XP Mode in W7 [OT in uk.d-i-y]

A lot has been written about the end of security updates for Windows XP,
and the possible (or likely, depending on who you ask) security risks if
you continue to use XP.

It is also claimed that if you run a Virtual XP system under W7, this is
vulnerable unless you prevent it connecting to the internet.

As many people will know, if you set up a virtual XP system and install
applications within it, those applications can subsequently be run as
"XP Mode Applications" within W7 rather than loading the entire virtual
machine.

Anyone know whether there's any difference in potential vulnerability
between these two ways of running XP apps?
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

I am of the opinion, and this is purely my view, that xp and other flavours
of windows are no more or less vulnerable given some sensible precautions.
IE do not do daft things. The XP updates thus far must have closed almost
all the holes in the time they have been running. If holes exist in third
party software, they probably also exist in the same software run on other
flavours of Windows too.
it has long been obvious that a lot of the security issues are courtesy of
third party apps and drivers etc, so I treat everything as suspect and after
I have run anything that has done something strange I throw all the
diagnostic and anti malware stuff at it I can find just to be sure as I
can.
Brian

--
From the Sofa of Brian Gaff Reply address is active
"Roger Mills" wrote in message
...
A lot has been written about the end of security updates for Windows XP,
and the possible (or likely, depending on who you ask) security risks if
you continue to use XP.

It is also claimed that if you run a Virtual XP system under W7, this is
vulnerable unless you prevent it connecting to the internet.

As many people will know, if you set up a virtual XP system and install
applications within it, those applications can subsequently be run as "XP
Mode Applications" within W7 rather than loading the entire virtual
machine.

Anyone know whether there's any difference in potential vulnerability
between these two ways of running XP apps?
--
Cheers,
Roger
____________
Please reply to Newsgroup. Whilst email address is valid, it is seldom
checked.

Roger Mills wrote:
A lot has been written about the end of security updates for Windows XP,
and the possible (or likely, depending on who you ask) security risks if
you continue to use XP.

It is also claimed that if you run a Virtual XP system under W7, this is
vulnerable unless you prevent it connecting to the internet.

As many people will know, if you set up a virtual XP system and install
applications within it, those applications can subsequently be run as
"XP Mode Applications" within W7 rather than loading the entire virtual
machine.

Anyone know whether there's any difference in potential vulnerability
between these two ways of running XP apps?

Good point.
I agree with the "likely" rather than "possible" claims.
Just count all the Win7 updates of the variety "to plug a security hole
that has been found in I.E. or PDF etc."
And then realize that similar updates currently apply to XP as well.
That's the danger.

And currently both Win7's virtual XP and the third party virtual
machines are exposed to that danger. And the danger will increase unless
the suppliers do something about it.

And what can they do about it?
All I can think of is front-ending them with something to eliminate the
perils; and that would simply be something that has been consistently
updated. Which is a non-starter!

Ed

Roger Mills wrote:
A lot has been written about the end of security updates for Windows XP,
and the possible (or likely, depending on who you ask) security risks if
you continue to use XP.

It is also claimed that if you run a Virtual XP system under W7, this is
vulnerable unless you prevent it connecting to the internet.

As many people will know, if you set up a virtual XP system and install
applications within it, those applications can subsequently be run as
"XP Mode Applications" within W7 rather than loading the entire virtual
machine.

Anyone know whether there's any difference in potential vulnerability
between these two ways of running XP apps?

WinXP Mode, is a virtual machine, using Terminal Services for display.
That allows a rootless window to be displayed, when an application
is run.

In all cases, this part is a constant. It always does this. It's
standard virtual machine technology. The WinXP OS is running,
the whole OS. Otherwise, if the OS wasn't running, it couldn't
offer "services" to the WinXP Mode program you're trying to run.

Windows 7 Pro (host)
|
Windows Virtual PC
|
WinXP Mode (guest OS, activated)

If you were to run it that way, as in that diagram, WinXP would display
in a rectangular window, and present a fully decorated desktop within
the rectangle.

If, on the other hand, the WinXP Mode opens a single application
in rootless mode, that uses Terminal Services. In this case,
no fully decorated desktop need appear. This is the innovation
that was brought to the table specifically for the Windows 7 introduction.

Windows 7 Pro (host) +------- rootless window
| |
Windows Virtual PC | (Terminal
| | Services)
WinXP Mode (guest OS, activated) ----+

So from a malware perspective, I don't see the exposure issues
changing at all, between the two diagrams. If you operated
a web browser inside WinXP, or if you downloaded applications (.exe)
straight into the WinXP Mode guest, then you'd be very exposed
(if no AV was running in there too).

You need an AV program for each.

Windows 7 Pro (host) ---- Run an AV program in here
|
Windows Virtual PC
|
WinXP Mode (guest OS, activated) --- Run an AV program in here

That would give some measure of protection.

My MacOSX Macintosh had a mode of operation like this, and
how that one worked, is the MacOS guest would start automatically,
if you double-clicked a MacOS program icon. And at some point,
if the guest OS was idle (no programs loaded), the virtual guest
machine could be shut down for you automatically. I don't know
any of the details of what triggers WinXP Mode VM OS to start
or to stop. Or whether the user controls that manually.
Windows Virtual PC should have controls available, to put
the VM to sleep, to just halt it (ACPI "power button" event),
and so on.

I can't run WinXP Mode here, because my laptop only has
Home Premium.

When I ran Windows 7 Pro in a VM, and attempted
to run WinXP Mode on top of that, that failed miserably. Too
many VMs apparently. My test setup looked like this :-)
For some kinds of more naive virtual machine technologies,
you can build big stacks like this.

WinXP SP3 (host)
|
VPC2007
|
Windows 7 Pro (guest)
|
Windows Virtual PC
|
WinXP Mode (guest of a guest)

Not really a surprise that it failed, but I had to give
it a try anyway.

Paul

On 20/04/2014 16:19, Roger Mills wrote:

A lot has been written about the end of security updates for Windows XP,
and the possible (or likely, depending on who you ask) security risks if
you continue to use XP.

It is also claimed that if you run a Virtual XP system under W7, this is
vulnerable unless you prevent it connecting to the internet.

As many people will know, if you set up a virtual XP system and install
applications within it, those applications can subsequently be run as
"XP Mode Applications" within W7 rather than loading the entire virtual
machine.

In reality the XP mode does load the entire virtual machine - it just
avoids displaying the whole desktop in a window...

Anyone know whether there's any difference in potential vulnerability
between these two ways of running XP apps?

Yes and no. None of the current known vulnerabilities exist by simply
allowing a XP machine on the internal LAN. If it never tries to reach
out to the net[1], then most of the likely avenues for compromise will
be blocked. So a fully patched XP SP3 VM, on which you never run an
email client, or browser, have no web style plugins for any of the usual
infection vectors etc should be pretty secure just running a single
application for which you have no modern equal. Its a more doubtful risk
if you want to run old software that accesses the web.

So in summary, at this stage, it mostly comes down to what applications
you need to run.

[1] Note that XP is quite 'net happy and will go hunting for stuff on
the net without much provocation


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

Paul wrote:
Roger Mills wrote:
A lot has been written about the end of security updates for Windows
XP, and the possible (or likely, depending on who you ask) security
risks if you continue to use XP.

It is also claimed that if you run a Virtual XP system under W7, this
is vulnerable unless you prevent it connecting to the internet.

As many people will know, if you set up a virtual XP system and
install applications within it, those applications can subsequently be
run as "XP Mode Applications" within W7 rather than loading the entire
virtual machine.

Anyone know whether there's any difference in potential vulnerability
between these two ways of running XP apps?

WinXP Mode, is a virtual machine, using Terminal Services for display.
That allows a rootless window to be displayed, when an application
is run.

In all cases, this part is a constant. It always does this. It's
standard virtual machine technology. The WinXP OS is running,
the whole OS. Otherwise, if the OS wasn't running, it couldn't
offer "services" to the WinXP Mode program you're trying to run.

Windows 7 Pro (host)
|
Windows Virtual PC
|
WinXP Mode (guest OS, activated)

If you were to run it that way, as in that diagram, WinXP would display
in a rectangular window, and present a fully decorated desktop within
the rectangle.

If, on the other hand, the WinXP Mode opens a single application
in rootless mode, that uses Terminal Services. In this case,
no fully decorated desktop need appear. This is the innovation
that was brought to the table specifically for the Windows 7 introduction.

Windows 7 Pro (host) +------- rootless window
| |
Windows Virtual PC | (Terminal
| | Services)
WinXP Mode (guest OS, activated) ----+

So from a malware perspective, I don't see the exposure issues
changing at all, between the two diagrams. If you operated
a web browser inside WinXP, or if you downloaded applications (.exe)
straight into the WinXP Mode guest, then you'd be very exposed
(if no AV was running in there too).

You need an AV program for each.

Windows 7 Pro (host) ---- Run an AV program in here
|
Windows Virtual PC
|
WinXP Mode (guest OS, activated) --- Run an AV program in here

That would give some measure of protection.

My MacOSX Macintosh had a mode of operation like this, and
how that one worked, is the MacOS guest would start automatically,
if you double-clicked a MacOS program icon. And at some point,
if the guest OS was idle (no programs loaded), the virtual guest
machine could be shut down for you automatically. I don't know
any of the details of what triggers WinXP Mode VM OS to start
or to stop. Or whether the user controls that manually.
Windows Virtual PC should have controls available, to put
the VM to sleep, to just halt it (ACPI "power button" event),
and so on.

I can't run WinXP Mode here, because my laptop only has
Home Premium.

When I ran Windows 7 Pro in a VM, and attempted
to run WinXP Mode on top of that, that failed miserably. Too
many VMs apparently. My test setup looked like this :-)
For some kinds of more naive virtual machine technologies,
you can build big stacks like this.

WinXP SP3 (host)
|
VPC2007
|
Windows 7 Pro (guest)
|
Windows Virtual PC
|
WinXP Mode (guest of a guest)

Not really a surprise that it failed, but I had to give
it a try anyway.

Paul

Now, I should have thought of trying that a couple of years ago when I
was into virtual machines.
And, in case you think I'm kidding, I'm not. It's the sort of pushing
things to the limit that used to drive me.

Ed

On Sun, 20 Apr 2014 20:53:28 +0100, Ed Cryer
wrote:

Paul wrote:
Roger Mills wrote:
[Virtual machine stacking]
For some kinds of more naive virtual machine technologies,
you can build big stacks like this.

WinXP SP3 (host)
|
VPC2007
|
Windows 7 Pro (guest)
|
Windows Virtual PC
|
WinXP Mode (guest of a guest)

Not really a surprise that it failed, but I had to give
it a try anyway.

Paul

Now, I should have thought of trying that a couple of years ago when I
was into virtual machines.
And, in case you think I'm kidding, I'm not. It's the sort of pushing
things to the limit that used to drive me.

Ed

This was considered/done way back when Virtual Machine meant IBM VM/CMS;
running separate 370 VMs
(fu set to afu,awg)


--
It's a money /life balance.

Stanley Daniel de Liver wrote:
On Sun, 20 Apr 2014 20:53:28 +0100, Ed Cryer
wrote:

Paul wrote:
Roger Mills wrote:
[Virtual machine stacking]
For some kinds of more naive virtual machine technologies,
you can build big stacks like this.

WinXP SP3 (host)
|
VPC2007
|
Windows 7 Pro (guest)
|
Windows Virtual PC
|
WinXP Mode (guest of a guest)

Not really a surprise that it failed, but I had to give
it a try anyway.

Paul

Now, I should have thought of trying that a couple of years ago when I
was into virtual machines.
And, in case you think I'm kidding, I'm not. It's the sort of pushing
things to the limit that used to drive me.

Ed

This was considered/done way back when Virtual Machine meant IBM VM/CMS;
running separate 370 VMs
(fu set to afu,awg)



ICL had their VME.
But the question here is of a VM being run inside a VM.

Ed

Roger Mills wrote:

A lot has been written about the end of security updates for Windows XP,
and the possible (or likely, depending on who you ask) security risks if
you continue to use XP.

It is also claimed that if you run a Virtual XP system under W7, this is
vulnerable unless you prevent it connecting to the internet.

It may be, but if you have a VM framework you should be able to have some
image file that represents the whole XP machine and its necessary disk(s),
and you should be able to recreate that instance of XP running in a virtual
machine from that image repeatedly. So if something destroys a running
virtual XP you should be able to go back to a prior version and run it
again, and again...

--
Jeremy C B Nicoll - my opinions are my own.

Email sent to my from-address will be deleted. Instead, please reply
to replacing "aaa" by "284".

On 20/04/2014 20:53, Ed Cryer wrote:

Now, I should have thought of trying that a couple of years ago when I
was into virtual machines.
And, in case you think I'm kidding, I'm not. It's the sort of pushing
things to the limit that used to drive me.

I seem to recall trying something similar some 25+ years ago... for our
uni final project we developed a software processor emulator targeted on
a Prime mini computer, which let you run 6502 machine code on it (and
included an machine language monitor to give it a usable interface plus
a small set of emulated system calls for IO etc). ISTR it achieved a
performance of a reasonable fraction of that of the common home micros
of the day when running on the mini.

I recompiled it in Turbo Pascal 3 so that it could run under DOS.
Shortly after I got my first Amiga and then a package called Transformer
which was a software emulator of a PC-XT on the miggy. So tried a stack
of 7MHz 68K based machine emulating a 8088 based PC, in turn running the
6502 emulator. It worked quite nicely, but had an effective clock speed
that was probably in the 100s to low 1000s of Hz rather than MHz!


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On Sun, 20 Apr 2014 16:19:51 +0100, Roger Mills
wrote:

Anyone know whether there's any difference in potential vulnerability
between these two ways of running XP apps?


Ruminations....

We used to have "programs" to make our computers do desirable things.
Those who wrote them were called "programmers."

Now we only seem to have "apps" (applications). What are those who
write these called? Applicators? Applicians? Do colleges teach
applicating?

-dan z-



--
Protect your civil rights!
Let the politicians know how you feel.
Join or donate to the NRA today!
http://membership.nrahq.org/default....ignid=XR014887

Gun control is like trying to reduce drunk driving by making it tougher for sober people to own cars.

On 20/04/2014 16:39, Brian Gaff wrote:
I am of the opinion, and this is purely my view, that xp and other flavours
of windows are no more or less vulnerable given some sensible precautions.
IE do not do daft things. The XP updates thus far must have closed almost
all the holes in the time they have been running. If holes exist in third
party software, they probably also exist in the same software run on other
flavours of Windows too.
it has long been obvious that a lot of the security issues are courtesy of
third party apps and drivers etc, so I treat everything as suspect and after
I have run anything that has done something strange I throw all the
diagnostic and anti malware stuff at it I can find just to be sure as I
can.
Brian


I agree.
Don't surf the net in XP mode, especially not with Internet Explorer.
Don't run stuff you just downloaded from the net in XP mode.
Don't read PDF files from the net in Adobe reader in XP mode.
And hey presto you're pretty damn safe.

--

Brian Gregory (in the UK).
To email me please remove all the letter vee from my email address.

On 21/04/14 12:06, slate_leeper wrote:
On Sun, 20 Apr 2014 16:19:51 +0100, Roger Mills
wrote:

Anyone know whether there's any difference in potential vulnerability
between these two ways of running XP apps?


Ruminations....

We used to have "programs" to make our computers do desirable things.
Those who wrote them were called "programmers."

Now we only seem to have "apps" (applications). What are those who
write these called? Applicators? Applicians? Do colleges teach
applicating?

Incubating. Incubators.

Apps are things of business, they may hire developers but ye need the
rest of the shebang; roles like marketing and R&D. And someone at the
top to publicly take all the credit (and money).

--
Adrian C

On 21/04/2014 10:57, Huge wrote:
On 2014-04-21, John Rumm wrote:
On 20/04/2014 20:53, Ed Cryer wrote:

Now, I should have thought of trying that a couple of years ago when I
was into virtual machines.
And, in case you think I'm kidding, I'm not. It's the sort of pushing
things to the limit that used to drive me.

I seem to recall trying something similar some 25+ years ago... for our
uni final project we developed a software processor emulator targeted on
a Prime mini computer, which let you run 6502 machine code on it (and
included an machine language monitor to give it a usable interface plus
a small set of emulated system calls for IO etc). ISTR it achieved a
performance of a reasonable fraction of that of the common home micros
of the day when running on the mini.

I recompiled it in Turbo Pascal 3 so that it could run under DOS.
Shortly after I got my first Amiga and then a package called Transformer
which was a software emulator of a PC-XT on the miggy. So tried a stack
of 7MHz 68K based machine emulating a 8088 based PC, in turn running the
6502 emulator. It worked quite nicely, but had an effective clock speed
that was probably in the 100s to low 1000s of Hz rather than MHz!

Blimey, reminds me of a colleague who wrote a LISP interpreter in MUMPS. That
ran a tad slowly, too.

I might try rebuilding it under Lazerus and seeing how it runs on a
modern 64 bit platform... I expect it will now be orders of magnitude
faster than the real processor ;-)


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

Roger Mills presented the following explanation :
A lot has been written about the end of security updates for Windows XP, and
the possible (or likely, depending on who you ask) security risks if you
continue to use XP.

It is also claimed that if you run a Virtual XP system under W7, this is
vulnerable unless you prevent it connecting to the internet.

No more or less than any other XP system

As many people will know, if you set up a virtual XP system and install
applications within it, those applications can subsequently be run as "XP
Mode Applications" within W7 rather than loading the entire virtual machine.

You're still loading th entire virtual machine. "XP Mode Applications"
just refers to how one interacts (the applications appear as if they
are running on Windows 7 rather than using XP directly in a window and
running the apps within that XP window).

Anyone know whether there's any difference in potential vulnerability between
these two ways of running XP apps?

No difference other than you are less likely to do "dumb" things.
Using it in the XP mode fashion you will less likely use the XP browser
to surf the web thus eliminating that as an attack vector.