. But the question here is of a VM being run inside a VM. Ed |
#9
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
Roger Mills wrote:
A lot has been written about the end of security updates for Windows XP, and the possible (or likely, depending on who you ask) security risks if you continue to use XP. It is also claimed that if you run a Virtual XP system under W7, this is vulnerable unless you prevent it connecting to the internet. It may be, but if you have a VM framework you should be able to have some image file that represents the whole XP machine and its necessary disk(s), and you should be able to recreate that instance of XP running in a virtual machine from that image repeatedly. So if something destroys a running virtual XP you should be able to go back to a prior version and run it again, and again... -- Jeremy C B Nicoll - my opinions are my own. Email sent to my from-address will be deleted. Instead, please reply to replacing "aaa" by "284". |
#10
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
On 20/04/2014 20:53, Ed Cryer wrote:
Now, I should have thought of trying that a couple of years ago when I was into virtual machines. And, in case you think I'm kidding, I'm not. It's the sort of pushing things to the limit that used to drive me. I seem to recall trying something similar some 25+ years ago... for our uni final project we developed a software processor emulator targeted on a Prime mini computer, which let you run 6502 machine code on it (and included an machine language monitor to give it a usable interface plus a small set of emulated system calls for IO etc). ISTR it achieved a performance of a reasonable fraction of that of the common home micros of the day when running on the mini. I recompiled it in Turbo Pascal 3 so that it could run under DOS. Shortly after I got my first Amiga and then a package called Transformer which was a software emulator of a PC-XT on the miggy. So tried a stack of 7MHz 68K based machine emulating a 8088 based PC, in turn running the 6502 emulator. It worked quite nicely, but had an effective clock speed that was probably in the 100s to low 1000s of Hz rather than MHz! -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#11
|
|||
|
|||
XP Mode in W7 [OT response)
On Sun, 20 Apr 2014 16:19:51 +0100, Roger Mills
wrote: Anyone know whether there's any difference in potential vulnerability between these two ways of running XP apps? Ruminations.... We used to have "programs" to make our computers do desirable things. Those who wrote them were called "programmers." Now we only seem to have "apps" (applications). What are those who write these called? Applicators? Applicians? Do colleges teach applicating? -dan z- -- Protect your civil rights! Let the politicians know how you feel. Join or donate to the NRA today! http://membership.nrahq.org/default....ignid=XR014887 Gun control is like trying to reduce drunk driving by making it tougher for sober people to own cars. |
#12
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
On 20/04/2014 16:39, Brian Gaff wrote:
I am of the opinion, and this is purely my view, that xp and other flavours of windows are no more or less vulnerable given some sensible precautions. IE do not do daft things. The XP updates thus far must have closed almost all the holes in the time they have been running. If holes exist in third party software, they probably also exist in the same software run on other flavours of Windows too. it has long been obvious that a lot of the security issues are courtesy of third party apps and drivers etc, so I treat everything as suspect and after I have run anything that has done something strange I throw all the diagnostic and anti malware stuff at it I can find just to be sure as I can. Brian I agree. Don't surf the net in XP mode, especially not with Internet Explorer. Don't run stuff you just downloaded from the net in XP mode. Don't read PDF files from the net in Adobe reader in XP mode. And hey presto you're pretty damn safe. -- Brian Gregory (in the UK). To email me please remove all the letter vee from my email address. |
#13
|
|||
|
|||
XP Mode in W7 [OT response)
On 21/04/14 12:06, slate_leeper wrote:
On Sun, 20 Apr 2014 16:19:51 +0100, Roger Mills wrote: Anyone know whether there's any difference in potential vulnerability between these two ways of running XP apps? Ruminations.... We used to have "programs" to make our computers do desirable things. Those who wrote them were called "programmers." Now we only seem to have "apps" (applications). What are those who write these called? Applicators? Applicians? Do colleges teach applicating? Incubating. Incubators. Apps are things of business, they may hire developers but ye need the rest of the shebang; roles like marketing and R&D. And someone at the top to publicly take all the credit (and money). -- Adrian C |
#14
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
On 21/04/2014 10:57, Huge wrote:
On 2014-04-21, John Rumm wrote: On 20/04/2014 20:53, Ed Cryer wrote: Now, I should have thought of trying that a couple of years ago when I was into virtual machines. And, in case you think I'm kidding, I'm not. It's the sort of pushing things to the limit that used to drive me. I seem to recall trying something similar some 25+ years ago... for our uni final project we developed a software processor emulator targeted on a Prime mini computer, which let you run 6502 machine code on it (and included an machine language monitor to give it a usable interface plus a small set of emulated system calls for IO etc). ISTR it achieved a performance of a reasonable fraction of that of the common home micros of the day when running on the mini. I recompiled it in Turbo Pascal 3 so that it could run under DOS. Shortly after I got my first Amiga and then a package called Transformer which was a software emulator of a PC-XT on the miggy. So tried a stack of 7MHz 68K based machine emulating a 8088 based PC, in turn running the 6502 emulator. It worked quite nicely, but had an effective clock speed that was probably in the 100s to low 1000s of Hz rather than MHz! Blimey, reminds me of a colleague who wrote a LISP interpreter in MUMPS. That ran a tad slowly, too. I might try rebuilding it under Lazerus and seeing how it runs on a modern 64 bit platform... I expect it will now be orders of magnitude faster than the real processor ;-) -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#15
|
|||
|
|||
XP Mode in W7 [OT in uk.d-i-y]
Roger Mills presented the following explanation :
A lot has been written about the end of security updates for Windows XP, and the possible (or likely, depending on who you ask) security risks if you continue to use XP. It is also claimed that if you run a Virtual XP system under W7, this is vulnerable unless you prevent it connecting to the internet. No more or less than any other XP system As many people will know, if you set up a virtual XP system and install applications within it, those applications can subsequently be run as "XP Mode Applications" within W7 rather than loading the entire virtual machine. You're still loading th entire virtual machine. "XP Mode Applications" just refers to how one interacts (the applications appear as if they are running on Windows 7 rather than using XP directly in a window and running the apps within that XP window). Anyone know whether there's any difference in potential vulnerability between these two ways of running XP apps? No difference other than you are less likely to do "dumb" things. Using it in the XP mode fashion you will less likely use the XP browser to surf the web thus eliminating that as an attack vector. |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|