14 DAY TRIAL // Users of Windows Vista Business, Enterprise and Ultimate are faced with a new breed of malicious code. The emerging threats target operating systems that run virtualization technology. Microsoft has already taken some preemptive measures and has limited only through the Windows Vista EULA the use of virtualization technology together with the Home Basic and Home Premium editions of the operating system.
Security company Symantec considers that the increasing adoption of emulated hardware systems will generate new security risks, in a scenario where the host computer runs one or more distinct virtual guest computers enabling users to run multiple operating systems or different instances of a single operating system, on the same machine.
"Guest virtual machines may not run the same security software as the host. For instance, they may not include antivirus software, personal firewalls, or host-based intrusion prevention products. As a result of these omissions, the virtual machines may be more exposed to threats than if they were run on independent hardware. Furthermore, virtual machines will do little to protect the data on the host," Symantec revealed.
With Windows Vista using virtualization technology, Microsoft itself delivering Virtual PC 2007, free of charge, is susceptible to attacks from two directions. On one hand, there are the drivers associated with the actual hardware in virtualized machines. Such an exploit could potentially extend beyond the guest operating system into Windows Vista.
"The second type of threat that Symantec believes could emerge is related to the impact that software virtualized computers may have on random number generators that are used inside guest operating systems on virtual machines," Symantec added.
The Cupertino-based security company has already indicated issues with the GS and ASLR technologies included in Windows Vista. Symantec warned that randomization functions differently in a software-virtualized instance of the operating system impacting unique identifiers and encryption technology.