14 DAY TRIAL // Security is the main reason for the end user licensing agreement limitations introduced by Microsoft for Windows Vista and emulating technology. The Redmond Company considers virtualization a new technology, and not mature from a security perspective, and therefore unfit for broad consumer adoption.
"One area that is clear is that our security and data protection features can potentially be subverted by a malicious virtualization layer. We're working with the hardware and software industry to improve the security of virtualization technologies and we will evolve our licensing policies as virtualization becomes more widely used on client systems," explained Mike Neil the head of the server and desktop development teams, plans and strategy for Microsoft's virtualization software.
The risks associated with Windows Vista and emulating technology reflect the fact that threat landscape has geared to low-level, operating system code. The fact of the matter is that Windows Vista has proved vulnerable to virtual machine based rootkits. "This new type of malware installs a virtual-machine monitor underneath an existing operating system and hoists the original operating system into a virtual machine. Virtual-machine based rootkits are hard to detect and remove because their state cannot be accessed by software running in the target system. Further, VMBRs support general-purpose malicious services by allowing such services to run in a separate operating system that is protected from the target system," reads a fragment of a joint study of Microsoft Research and the University of Michigan.
In 2006, Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, managed to inject arbitrary code into the 64-bit Windows Vista Beta 2 kernel. Rutkowska's attack uses AMD's SVM/Pacifica virtualization technology in order to compromise the operating system, and is independent of any implementation or security bugs. Users that will currently integrate Windows Vista Business, Enterprise and Ultimate with virtualization technologies are susceptible to variations of this attack.