Microsoft and Sophos bicker over Windows 7 XP mode
Posted on 24 Aug 2009 at 08:54
Microsoft and security company Sophos have become embroiled in a slanging match over security in Windows 7's XP Mode.
The row broke out after Sophos's chief technology officer Richard Jacobs posted a blog highlighting the difficulties involved in managing the security for two operating systems. His central thrust was that the benefits of backward compatibility through XP Mode also exposed the user to unnecessary security threats.
"XP mode is an independent Windows instance, that shares the odd folder and device with the host Windows 7 installation. What it doesn't share is processes and memory," Jacobs wrote.
"So it doesn't share security settings, security software, patches etc. It does not inherit any security from the host. When you use XP mode, you need to patch the copy of XP as well as the host Windows 7. You need to manage settings separately, configure two personal firewalls and install and manage two copies of anti-malware software," he adds.
XP mode reminds us all that security will never be Microsoft's first priority
He followed this up by questioning Microsoft's stance on security: "XP mode reminds us all that security will never be Microsoft's first priority. It will do enough security to ensure that security concerns aren't a barrier to sales, but not so much that it gets in the way of 'progress'."
The comments drew a swift response from Roger Halbheer, Microsoft's chief security advisor for EMEA. In a blog stuffed with statistics, he argued that enticing the upgrade holdouts to switch from XP to Windows 7 was the big win of XP mode and would prove a bigger boon to the security conscious in the long run.
"Which risk is higher? Leaving our customers on an eight to ten-year-old operating system for another few years, or helping them to migrate to a modern one, accepting the drawback with XP Mode?" asks Halbheer on the blog.
This didn't buy any slack from Jacobs though, who took the response as a victory - arguing that Halbheer had missed his point: "The problem is not with the idea of XP Mode, but with the lack of management and the lack of clarity about the costs that users will incur," says Jacobs.
"The key concern is that every Windows 7 PC running XP mode incurs the overheads of securing two PCs. I don't know many IT departments that will be happy to double their workload and costs in the name of security. They're much more likely to stick with native XP and sacrifice any of the other benefits that Windows 7 might have delivered," he concludes.
Yes but...
Jacobs is right to highlight the cost of securing both the XP and Win7 portions. However, isn't this an argument against just about any virtualisation using 2 different OSs? You need to patch both host and virtualised OS. (Probably it's not double the cost because the virtualised one can be thrown away if infected).
So isn't it misleading to regard this as an issue with XP mode, as if it were only XP mode that suffers the issue?
By AdrianB on 24 Aug 2009 
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
Printed from www.pcpro.co.uk


