Microsoft tells some users no on Vista

The least-expensive versions of Vista actually would work in virtualization programs. But Microsoft wants to restrict it because of new security holes spawned by the technology, according to Scott Woodgate, a director in Microsoft's Vista team.

Lately Intel and rival chip-maker Advanced Micro Devices Inc. have built virtualization-friendly hooks directly into microprocessors. The goal was to make virtualization work better, but Woodgate argues that the move created a security flaw — essentially that malicious programs can run undetected alongside an operating system.

Indeed, last year a security analyst showed how AMD chips with virtualization support made computers vulnerable to such an attack. (That researcher, Joanna Rutkowska, said she presumed it would work on Intel-based systems as well, but she didn't have time to try).

AMD challenged the feasibility of such an attack and said virtualization did not decrease computer security. Intel concurred; spokesman Bill Calder called Rutkowska's claims "overstated."

But Microsoft took notice. Woodgate said Microsoft considered banning virtualizing Vista entirely, on all versions. But ultimately, he said, his team decided that the most technically savvy users, or people in companies with tech support, probably could handle Vista in virtualization programs, while home users should be steered away.

The prohibition applies not only to third-party virtualization products like Parallels, but also to Microsoft's own Virtual PC software, which is available as a free download. (It does not apply to Apple's Boot Camp product, which is not virtualization software.)

"We're balancing security and customer choice," Woodgate said.

However, there doesn't seem to be much evidence that technically savvy people wouldn't want the less expensive versions of Vista. Rudolph at Parallels said virtualization customers often just need the most basic version of Windows possible to let some favored application run.

Plus, even though Microsoft will let virtualization products run the higher-priced versions of Vista, some powerful features in those editions are also forbidden in virtualization. The license agreement prohibits virtualization programs from using Vista's BitLocker data-encryption service or from playing music, video or other content wrapped in Microsoft's copyright-protection technology. Microsoft says virtualization's security holes make those features dangerous as well.

Rudolph believes many users will be so confused that they avoid Vista altogether.

Of course, that's Microsoft's decision to make, and it seems logical if you buy the security argument.

MORE FROM SECURITY

Security Section Front

Internet activists push for greater democracy EU assembly adopts Internet, phone user rights 'Mr. Right' grifts widow's $50K in Web scam U.K. cops arrest people ‘just for the DNA’ Virus attacks ‘jail broken’ iPhones China attacks ‘biased’ U.S. cyber-spying report Chinese military Web site target of cyberattacks FBI: Hackers targeting law and PR firms House pushes ban on peer-to-peer software Facebook hit by ‘Control Your Info’ intruder Security Section Front   Add Security headlines to your news reader: